[edk2-devel] [PATCH v5 14/28] MdeModulePkg: Update DXE Handoff to use SetMemoryProtectionsLib
Taylor Beebe
taylor.d.beebe at gmail.com
Mon Oct 9 00:07:26 UTC 2023
Update the DXE handoff logic in MdeModulePkg to use
SetMemoryProtectionsLib to fetch the platform memory protection
settings and reference them when creating the page tables.
Because the protection profile is equivalent to the PCD settings
even when the platform does not explicitly set a profile, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe <taylor.d.beebe at gmail.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Dandan Bi <dandan.bi at intel.com>
---
MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 4 +++-
MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 ++
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9 +++++++--
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 6 ++++--
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 16 ++++++++--------
MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 +++
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 11 +----------
7 files changed, 28 insertions(+), 23 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c
index 60400da3521a..9f7ed2069a46 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c
@@ -33,13 +33,15 @@ HandOffToDxeCore (
EFI_STATUS Status;
EDKII_MEMORY_ATTRIBUTE_PPI *MemoryPpi;
+ GetCurrentMemoryProtectionSettings (&mMps);
+
//
// Allocate 128KB for the Stack
//
BaseOfStack = AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));
ASSERT (BaseOfStack != NULL);
- if (PcdGetBool (PcdSetNxForStack)) {
+ if (mMps.Dxe.StackExecutionProtectionEnabled) {
Status = PeiServicesLocatePpi (
&gEdkiiMemoryAttributePpiGuid,
0,
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
index 2c19f1a507ba..0789dbca6ad8 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
@@ -50,6 +50,8 @@ CONST EFI_PEI_NOTIFY_DESCRIPTOR mMemoryDiscoveredNotifyList = {
InstallIplPermanentMemoryPpis
};
+MEMORY_PROTECTION_SETTINGS mMps = { 0 };
+
/**
Entry point of DXE IPL PEIM.
diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
index 65e9bdc99ed5..8a9c844450ae 100644
--- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
@@ -219,11 +219,14 @@ ToBuildPageTable (
return TRUE;
}
- if (PcdGet8 (PcdHeapGuardPropertyMask) != 0) {
+ if (mMps.Dxe.HeapGuard.PageGuardEnabled ||
+ mMps.Dxe.HeapGuard.PoolGuardEnabled ||
+ mMps.Dxe.HeapGuard.FreedMemoryGuardEnabled)
+ {
return TRUE;
}
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (mMps.Dxe.CpuStackGuardEnabled) {
return TRUE;
}
@@ -265,6 +268,8 @@ HandOffToDxeCore (
EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
BOOLEAN BuildPageTablesIa32Pae;
+ GetCurrentMemoryProtectionSettings (&mMps);
+
//
// Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
//
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
index fa2050cf023a..7e17a963e9ff 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
@@ -36,6 +36,8 @@ HandOffToDxeCore (
VOID *GhcbBase;
UINTN GhcbSize;
+ GetCurrentMemoryProtectionSettings (&mMps);
+
//
// Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
//
@@ -104,8 +106,8 @@ HandOffToDxeCore (
// Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE
// for the DxeIpl and the DxeCore are both X64.
//
- ASSERT (PcdGetBool (PcdSetNxForStack) == FALSE);
- ASSERT (PcdGetBool (PcdCpuStackGuard) == FALSE);
+ ASSERT (!mMps.Dxe.StackExecutionProtectionEnabled);
+ ASSERT (!mMps.Dxe.CpuStackGuardEnabled);
}
//
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 980c2002d4f5..2c75702d6a25 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -109,7 +109,7 @@ IsNullDetectionEnabled (
VOID
)
{
- return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
+ return mMps.Dxe.NullPointerDetection.Enabled;
}
/**
@@ -163,9 +163,9 @@ IsEnableNonExecNeeded (
// XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
// Features controlled by Following PCDs need this feature to be enabled.
//
- return (PcdGetBool (PcdSetNxForStack) ||
- PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
- PcdGet32 (PcdImageProtectionPolicy) != 0);
+ return (mMps.Dxe.StackExecutionProtectionEnabled ||
+ !IsZeroBuffer (&mMps.Dxe.ExecutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) ||
+ mMps.Dxe.ImageProtection.ProtectImageFromFv || mMps.Dxe.ImageProtection.ProtectImageFromUnknown);
}
/**
@@ -214,13 +214,13 @@ ToSplitPageTable (
return TRUE;
}
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (mMps.Dxe.CpuStackGuardEnabled) {
if ((StackBase >= Address) && (StackBase < (Address + Size))) {
return TRUE;
}
}
- if (PcdGetBool (PcdSetNxForStack)) {
+ if (mMps.Dxe.StackExecutionProtectionEnabled) {
if ((Address < StackBase + StackSize) && ((Address + Size) > StackBase)) {
return TRUE;
}
@@ -403,14 +403,14 @@ Split2MPageTo4K (
PageTableEntry->Bits.ReadWrite = 1;
if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
- (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
+ (mMps.Dxe.CpuStackGuardEnabled && (PhysicalAddress4K == StackBase)))
{
PageTableEntry->Bits.Present = 0;
} else {
PageTableEntry->Bits.Present = 1;
}
- if ( PcdGetBool (PcdSetNxForStack)
+ if ( mMps.Dxe.StackExecutionProtectionEnabled
&& (PhysicalAddress4K >= StackBase)
&& (PhysicalAddress4K < StackBase + StackSize))
{
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h
index 2f015befceca..f6826349c378 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h
@@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/UefiDecompressLib.h>
#include <Library/ExtractGuidedSectionLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/PcdLib.h>
#include <Library/DebugAgentLib.h>
@@ -46,6 +47,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define STACK_SIZE 0x20000
#define BSP_STORE_SIZE 0x4000
+extern MEMORY_PROTECTION_SETTINGS mMps;
+
//
// This PPI is installed to indicate the end of the PEI usage of memory
//
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index f1990eac7760..ccbf5c36d7f6 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -67,6 +67,7 @@ [LibraryClasses]
DebugAgentLib
PeiServicesTablePointerLib
PerformanceLib
+ SetMemoryProtectionsLib
[Ppis]
gEfiDxeIplPpiGuid ## PRODUCES
@@ -101,20 +102,10 @@ [FeaturePcd]
[Pcd.IA32,Pcd.X64]
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ## CONSUMES
-[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIMES_CONSUMES
-
-[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
-
[Depex]
gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109419): https://edk2.groups.io/g/devel/message/109419
Mute This Topic: https://groups.io/mt/101843357/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list