summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
e9429e7)
Using DxeServices::SetMemorySpaceAttributes to set cacheability
attributes has the side effect of stripping permission attributes,
given that those are bits in the same bitfield, and so setting the
Attributes argument to EFI_MEMORY_WB implies not setting EFI_MEMORY_XP
or EFI_MEMORY_RO attributes.
In fact, the situation is even worse, given that the descriptor returned
by DxeServices::GetMemorySpaceDescriptor does not reflect the permission
attributes that may have been set by the preceding call to
DxeServices::AddMemorySpace if PcdDxeNxMemoryProtectionPolicy has been
configured to map EfiConventionalMemory with non-executable permissions.
Note that this applies equally to the non-executable stack and to PE/COFF
sections that may have been mapped with R-X or RW- permissions. This is
due to the ambiguity in the meaning of the EFI_MEMORY_RO/EFI_MEMORY_XP
attributes when used in the GCD memory map, i.e., between signifying
that an underlying RAM region has the controls to be configured as
read-only or non-executable, and signifying that the contents of a
certain UEFI memory region allow them to be mapped with certain
restricted permissions.
So let's check the policy in PcdDxeNxMemoryProtectionPolicy directly,
and set the EFI_MEMORY_XP attribute if appropriate for
EfiConventionalMemory regions.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
UINTN AddressCells, SizeCells;\r
UINT64 CurBase;\r
UINT64 CurSize;\r
UINTN AddressCells, SizeCells;\r
UINT64 CurBase;\r
UINT64 CurSize;\r
\r
Status = gBS->LocateProtocol (&gFdtClientProtocolGuid, NULL,\r
(VOID **)&FdtClient);\r
\r
Status = gBS->LocateProtocol (&gFdtClientProtocolGuid, NULL,\r
(VOID **)&FdtClient);\r
- Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize,\r
- EFI_MEMORY_WB);\r
+ //\r
+ // Take care not to strip any permission attributes that will have been\r
+ // set by DxeCore on the region we just added if a strict permission\r
+ // policy is in effect for EfiConventionalMemory regions.\r
+ // Unfortunately, we cannot interrogate the GCD memory space map for\r
+ // those permissions, since they are not recorded there (for historical\r
+ // reasons), so check the policy directly.\r
+ //\r
+ Attributes = EFI_MEMORY_WB;\r
+ if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) &\r
+ (1U << (UINT32)EfiConventionalMemory)) != 0) {\r
+ Attributes |= EFI_MEMORY_XP;\r
+ }\r
+\r
+ Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize, Attributes);\r
\r
if (EFI_ERROR (Status)) {\r
DEBUG ((EFI_D_ERROR,\r
\r
if (EFI_ERROR (Status)) {\r
DEBUG ((EFI_D_ERROR,\r
\r
[Pcd]\r
gArmTokenSpaceGuid.PcdSystemMemoryBase\r
\r
[Pcd]\r
gArmTokenSpaceGuid.PcdSystemMemoryBase\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy\r
\r
[Depex]\r
gEfiCpuArchProtocolGuid AND gFdtClientProtocolGuid\r
\r
[Depex]\r
gEfiCpuArchProtocolGuid AND gFdtClientProtocolGuid\r