[edk2-devel] [PATCH v4 19/28] MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs
Taylor Beebe
taylor.d.beebe at gmail.com
Wed Sep 20 00:57:42 UTC 2023
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe <taylor.d.beebe at gmail.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Dandan Bi <dandan.bi at intel.com>
---
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 4 +-
MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 46 ++++++++------
MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +-
MdeModulePkg/Core/Dxe/Mem/Pool.c | 4 +-
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 67 +++++++++++---------
MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 29 ++++-----
MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +-
MdeModulePkg/Core/Dxe/DxeMain.h | 1 +
MdeModulePkg/Core/Dxe/DxeMain.inf | 8 +--
MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 1 +
MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 4 +-
11 files changed, 87 insertions(+), 83 deletions(-)
diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index 0e0f9769b99d..66cb2fcf2ff7 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -256,10 +256,12 @@ DxeMain (
Status = InitializeCpuExceptionHandlers (VectorInfoList);
ASSERT_EFI_ERROR (Status);
+ PopulateMpsGlobal ();
+
//
// Setup Stack Guard
//
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
Status = InitializeSeparateExceptionStacks (NULL, NULL);
ASSERT_EFI_ERROR (Status);
}
diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
index 0c0ca61872b4..59d8f36c89b7 100644
--- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
+++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
@@ -553,7 +553,7 @@ UnsetGuardPage (
// memory.
//
Attributes = 0;
- if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & (1 << EfiConventionalMemory)) != 0) {
+ if (gMps.Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory]) {
Attributes |= EFI_MEMORY_XP;
}
@@ -590,38 +590,48 @@ IsMemoryTypeToGuard (
IN UINT8 PageOrPool
)
{
- UINT64 TestBit;
+ UINT32 MpsMemoryType;
UINT64 ConfigBit;
if (AllocateType == AllocateAddress) {
return FALSE;
}
- if ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) {
+ ConfigBit = gMps.Dxe.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0;
+ ConfigBit |= gMps.Dxe.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0;
+ ConfigBit |= gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled ? GUARD_HEAP_TYPE_FREED : 0;
+
+ if ((PageOrPool & ConfigBit) == 0) {
return FALSE;
}
- if (PageOrPool == GUARD_HEAP_TYPE_POOL) {
- ConfigBit = PcdGet64 (PcdHeapGuardPoolType);
- } else if (PageOrPool == GUARD_HEAP_TYPE_PAGE) {
- ConfigBit = PcdGet64 (PcdHeapGuardPageType);
- } else {
- ConfigBit = (UINT64)-1;
+ if (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled) {
+ return TRUE;
}
if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) {
- TestBit = BIT63;
+ MpsMemoryType = OS_RESERVED_MPS_MEMORY_TYPE;
} else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) {
- TestBit = BIT62;
+ MpsMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE;
} else if (MemoryType < EfiMaxMemoryType) {
- TestBit = LShiftU64 (1, MemoryType);
+ MpsMemoryType = MemoryType;
} else if (MemoryType == EfiMaxMemoryType) {
- TestBit = (UINT64)-1;
+ return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_DXE_PAGE_GUARD_ACTIVE) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_DXE_POOL_GUARD_ACTIVE) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled);
} else {
- TestBit = 0;
+ return FALSE;
}
- return ((ConfigBit & TestBit) != 0);
+ if (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Dxe.PageGuard.EnabledForType[MpsMemoryType]) {
+ return TRUE;
+ }
+
+ if (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Dxe.PoolGuard.EnabledForType[MpsMemoryType]) {
+ return TRUE;
+ }
+
+ return FALSE;
}
/**
@@ -835,7 +845,7 @@ AdjustMemoryS (
// indicated to put the pool near the Tail Guard, we need extra bytes to
// make sure alignment of the returned pool address.
//
- if ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) {
+ if (gMps.Dxe.HeapGuard.GuardAlignedToTail) {
SizeRequested = ALIGN_VALUE (SizeRequested, 8);
}
@@ -1019,7 +1029,7 @@ AdjustPoolHeadA (
IN UINTN Size
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
@@ -1050,7 +1060,7 @@ AdjustPoolHeadF (
IN UINTN Size
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c
index 6497af573353..05c18a413b80 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Page.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Page.c
@@ -181,7 +181,7 @@ CoreAddRange (
// used for other purposes.
//
if ((Type == EfiConventionalMemory) && (Start == 0) && (End >= EFI_PAGE_SIZE - 1)) {
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) == 0) {
+ if (!gMps.Dxe.NullPointerDetection.Enabled) {
SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0);
}
}
diff --git a/MdeModulePkg/Core/Dxe/Mem/Pool.c b/MdeModulePkg/Core/Dxe/Mem/Pool.c
index 716dd045f9fd..ae1e8b67db10 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Pool.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Pool.c
@@ -385,7 +385,7 @@ CoreAllocatePoolI (
//
HasPoolTail = !(NeedGuard &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Dxe.HeapGuard.GuardAlignedToTail);
PageAsPool = (IsHeapGuardEnabled (GUARD_HEAP_TYPE_FREED) && !mOnGuarding);
//
@@ -717,7 +717,7 @@ CoreFreePoolI (
IsGuarded = IsPoolTypeToGuard (Head->Type) &&
IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)Head);
HasPoolTail = !(IsGuarded &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Dxe.HeapGuard.GuardAlignedToTail);
PageAsPool = (Head->Signature == POOLPAGE_HEAD_SIGNATURE);
if (HasPoolTail) {
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index 94ed3111688b..215a9f254065 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -9,7 +9,7 @@
2) This policy is applied only if the UEFI image meets the page alignment
requirement.
3) This policy is applied only if the Source UEFI image matches the
- PcdImageProtectionPolicy definition.
+ Image Protection Policy definition.
4) This policy is not applied to the non-PE image region.
The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
@@ -60,7 +60,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PREVIOUS_MEMORY_DESCRIPTOR(MemoryDescriptor, Size) \
((EFI_MEMORY_DESCRIPTOR *)((UINT8 *)(MemoryDescriptor) - (Size)))
-UINT32 mImageProtectionPolicy;
+STATIC BOOLEAN mIsExecutionProtectionActive = FALSE;
+
+STATIC BOOLEAN mIsPageOrPoolGuardActive = FALSE;
extern LIST_ENTRY mGcdMemorySpaceMap;
@@ -149,11 +151,13 @@ GetProtectionPolicyFromImageType (
IN UINT32 ImageType
)
{
- if ((ImageType & mImageProtectionPolicy) == 0) {
- return DO_NOT_PROTECT;
- } else {
+ if (((ImageType == IMAGE_UNKNOWN) && gMps.Dxe.ImageProtection.ProtectImageFromUnknown) ||
+ ((ImageType == IMAGE_FROM_FV) && gMps.Dxe.ImageProtection.ProtectImageFromFv))
+ {
return PROTECT_IF_ALIGNED_ELSE_ALLOW;
}
+
+ return DO_NOT_PROTECT;
}
/**
@@ -611,7 +615,7 @@ UnprotectUefiImage (
IMAGE_PROPERTIES_RECORD *ImageRecord;
LIST_ENTRY *ImageRecordLink;
- if (PcdGet32 (PcdImageProtectionPolicy) != 0) {
+ if (IS_DXE_IMAGE_PROTECTION_ACTIVE) {
for (ImageRecordLink = mProtectedImageRecordList.ForwardLink;
ImageRecordLink != &mProtectedImageRecordList;
ImageRecordLink = ImageRecordLink->ForwardLink)
@@ -648,21 +652,23 @@ GetPermissionAttributeForMemoryType (
IN EFI_MEMORY_TYPE MemoryType
)
{
- UINT64 TestBit;
+ UINT32 TestMemoryType;
if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) {
- TestBit = BIT63;
+ TestMemoryType = OS_RESERVED_MPS_MEMORY_TYPE;
} else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) {
- TestBit = BIT62;
+ TestMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE;
+ } else if (MemoryType >= EfiMaxMemoryType) {
+ return EFI_MEMORY_XP;
} else {
- TestBit = LShiftU64 (1, MemoryType);
+ TestMemoryType = MemoryType;
}
- if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) != 0) {
+ if (gMps.Dxe.ExecutionProtection.EnabledForType[TestMemoryType]) {
return EFI_MEMORY_XP;
- } else {
- return 0;
}
+
+ return 0;
}
/**
@@ -772,7 +778,7 @@ MergeMemoryMapForProtectionPolicy (
/**
Remove exec permissions from all regions whose type is identified by
- PcdDxeNxMemoryProtectionPolicy.
+ the DXE Execution Protection Policy.
**/
STATIC
VOID
@@ -827,7 +833,7 @@ InitializeDxeNxMemoryProtectionPolicy (
ASSERT_EFI_ERROR (Status);
StackBase = 0;
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
//
// Get the base of stack from Hob.
//
@@ -885,7 +891,7 @@ InitializeDxeNxMemoryProtectionPolicy (
// enabled.
//
if ((MemoryMapEntry->PhysicalStart == 0) &&
- (PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0))
+ (gMps.Dxe.NullPointerDetection.Enabled))
{
ASSERT (MemoryMapEntry->NumberOfPages > 0);
SetUefiImageMemoryAttributes (
@@ -903,7 +909,7 @@ InitializeDxeNxMemoryProtectionPolicy (
((StackBase >= MemoryMapEntry->PhysicalStart) &&
(StackBase < MemoryMapEntry->PhysicalStart +
LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT))) &&
- PcdGetBool (PcdCpuStackGuard))
+ gMps.Dxe.CpuStackGuardEnabled)
{
SetUefiImageMemoryAttributes (
StackBase,
@@ -1024,7 +1030,7 @@ MemoryProtectionCpuArchProtocolNotify (
//
// Apply the memory protection policy on non-BScode/RTcode regions.
//
- if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0) {
+ if (IS_DXE_EXECUTION_PROTECTION_ACTIVE) {
InitializeDxeNxMemoryProtectionPolicy ();
}
@@ -1036,7 +1042,7 @@ MemoryProtectionCpuArchProtocolNotify (
// Mark the HOB list XP and RO.
ProtectHobList ();
- if (mImageProtectionPolicy == 0) {
+ if (!IS_DXE_IMAGE_PROTECTION_ACTIVE) {
goto Done;
}
@@ -1099,7 +1105,7 @@ MemoryProtectionExitBootServicesCallback (
// delay setting protections on RT code pages until after SetVirtualAddressMap().
// OS may set protection on RT based upon EFI_MEMORY_ATTRIBUTES_TABLE later.
//
- if (mImageProtectionPolicy != 0) {
+ if (IS_DXE_IMAGE_PROTECTION_ACTIVE) {
for (Link = gRuntime->ImageHead.ForwardLink; Link != &gRuntime->ImageHead; Link = Link->ForwardLink) {
RuntimeImage = BASE_CR (Link, EFI_RUNTIME_IMAGE_ENTRY, Link);
SetUefiImageMemoryAttributes ((UINT64)(UINTN)RuntimeImage->ImageBase, ALIGN_VALUE (RuntimeImage->ImageSize, EFI_PAGE_SIZE), 0);
@@ -1173,19 +1179,20 @@ CoreInitializeMemoryProtection (
EFI_EVENT EndOfDxeEvent;
VOID *Registration;
- mImageProtectionPolicy = PcdGet32 (PcdImageProtectionPolicy);
+ mIsExecutionProtectionActive = IS_DXE_EXECUTION_PROTECTION_ACTIVE;
+ mIsPageOrPoolGuardActive = IS_DXE_PAGE_GUARD_ACTIVE || IS_DXE_POOL_GUARD_ACTIVE;
InitializeListHead (&mProtectedImageRecordList);
//
- // Sanity check the PcdDxeNxMemoryProtectionPolicy setting:
+ // Sanity check the DXE NX protection policy setting:
// - code regions should have no EFI_MEMORY_XP attribute
// - EfiConventionalMemory and EfiBootServicesData should use the
// same attribute
//
- ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI_MEMORY_XP) == 0);
- ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & EFI_MEMORY_XP) == 0);
- ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMORY_XP) == 0);
+ ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiLoaderCode]);
+ ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiBootServicesCode]);
+ ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiRuntimeServicesCode]);
ASSERT (
GetPermissionAttributeForMemoryType (EfiBootServicesData) ==
GetPermissionAttributeForMemoryType (EfiConventionalMemory)
@@ -1213,9 +1220,7 @@ CoreInitializeMemoryProtection (
//
// Register a callback to disable NULL pointer detection at EndOfDxe
//
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7))
- == (BIT0|BIT7))
- {
+ if (gMps.Dxe.NullPointerDetection.Enabled && gMps.Dxe.NullPointerDetection.DisableEndOfDxe) {
Status = CoreCreateEventEx (
EVT_NOTIFY_SIGNAL,
TPL_NOTIFY,
@@ -1279,7 +1284,7 @@ ApplyMemoryProtectionPolicy (
UINT64 NewAttributes;
//
- // The policy configured in PcdDxeNxMemoryProtectionPolicy
+ // The policy configured in DXE Execution Protection Policy
// does not apply to allocations performed in SMM mode.
//
if (IsInSmm ()) {
@@ -1298,7 +1303,7 @@ ApplyMemoryProtectionPolicy (
//
// Check if a DXE memory protection policy has been configured
//
- if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) == 0) {
+ if (!mIsExecutionProtectionActive) {
return EFI_SUCCESS;
}
@@ -1306,7 +1311,7 @@ ApplyMemoryProtectionPolicy (
// Don't overwrite Guard pages, which should be the first and/or last page,
// if any.
//
- if (IsHeapGuardEnabled (GUARD_HEAP_TYPE_PAGE|GUARD_HEAP_TYPE_POOL)) {
+ if (mIsPageOrPoolGuardActive) {
if (IsGuardPage (Memory)) {
Memory += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
index 25310122ca1b..eac38e699c30 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
@@ -592,36 +592,29 @@ IsMemoryTypeToGuard (
IN UINT8 PageOrPool
)
{
- UINT64 TestBit;
UINT64 ConfigBit;
- if ( ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0)
+ ConfigBit = gMps.Mm.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0;
+ ConfigBit |= gMps.Mm.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0;
+
+ if ( ((ConfigBit & PageOrPool) == 0)
|| mOnGuarding
|| (AllocateType == AllocateAddress))
{
return FALSE;
}
- ConfigBit = 0;
- if ((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) {
- ConfigBit |= PcdGet64 (PcdHeapGuardPoolType);
- }
-
- if ((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) {
- ConfigBit |= PcdGet64 (PcdHeapGuardPageType);
- }
-
if ((MemoryType == EfiRuntimeServicesData) ||
(MemoryType == EfiRuntimeServicesCode))
{
- TestBit = LShiftU64 (1, MemoryType);
+ return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Mm.PageGuard.EnabledForType[MemoryType]) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Mm.PoolGuard.EnabledForType[MemoryType]);
} else if (MemoryType == EfiMaxMemoryType) {
- TestBit = (UINT64)-1;
- } else {
- TestBit = 0;
+ return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_MM_PAGE_GUARD_ACTIVE) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_MM_POOL_GUARD_ACTIVE);
}
- return ((ConfigBit & TestBit) != 0);
+ return FALSE;
}
/**
@@ -951,7 +944,7 @@ AdjustPoolHeadA (
IN UINTN Size
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
@@ -977,7 +970,7 @@ AdjustPoolHeadF (
IN EFI_PHYSICAL_ADDRESS Memory
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c b/MdeModulePkg/Core/PiSmmCore/Pool.c
index e1ff40a8ea55..991efaf33bdd 100644
--- a/MdeModulePkg/Core/PiSmmCore/Pool.c
+++ b/MdeModulePkg/Core/PiSmmCore/Pool.c
@@ -258,7 +258,7 @@ SmmInternalAllocatePool (
NeedGuard = IsPoolTypeToGuard (PoolType);
HasPoolTail = !(NeedGuard &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Mm.HeapGuard.GuardAlignedToTail);
//
// Adjust the size by the pool header & tail overhead
@@ -392,7 +392,7 @@ SmmInternalFreePool (
MemoryGuarded = IsHeapGuardEnabled () &&
IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)FreePoolHdr);
HasPoolTail = !(MemoryGuarded &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Mm.HeapGuard.GuardAlignedToTail);
if (HasPoolTail) {
PoolTail = HEAD_TO_TAIL (&FreePoolHdr->Header);
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index 43daa037be44..8b8b97666f38 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -84,6 +84,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DxeServicesLib.h>
#include <Library/DebugAgentLib.h>
#include <Library/CpuExceptionHandlerLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
//
// attributes for reserved memory before it is promoted to system memory
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf
index 6c896a0e7f0f..ddbbee5f68ce 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -94,6 +94,7 @@ [LibraryClasses]
DebugAgentLib
CpuExceptionHandlerLib
PcdLib
+ GetMemoryProtectionsLib
[Guids]
gEfiEventMemoryMapChangeGuid ## PRODUCES ## Event
@@ -179,13 +180,6 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileMemoryType ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel ## CONSUMES
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
index b8a490a8c3b5..2fabed0670e0 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
@@ -55,6 +55,7 @@
#include <Library/HobLib.h>
#include <Library/SmmMemLib.h>
#include <Library/SafeIntLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include "PiSmmCorePrivateData.h"
#include "HeapGuard.h"
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
index 3df44b38f13c..4586ec39d7c7 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
@@ -61,6 +61,7 @@ [LibraryClasses]
HobLib
SmmMemLib
SafeIntLib
+ GetMemoryProtectionsLib
[Protocols]
gEfiDxeSmmReadyToLockProtocolGuid ## UNDEFINED # SmiHandlerRegister
@@ -94,9 +95,6 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdSmiHandlerProfilePropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
[Guids]
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108881): https://edk2.groups.io/g/devel/message/108881
Mute This Topic: https://groups.io/mt/101469959/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list