[edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage

duntan dun.tan at intel.com
Wed Jun 14 09:40:50 UTC 2023 

Hi all,

Could you please help to review this patch?

Thanks,
Dun

-----Original Message-----
From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of duntan
Sent: Friday, June 9, 2023 5:16 PM
To: devel at edk2.groups.io
Cc: Gao, Liming <gaoliming at byosoft.com.cn>; Ni, Ray <ray.ni at intel.com>; Wang, Jian J <jian.j.wang at intel.com>; Ard Biesheuvel <ardb+tianocore at kernel.org>
Subject: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage

In UnsetGuardPage(), before SmmReadyToLock, remove NX and RO memory attribute protection for guarded page since EfiConventionalMemory in SMRAM is RW and executable before SmmReadyToLock. If UnsetGuardPage() happens after SmmReadyToLock, then apply EFI_MEMORY_XP to the guarded page to make sure EfiConventionalMemory in SMRAM is NX since EfiConventionalMemory in SMRAM is marked as NX in PiSmmCpuDxe driver when SmmReadyToLock.

Signed-off-by: Dun Tan <dun.tan at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Ray Ni <ray.ni at intel.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
---
 MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
index 8f3bab6fee..25310122ca 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
@@ -553,9 +553,23 @@ UnsetGuardPage (
                                          mSmmMemoryAttribute,
                                          BaseAddress,
                                          EFI_PAGE_SIZE,
-                                         EFI_MEMORY_RP
+                                         
+ EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
                                          );
     ASSERT_EFI_ERROR (Status);
+
+    if (gST == NULL) {
+      //
+      // Make sure EfiConventionalMemory is NX after SmmReadyToLock
+      //
+      Status = mSmmMemoryAttribute->SetMemoryAttributes (
+                                      mSmmMemoryAttribute,
+                                      BaseAddress,
+                                      EFI_PAGE_SIZE,
+                                      EFI_MEMORY_XP
+                                      );
+      ASSERT_EFI_ERROR (Status);
+    }
+
     mOnGuarding = FALSE;
   }
 }
--
2.31.1.windows.1








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106082): https://edk2.groups.io/g/devel/message/106082
Mute This Topic: https://groups.io/mt/99524271/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list