You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
318 lines
11 KiB
318 lines
11 KiB
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
|
From: Peter Jones <pjones@redhat.com> |
|
Date: Tue, 22 Mar 2022 10:56:21 -0400 |
|
Subject: [PATCH] nx: add memory attribute get/set API |
|
|
|
For NX, we need to set the page access permission attributes for write |
|
and execute permissions. |
|
|
|
This patch adds two new primitives, grub_set_mem_attrs() and |
|
grub_clear_mem_attrs(), and associated constant definitions, to be used |
|
for that purpose. |
|
|
|
For most platforms, it adds a dummy implementation that returns |
|
GRUB_ERR_NONE. On EFI platforms, it adds a common helper function, |
|
grub_efi_status_to_err(), which translates EFI error codes to grub error |
|
codes, adds headers for the EFI Memory Attribute Protocol (still pending |
|
standardization), and an implementation of the grub nx primitives using |
|
it. |
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com> |
|
[rharwood: add pjones's none/nyi fixup] |
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com> |
|
(cherry picked from commit 35de78a8d32b9fad5291ec96fd3cbb9cf2f4a80b) |
|
--- |
|
grub-core/kern/efi/efi.c | 36 +++++++++++++ |
|
grub-core/kern/efi/mm.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++ |
|
include/grub/efi/api.h | 25 +++++++++ |
|
include/grub/efi/efi.h | 2 + |
|
include/grub/mm.h | 32 ++++++++++++ |
|
5 files changed, 226 insertions(+) |
|
|
|
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c |
|
index 7fcca69c17..4ac2b2754e 100644 |
|
--- a/grub-core/kern/efi/efi.c |
|
+++ b/grub-core/kern/efi/efi.c |
|
@@ -1096,3 +1096,39 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, |
|
|
|
return 0; |
|
} |
|
+ |
|
+grub_err_t |
|
+grub_efi_status_to_err (grub_efi_status_t status) |
|
+{ |
|
+ grub_err_t err; |
|
+ switch (status) |
|
+ { |
|
+ case GRUB_EFI_SUCCESS: |
|
+ err = GRUB_ERR_NONE; |
|
+ break; |
|
+ case GRUB_EFI_INVALID_PARAMETER: |
|
+ default: |
|
+ err = GRUB_ERR_BAD_ARGUMENT; |
|
+ break; |
|
+ case GRUB_EFI_OUT_OF_RESOURCES: |
|
+ err = GRUB_ERR_OUT_OF_MEMORY; |
|
+ break; |
|
+ case GRUB_EFI_DEVICE_ERROR: |
|
+ err = GRUB_ERR_IO; |
|
+ break; |
|
+ case GRUB_EFI_WRITE_PROTECTED: |
|
+ err = GRUB_ERR_WRITE_ERROR; |
|
+ break; |
|
+ case GRUB_EFI_SECURITY_VIOLATION: |
|
+ err = GRUB_ERR_ACCESS_DENIED; |
|
+ break; |
|
+ case GRUB_EFI_NOT_FOUND: |
|
+ err = GRUB_ERR_FILE_NOT_FOUND; |
|
+ break; |
|
+ case GRUB_EFI_ABORTED: |
|
+ err = GRUB_ERR_WAIT; |
|
+ break; |
|
+ } |
|
+ |
|
+ return err; |
|
+} |
|
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c |
|
index e84961d078..2c33758ed7 100644 |
|
--- a/grub-core/kern/efi/mm.c |
|
+++ b/grub-core/kern/efi/mm.c |
|
@@ -738,3 +738,134 @@ grub_efi_get_ram_base(grub_addr_t *base_addr) |
|
return GRUB_ERR_NONE; |
|
} |
|
#endif |
|
+ |
|
+static inline grub_uint64_t |
|
+grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs) |
|
+{ |
|
+ grub_uint64_t ret = GRUB_EFI_MEMORY_RP | |
|
+ GRUB_EFI_MEMORY_RO | |
|
+ GRUB_EFI_MEMORY_XP; |
|
+ |
|
+ if (attrs & GRUB_MEM_ATTR_R) |
|
+ ret &= ~GRUB_EFI_MEMORY_RP; |
|
+ |
|
+ if (attrs & GRUB_MEM_ATTR_W) |
|
+ ret &= ~GRUB_EFI_MEMORY_RO; |
|
+ |
|
+ if (attrs & GRUB_MEM_ATTR_X) |
|
+ ret &= ~GRUB_EFI_MEMORY_XP; |
|
+ |
|
+ return ret; |
|
+} |
|
+ |
|
+static inline grub_uint64_t |
|
+uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs) |
|
+{ |
|
+ grub_uint64_t ret = GRUB_MEM_ATTR_R | |
|
+ GRUB_MEM_ATTR_W | |
|
+ GRUB_MEM_ATTR_X; |
|
+ |
|
+ if (attrs & GRUB_EFI_MEMORY_RP) |
|
+ ret &= ~GRUB_MEM_ATTR_R; |
|
+ |
|
+ if (attrs & GRUB_EFI_MEMORY_RO) |
|
+ ret &= ~GRUB_MEM_ATTR_W; |
|
+ |
|
+ if (attrs & GRUB_EFI_MEMORY_XP) |
|
+ ret &= ~GRUB_MEM_ATTR_X; |
|
+ |
|
+ return ret; |
|
+} |
|
+ |
|
+grub_err_t |
|
+grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs) |
|
+{ |
|
+ grub_efi_memory_attribute_protocol_t *proto; |
|
+ grub_efi_physical_address_t physaddr = addr; |
|
+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; |
|
+ grub_efi_status_t efi_status; |
|
+ |
|
+ proto = grub_efi_locate_protocol (&protocol_guid, 0); |
|
+ if (!proto) |
|
+ return GRUB_ERR_NOT_IMPLEMENTED_YET; |
|
+ |
|
+ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL) |
|
+ { |
|
+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" and attrs %p\n", |
|
+ __func__, physaddr, physaddr+size-1, attrs); |
|
+ return 0; |
|
+ } |
|
+ |
|
+ efi_status = efi_call_4(proto->get_memory_attributes, |
|
+ proto, physaddr, size, attrs); |
|
+ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs); |
|
+ |
|
+ return grub_efi_status_to_err (efi_status); |
|
+} |
|
+ |
|
+grub_err_t |
|
+grub_update_mem_attrs (grub_addr_t addr, grub_size_t size, |
|
+ grub_uint64_t set_attrs, grub_uint64_t clear_attrs) |
|
+{ |
|
+ grub_efi_memory_attribute_protocol_t *proto; |
|
+ grub_efi_physical_address_t physaddr = addr; |
|
+ grub_efi_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID; |
|
+ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS; |
|
+ grub_uint64_t before = 0, after = 0, uefi_set_attrs, uefi_clear_attrs; |
|
+ grub_err_t err; |
|
+ |
|
+ proto = grub_efi_locate_protocol (&protocol_guid, 0); |
|
+ if (!proto) |
|
+ return GRUB_ERR_NONE; |
|
+ |
|
+ err = grub_get_mem_attrs (addr, size, &before); |
|
+ if (err) |
|
+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", |
|
+ addr, size, &before, err); |
|
+ |
|
+ if (physaddr & 0xfff || size & 0xfff || size == 0) |
|
+ { |
|
+ grub_dprintf ("nx", "%s called on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" +%s%s%s -%s%s%s\n", |
|
+ __func__, physaddr, physaddr + size - 1, |
|
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", |
|
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", |
|
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", |
|
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", |
|
+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", |
|
+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : ""); |
|
+ return 0; |
|
+ } |
|
+ |
|
+ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs); |
|
+ grub_dprintf ("nx", "translating set_attrs from 0x%lx to 0x%lx\n", set_attrs, uefi_set_attrs); |
|
+ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs); |
|
+ grub_dprintf ("nx", "translating clear_attrs from 0x%lx to 0x%lx\n", clear_attrs, uefi_clear_attrs); |
|
+ if (uefi_set_attrs) |
|
+ efi_status = efi_call_4(proto->set_memory_attributes, |
|
+ proto, physaddr, size, uefi_set_attrs); |
|
+ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs) |
|
+ efi_status = efi_call_4(proto->clear_memory_attributes, |
|
+ proto, physaddr, size, uefi_clear_attrs); |
|
+ |
|
+ err = grub_get_mem_attrs (addr, size, &after); |
|
+ if (err) |
|
+ grub_dprintf ("nx", "grub_get_mem_attrs(0x%"PRIxGRUB_ADDR", %"PRIuGRUB_SIZE", %p) -> 0x%x\n", |
|
+ addr, size, &after, err); |
|
+ |
|
+ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR" before:%c%c%c after:%c%c%c\n", |
|
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "", |
|
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "", |
|
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "", |
|
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "", |
|
+ (clear_attrs & GRUB_MEM_ATTR_W) ? "w" : "", |
|
+ (clear_attrs & GRUB_MEM_ATTR_X) ? "x" : "", |
|
+ addr, addr + size - 1, |
|
+ (before & GRUB_MEM_ATTR_R) ? 'r' : '-', |
|
+ (before & GRUB_MEM_ATTR_W) ? 'w' : '-', |
|
+ (before & GRUB_MEM_ATTR_X) ? 'x' : '-', |
|
+ (after & GRUB_MEM_ATTR_R) ? 'r' : '-', |
|
+ (after & GRUB_MEM_ATTR_W) ? 'w' : '-', |
|
+ (after & GRUB_MEM_ATTR_X) ? 'x' : '-'); |
|
+ |
|
+ return grub_efi_status_to_err (efi_status); |
|
+} |
|
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h |
|
index f431f49973..464842ba37 100644 |
|
--- a/include/grub/efi/api.h |
|
+++ b/include/grub/efi/api.h |
|
@@ -363,6 +363,11 @@ |
|
{ 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ |
|
} |
|
|
|
+#define GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID \ |
|
+ { 0xf4560cf6, 0x40ec, 0x4b4a, \ |
|
+ { 0xa1, 0x92, 0xbf, 0x1d, 0x57, 0xd0, 0xb1, 0x89 } \ |
|
+ } |
|
+ |
|
struct grub_efi_sal_system_table |
|
{ |
|
grub_uint32_t signature; |
|
@@ -2102,6 +2107,26 @@ struct grub_efi_ip6_config_manual_address { |
|
}; |
|
typedef struct grub_efi_ip6_config_manual_address grub_efi_ip6_config_manual_address_t; |
|
|
|
+struct grub_efi_memory_attribute_protocol |
|
+{ |
|
+ grub_efi_status_t (*get_memory_attributes) ( |
|
+ struct grub_efi_memory_attribute_protocol *this, |
|
+ grub_efi_physical_address_t base_address, |
|
+ grub_efi_uint64_t length, |
|
+ grub_efi_uint64_t *attributes); |
|
+ grub_efi_status_t (*set_memory_attributes) ( |
|
+ struct grub_efi_memory_attribute_protocol *this, |
|
+ grub_efi_physical_address_t base_address, |
|
+ grub_efi_uint64_t length, |
|
+ grub_efi_uint64_t attributes); |
|
+ grub_efi_status_t (*clear_memory_attributes) ( |
|
+ struct grub_efi_memory_attribute_protocol *this, |
|
+ grub_efi_physical_address_t base_address, |
|
+ grub_efi_uint64_t length, |
|
+ grub_efi_uint64_t attributes); |
|
+}; |
|
+typedef struct grub_efi_memory_attribute_protocol grub_efi_memory_attribute_protocol_t; |
|
+ |
|
#if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ |
|
|| defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \ |
|
|| defined(__riscv) |
|
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h |
|
index ec52083c49..34825c4adc 100644 |
|
--- a/include/grub/efi/efi.h |
|
+++ b/include/grub/efi/efi.h |
|
@@ -164,4 +164,6 @@ struct grub_net_card; |
|
grub_efi_handle_t |
|
grub_efinet_get_device_handle (struct grub_net_card *card); |
|
|
|
+grub_err_t EXPORT_FUNC(grub_efi_status_to_err) (grub_efi_status_t status); |
|
+ |
|
#endif /* ! GRUB_EFI_EFI_HEADER */ |
|
diff --git a/include/grub/mm.h b/include/grub/mm.h |
|
index 9c38dd3ca5..d81623d226 100644 |
|
--- a/include/grub/mm.h |
|
+++ b/include/grub/mm.h |
|
@@ -22,6 +22,7 @@ |
|
|
|
#include <grub/types.h> |
|
#include <grub/symbol.h> |
|
+#include <grub/err.h> |
|
#include <config.h> |
|
|
|
#ifndef NULL |
|
@@ -38,6 +39,37 @@ void *EXPORT_FUNC(grub_realloc) (void *ptr, grub_size_t size); |
|
void *EXPORT_FUNC(grub_memalign) (grub_size_t align, grub_size_t size); |
|
#endif |
|
|
|
+#define GRUB_MEM_ATTR_R 0x0000000000000004LLU |
|
+#define GRUB_MEM_ATTR_W 0x0000000000000002LLU |
|
+#define GRUB_MEM_ATTR_X 0x0000000000000001LLU |
|
+ |
|
+#ifdef GRUB_MACHINE_EFI |
|
+grub_err_t EXPORT_FUNC(grub_get_mem_attrs) (grub_addr_t addr, |
|
+ grub_size_t size, |
|
+ grub_uint64_t *attrs); |
|
+grub_err_t EXPORT_FUNC(grub_update_mem_attrs) (grub_addr_t addr, |
|
+ grub_size_t size, |
|
+ grub_uint64_t set_attrs, |
|
+ grub_uint64_t clear_attrs); |
|
+#else /* !GRUB_MACHINE_EFI */ |
|
+static inline grub_err_t |
|
+grub_get_mem_attrs (grub_addr_t addr __attribute__((__unused__)), |
|
+ grub_size_t size __attribute__((__unused__)), |
|
+ grub_uint64_t *attrs __attribute__((__unused__))) |
|
+{ |
|
+ return GRUB_ERR_NONE; |
|
+} |
|
+ |
|
+static inline grub_err_t |
|
+grub_update_mem_attrs (grub_addr_t addr __attribute__((__unused__)), |
|
+ grub_size_t size __attribute__((__unused__)), |
|
+ grub_uint64_t set_attrs __attribute__((__unused__)), |
|
+ grub_uint64_t clear_attrs __attribute__((__unused__))) |
|
+{ |
|
+ return GRUB_ERR_NONE; |
|
+} |
|
+#endif /* GRUB_MACHINE_EFI */ |
|
+ |
|
void grub_mm_check_real (const char *file, int line); |
|
#define grub_mm_check() grub_mm_check_real (GRUB_FILE, __LINE__); |
|
|
|
|