All of lore.kernel.org
 help / color / mirror / Atom feed
* Still required that EFI_MEMORY_XP and EFI_MEMORY_RO must not both be cleared?
@ 2021-04-30  8:05 Heiner Kallweit
  2021-04-30  9:40 ` Ard Biesheuvel
  0 siblings, 1 reply; 3+ messages in thread
From: Heiner Kallweit @ 2021-04-30  8:05 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: linux-efi

I'm one of the people seeing the following warning:

efi: memattr: Entry attributes invalid: RO and XP bits both cleared
efi: memattr: ! 0x000000090000-0x000000090fff [Runtime Code|RUN|  |  |  |  |  |  |  |  |   |  |  |  |  ]

Out of curiosity I checked UEFI spec 2.9. On p.108 there's table 4.1:

                                                   EFI_MEMORY_RO EFI_MEMORY_XP EFI_MEMORY_RUNTIME
No memory access protection is possible for Entry  0             0             1
Write-protected Code                               1             0             1
Read/Write Data                                    0             1             1
Read-only Data                                     1             1             1

So it seems to be valid that both attributes are cleared.
Also in the surrounding text I didn't find a hint mandating
that at least one the attributes has to be set.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Still required that EFI_MEMORY_XP and EFI_MEMORY_RO must not both be cleared?
  2021-04-30  8:05 Still required that EFI_MEMORY_XP and EFI_MEMORY_RO must not both be cleared? Heiner Kallweit
@ 2021-04-30  9:40 ` Ard Biesheuvel
  2021-04-30 10:38   ` Heiner Kallweit
  0 siblings, 1 reply; 3+ messages in thread
From: Ard Biesheuvel @ 2021-04-30  9:40 UTC (permalink / raw)
  To: Heiner Kallweit; +Cc: linux-efi

On Fri, 30 Apr 2021 at 10:06, Heiner Kallweit <hkallweit1@gmail.com> wrote:
>
> I'm one of the people seeing the following warning:
>
> efi: memattr: Entry attributes invalid: RO and XP bits both cleared
> efi: memattr: ! 0x000000090000-0x000000090fff [Runtime Code|RUN|  |  |  |  |  |  |  |  |   |  |  |  |  ]
>
> Out of curiosity I checked UEFI spec 2.9. On p.108 there's table 4.1:
>
>                                                    EFI_MEMORY_RO EFI_MEMORY_XP EFI_MEMORY_RUNTIME
> No memory access protection is possible for Entry  0             0             1
> Write-protected Code                               1             0             1
> Read/Write Data                                    0             1             1
> Read-only Data                                     1             1             1
>
> So it seems to be valid that both attributes are cleared.
> Also in the surrounding text I didn't find a hint mandating
> that at least one the attributes has to be set.

You are right. My assumption at the time was that not having either of
RO or XP in the memory attributes table makes little sense, as it
describes the default case. However, this interpretation may conflict
with the requirement that entries in the memory attributes table cover
an entry in the EFI memory map entirely, or not at all. IOW, if a
memory map entry consists of a code region, a data region and a region
that requires both execute and write permissions, there would be no
way to describe it unless we permit entries that have RO and XP both
cleared.

Patches welcome!

-- 
Ard.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Still required that EFI_MEMORY_XP and EFI_MEMORY_RO must not both be cleared?
  2021-04-30  9:40 ` Ard Biesheuvel
@ 2021-04-30 10:38   ` Heiner Kallweit
  0 siblings, 0 replies; 3+ messages in thread
From: Heiner Kallweit @ 2021-04-30 10:38 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: linux-efi

On 30.04.2021 11:40, Ard Biesheuvel wrote:
> On Fri, 30 Apr 2021 at 10:06, Heiner Kallweit <hkallweit1@gmail.com> wrote:
>>
>> I'm one of the people seeing the following warning:
>>
>> efi: memattr: Entry attributes invalid: RO and XP bits both cleared
>> efi: memattr: ! 0x000000090000-0x000000090fff [Runtime Code|RUN|  |  |  |  |  |  |  |  |   |  |  |  |  ]
>>
>> Out of curiosity I checked UEFI spec 2.9. On p.108 there's table 4.1:
>>
>>                                                    EFI_MEMORY_RO EFI_MEMORY_XP EFI_MEMORY_RUNTIME
>> No memory access protection is possible for Entry  0             0             1
>> Write-protected Code                               1             0             1
>> Read/Write Data                                    0             1             1
>> Read-only Data                                     1             1             1
>>
>> So it seems to be valid that both attributes are cleared.
>> Also in the surrounding text I didn't find a hint mandating
>> that at least one the attributes has to be set.
> 
> You are right. My assumption at the time was that not having either of
> RO or XP in the memory attributes table makes little sense, as it
> describes the default case. However, this interpretation may conflict
> with the requirement that entries in the memory attributes table cover
> an entry in the EFI memory map entirely, or not at all. IOW, if a
> memory map entry consists of a code region, a data region and a region
> that requires both execute and write permissions, there would be no
> way to describe it unless we permit entries that have RO and XP both
> cleared.
> 
> Patches welcome!
> 
Thanks for the comprehensive explanation. Then I'll submit a patch
for removing this check.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-04-30 10:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-30  8:05 Still required that EFI_MEMORY_XP and EFI_MEMORY_RO must not both be cleared? Heiner Kallweit
2021-04-30  9:40 ` Ard Biesheuvel
2021-04-30 10:38   ` Heiner Kallweit

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.