This fixes an issue reported by Marvin, where NX memory protections are applied in a rather unreliable manner, resulting in the possibility that memory mappings may exist that are using different attributes than intended.
The reason for this approach was that applying memory protections eagerly (i.e., after every alloc/free even if the memory attributes are not expected to change as a result) may result in unbounded recursion in the page table code, due to the fact that the page tables it allocates need to be remapped with the correct attributes as well. This has not been reported as being an issue on x86, but on ARM, this needs a couple of fixes so that converting between EfiConventionalMemory and EfiBootServicesData will never trigger a block entry split. With that fixed, we can just remove the shortcut from DXE core and always call SetMemoryAttributes. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3316 Cc: Michael Kinney <[email protected]> Cc: Liming Gao <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Michael Kubacki <[email protected]> Cc: Sean Brogan <[email protected]> Cc: Rebecca Cran <[email protected]> Cc: Leif Lindholm <[email protected]> Cc: Sami Mujawar <[email protected]> Cc: Taylor Beebe <[email protected]> Cc: Marvin Häuser <[email protected]> Ard Biesheuvel (3): ArmPkg/ArmMmuLib: Avoid splitting block entries if possible ArmPkg/CpuDxe: Perform preliminary NX remap of free memory MdeModulePkg/DxeCore: Unconditionally set memory protections ArmPkg/Drivers/CpuDxe/CpuDxe.c | 77 ++++++++++++++++++++ ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 + ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 9 +++ MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29 -------- 4 files changed, 88 insertions(+), 29 deletions(-) -- 2.39.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99801): https://edk2.groups.io/g/devel/message/99801 Mute This Topic: https://groups.io/mt/96835912/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
