PrmPkg: Don't Set Access Attributes of Runtime MMIO Ranges (#51)

Passing in access attributes to SetMemorySpaceAttributes() will cause the existing attributes to be overwritten. The MMIO region should have the appropriate attributes applied during memory protection initialization and the attributes of the memory space descriptor are inaccurate. Don't pass in any CPU arch attributes so SetMemorySpaceAttributes() doesn't subsequently call gCpu->SetMemoryAttributes(). No - Booting to the OS and running the paging audit app on Q35 N/A
microsoft · Jul 3, 2024 · 7879110 · 7879110
1 parent 62fc5b8
commit 7879110
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/PrmPkg/PrmConfigDxe/PrmConfigDxe.c b/PrmPkg/PrmConfigDxe/PrmConfigDxe.c
@@ -155,7 +155,14 @@ SetRuntimeMemoryRangeAttributes (
     Status = gDS->SetMemorySpaceAttributes (
                     RuntimeMmioRanges->Range[Index].PhysicalBaseAddress,
                     (UINT64)RuntimeMmioRanges->Range[Index].Length,
-                    Descriptor.Attributes | EFI_MEMORY_RUNTIME
+                    // MU_CHANGE START: The memory space descriptor access attributes are not accurate. Don't pass
+                    //                  in access attributes so SetMemorySpaceAttributes() doesn't update them.
+                    //                  EFI_MEMORY_RUNTIME is not a CPU arch attribute, so calling
+                    //                  SetMemorySpaceAttributes() with only it set will not clear existing page table
+                    //                  attributes for this region, such as EFI_MEMORY_XP
+                    // Descriptor.Attributes | EFI_MEMORY_RUNTIME
+                    EFI_MEMORY_RUNTIME
+                    // MU_CHANGE END
                     );
     ASSERT_EFI_ERROR (Status);
     if (EFI_ERROR (Status)) {