public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Michael Zimmermann <sigmaepsilon92@gmail.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	 "Tian, Feng" <feng.tian@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@ml01.01.org>,
	 "afish@apple.com" <afish@apple.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	 "Yao, Jiewen" <jiewen.yao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	 "Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection
Date: Mon, 13 Mar 2017 09:43:10 +0100	[thread overview]
Message-ID: <CAN9vWDJqb75ErUNirHK8th--9RjxGZU+ydmtJo_RtzuoRrmQCQ@mail.gmail.com> (raw)
In-Reply-To: <9677ecfd-ab2a-71ea-54e8-b30e6510b202@redhat.com>

I fail to get this working on my target. I've enabled the following
Pcd's like in ArmVirt:
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE

but apparently, DxeCore removes the executable permission from it's own code.
after the BL instruction of the call to gCpu->SetMemoryAttributes I
get an instruction permission fault:

InitializeDxeNxMemoryProtectionPolicy: applying strict permissions to
active memory regions
SetUefiImageMemoryAttributes - 0x0000000080200000 - 0x0000000008C00000
(0x0000000000004000)
SetUefiImageMemoryAttributes - 0x0000000089000000 - 0x0000000004A00000
(0x0000000000004000)
SetUefiImageMemoryAttributes - 0x000000008EC00000 - 0x0000000000400000
(0x0000000000004000)
SetUefiImageMemoryAttributes - 0x000000008F700000 - 0x0000000000700000
(0x0000000000004000)
SetUefiImageMemoryAttributes - 0x000000008FF00000 - 0x000000006E095000
(0x0000000000004000)
SetUefiImageMemoryAttributes - 0x00000000FDFB9000 - 0x0000000000047000
(0x0000000000004000)
SetUefiImageMemoryAttributes - 0x00000000FE400000 - 0x0000000001C00000
(0x0000000000004000)

Prefetch Abort Exception PC at 0xFEEA630E  CPSR 0x20000033 nzCveaifT_svc
Build/LittleKernelPkg/DEBUG_GCC5/ARM/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
loaded at 0xFEEA4000 (PE/COFF offset) 0x230E (ELF or Mach-O offset) 0x130E
0xBF00       IT     EQ
  R0 0x00000000   R1 0x01C00000   R2 0x00000000   R3 0x00000000
  R4 0x00000000   R5 0x00026000   R6 0x00000000   R7 0xFE000214
  R8 0x80000000   R9 0xFE400000  R10 0xFFFEF000  R11 0x00000004
 R12 0x00000002   SP 0xFFFFEBA0   LR 0xFDF98B4D   PC 0xFEEA630E
DFSR 0x00000000 DFAR 0x00000000 IFSR 0x0000000D IFAR 0xFEEA630E
 Instruction Permission fault on Section at 0xFEEA630E

ASSERT [ArmCpuDxe]
ArmPkg/Library/DefaultExceptionHandlerLib/Arm/DefaultExceptionHandler.c(268):
((BOOLEAN)(0==1))

----

so did I miss anything?

Thanks
Michael

On Wed, Mar 1, 2017 at 12:46 AM, Laszlo Ersek <lersek@redhat.com> wrote:
> On 02/28/17 11:59, Ard Biesheuvel wrote:
>> On 28 February 2017 at 10:52, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>>> On 28 February 2017 at 10:46, Laszlo Ersek <lersek@redhat.com> wrote:
>
>>>> I regression-tested this series for x86 / OVMF as under v3, with the zero PCD default, and experienced no issues.
>>>>
>>>> However, v4 breaks booting Fedora 24 on my Mustang (aarch64/KVM):
>
>>> Hmm, that is disappointing. This is probably due to GRUB's modular
>>> nature, which means it allocates memory and loads executable code into
>>> it, under the assumption that memory is always executable in UEFI.
>>>
>>> The short term fix is to remove the NX bit from LoaderData regions,
>>> but in the mean time, I will work with Leif to get this fixed properly
>>> (assuming there is a proper way to fix this)
>>>
>>
>> Care to have a quick go at using 0xC000000000007FD1 instead? (if you
>> are not already doing so)
>
>
> With the following patch on top:
>
>> commit ef6be33275e45045a15201a15a2be26e6fbabcaa
>> Author: Laszlo Ersek <lersek@redhat.com>
>> Date:   Wed Mar 1 00:06:37 2017 +0100
>>
>>     ArmVirtPkg: remove the NX bit from LoaderData regions
>>
>>     msgid <CAKv+Gu8V4o0-s9jhQSM5hFaaC6yppdC001MiuBX830WrXi_VKQ@mail.gmail.com>
>>
>>     Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>     Contributed-under: TianoCore Contribution Agreement 1.0
>>     Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>>
>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>> index 23b601a199ed..4d3ae5d0bc80 100644
>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -386,7 +386,7 @@ [PcdsFixedAtBuild.AARCH64]
>>    # Enable NX memory protection for all non-code regions, including OEM and OS
>>    # reserved ones.
>>    #
>> -  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
>>
>>  [Components.common]
>>    #
>
> all three guests mentioned previously boot okay.
>
> (I also made sure that the "applying strict permissions..." messages showed up in the firmware log for each.)
>
> Thanks
> Laszlo
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


  reply	other threads:[~2017-03-13  8:43 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-27 14:38 [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection Ard Biesheuvel
2017-02-27 14:38 ` [PATCH v4 1/7] ArmPkg/CpuDxe: ignore attribute changes during SyncCacheConfig() Ard Biesheuvel
2017-02-27 15:32   ` Leif Lindholm
2017-02-27 15:33     ` Ard Biesheuvel
2017-02-27 15:38       ` Leif Lindholm
2017-02-27 15:39         ` Ard Biesheuvel
2017-02-27 15:41           ` Leif Lindholm
2017-02-27 14:38 ` [PATCH v4 2/7] MdeModulePkg/PeiCore: allocate BootServicesCode memory for PE/COFF images Ard Biesheuvel
2017-02-28  5:42   ` Gao, Liming
2017-02-27 14:38 ` [PATCH v4 3/7] MdeModulePkg/EbcDxe: use EfiBootServicesCode memory for thunks Ard Biesheuvel
2017-02-27 14:38 ` [PATCH v4 4/7] MdeModulePkg/DxeCore: use separate lock for pool allocations Ard Biesheuvel
2017-02-28  9:32   ` Gao, Liming
2017-02-27 14:38 ` [PATCH v4 5/7] MdeModulePkg: define PCD for DXE memory protection policy Ard Biesheuvel
2017-02-27 14:38 ` [PATCH v4 6/7] MdeModulePkg/DxeCore: implement " Ard Biesheuvel
2017-02-28  9:33   ` Gao, Liming
2017-02-27 14:38 ` [PATCH v4 7/7] ArmVirtPkg/ArmVirt.dsc.inc: enable NX memory protection for all platforms Ard Biesheuvel
2017-02-28  5:48 ` [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection Yao, Jiewen
2017-02-28 14:59   ` Ard Biesheuvel
2017-02-28 10:46 ` Laszlo Ersek
2017-02-28 10:52   ` Ard Biesheuvel
2017-02-28 10:59     ` Ard Biesheuvel
2017-02-28 11:47       ` Ard Biesheuvel
2017-02-28 23:46       ` Laszlo Ersek
2017-03-13  8:43         ` Michael Zimmermann [this message]
2017-03-13  8:50           ` Ard Biesheuvel
2017-03-13  8:53             ` Michael Zimmermann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAN9vWDJqb75ErUNirHK8th--9RjxGZU+ydmtJo_RtzuoRrmQCQ@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox