From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 602DA803BF for ; Mon, 20 Mar 2017 04:16:57 -0700 (PDT) Received: by mail-vk0-x22c.google.com with SMTP id z204so11016971vkd.1 for ; Mon, 20 Mar 2017 04:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=X+lkuyyhSf8b+0UYKvuyFY/RhP+Kt+cXFhYqN018+tQ=; b=D0oaqYDa/tv8IPR5WhnIFbhE0aYBXt3nEhFh0926BuuWnjwFN/Mx1dWvu9hnxb8b7k 1b9bSjH2lyi4CdWHrkMntfV0FouQzHVlzUaCDFt9AE/rz+tt1jnoeRI/Ep6TMyABeqn0 RSN5nNcD4LCFfmoRx/T5ynpYifKD+znRFfLvj5cMXtUM9m06l0tJU8iPWRDjD/TYKatY dmr5sWCf8aKoExhSBSwydhJgE25+PQg+YBQQpNDIHqI/hAsG2ntknDIdQjeMuvt+lynB rH+naP8LbsKaxDIgC4QXNlDPSibfaXjN3mK7aeB7b+lR5RAp+QsAt/w9g/06hQcmGvh7 L1Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=X+lkuyyhSf8b+0UYKvuyFY/RhP+Kt+cXFhYqN018+tQ=; b=HdTQYs6gY5XzZMBNWamsRmyXAmbZTZPocdBP3y8r8wgjxgPRa0JhMHn5uWlLilpl1O GguF79X4CmgUGCY3RmIIeVAISZU3fgj+jODOKqZDCJu8TWEvlHP/okBiXVTaeTTDy6TW rluhj8metr/vX+AzGjy9RTWUzqZ+Mv3BawHQdh+lvUHanoO4YcPqQxpimTzC7JM/aGlW jyQ3aNsIq9QUWw13BuYn3v9rmtk8mWItnGaM75E6pYKkg9rAs6EpNkstvN0XhiELYUdH p/gwteqQoQRDqkd3vlgJUwPZpwvDrB8VEHwNS+mTxha8eNgWN/CsnzJ/jPVWaUcfKaOL JQqQ== X-Gm-Message-State: AFeK/H0SVH8sH30KTTT11BqYZuk7RoBLIN0L5czxNCYmVNP90MTovO63BSlLVcTtQ/+qYWd+HuWm7sBvIYqqeA== X-Received: by 10.31.82.135 with SMTP id g129mr12188395vkb.88.1490008616362; Mon, 20 Mar 2017 04:16:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.171.80 with HTTP; Mon, 20 Mar 2017 04:16:55 -0700 (PDT) In-Reply-To: References: From: Michael Zimmermann Date: Mon, 20 Mar 2017 12:16:55 +0100 Message-ID: To: Ard Biesheuvel Cc: edk2-devel-01 , Laszlo Ersek Subject: Re: SetMemorySpaceAttributes with EFI_MEMORY_XP X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2017 11:16:57 -0000 Content-Type: text/plain; charset=UTF-8 Ard, why is SetMSetMemorySpaceAttributes being called in first place? (ignoring the recent NX patch) Looking at the initial GCD, it looks like unused memory usually doesn't have any attributes set anyway. Thanks Michael On Mon, Mar 20, 2017 at 12:04 PM, Ard Biesheuvel wrote: > On 20 March 2017 at 10:32, Michael Zimmermann wrote: >> Hi, >> >> I didn't test ArmVirtQemuKernel but I'm trying to use some of the code >> for another platform. >> So does this call ever succeed with PcdDxeNxMemoryProtectionPolicy >> being enabled? >> https://github.com/tianocore/edk2/blob/76874be3d411bf8daac051718e20932e0bf97d70/ArmVirtPkg/HighMemDxe/HighMemDxe.c#L95 >> Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize, Attributes); >> >> Neither the memory that was added by this Dxe nor the one added >> automatically by GCD has the EFI_MEMORY_XP capability which causes >> SetMemorySpaceAttributes to return EFI_UNSUPPORTED. >> > > That is a very good point. I have been caught by this more than once > already (and I did test this, but not as thoroughly as I should have, > apparently) > > This is caused by the unfortunate situation in EDK2 that GCD > permission attributes are ambiguous: it does not distinguish between > 'the memory controller allows this range to be configured as > non-executable' and 'the nature of the contents of this memory region > allows it to be mapped without executable attributes', and therefore, > RO/XP are never used in the GCD memory space map. > > The solution is to use the CPU_ARCH_PROTOCOL interface explicitly to > set the XP attribute on the memory itself (but not on the descriptors > in the GCD or UEFI memory maps). I will spin a patch to fix this. > > Thanks, > Ard.