On 30.04.2021 11:40, Ard Biesheuvel wrote: > On Fri, 30 Apr 2021 at 10:06, Heiner Kallweit <hkallweit1@xxxxxxxxx> wrote: >> >> I'm one of the people seeing the following warning: >> >> efi: memattr: Entry attributes invalid: RO and XP bits both cleared >> efi: memattr: ! 0x000000090000-0x000000090fff [Runtime Code|RUN| | | | | | | | | | | | | ] >> >> Out of curiosity I checked UEFI spec 2.9. On p.108 there's table 4.1: >> >> EFI_MEMORY_RO EFI_MEMORY_XP EFI_MEMORY_RUNTIME >> No memory access protection is possible for Entry 0 0 1 >> Write-protected Code 1 0 1 >> Read/Write Data 0 1 1 >> Read-only Data 1 1 1 >> >> So it seems to be valid that both attributes are cleared. >> Also in the surrounding text I didn't find a hint mandating >> that at least one the attributes has to be set. > > You are right. My assumption at the time was that not having either of > RO or XP in the memory attributes table makes little sense, as it > describes the default case. However, this interpretation may conflict > with the requirement that entries in the memory attributes table cover > an entry in the EFI memory map entirely, or not at all. IOW, if a > memory map entry consists of a code region, a data region and a region > that requires both execute and write permissions, there would be no > way to describe it unless we permit entries that have RO and XP both > cleared. > > Patches welcome! > Thanks for the comprehensive explanation. Then I'll submit a patch for removing this check.
