From nobody Fri May 17 01:44:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105987+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105987+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1686342390; cv=none; d=zohomail.com; s=zohoarc; b=oMCIu6094L/qEC9FBVEI1CkCdxEGvQSzqVrAH7OwMbRRscq606zj43MyWw7ud8WQJrzJfBxwAUfvpWFuGA4DvkjSvCJ35J++CIKR2MBrXrN/coWBwvAEsgGszj1g3T604NBrdWbM4goPcNMHmvpQq9h915KcJsLUVnUTnlID3bc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1686342390; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=wliHPUeYWfLXF3BKUu7XKA40cZlovnxVhLt/jcYzYMY=; b=MK6MDPvMYfUDhlzaJW4trTTT0u9OAimFB61bupBMHzcnZhptV4Z1x6V/zDnyffutDh7DomnOgq4Q/3ygbQOyFS2kDH6c7ttqr9Uf4BU5M2BxbYvn0ezSZM1vmYh+eEjk9O5gpHZ8XrA3e3apn3EprnskAEIurtEil8yRBA63pvU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105987+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1686342390532496.3467529237238; Fri, 9 Jun 2023 13:26:30 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id DQm7YY1788612xUTOPDqr2iB; Fri, 09 Jun 2023 13:26:30 -0700 X-Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.4847.1686342389221070567 for ; Fri, 09 Jun 2023 13:26:29 -0700 X-Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1b2439e9004so9532185ad.3 for ; Fri, 09 Jun 2023 13:26:29 -0700 (PDT) X-Gm-Message-State: 8wYeM3S2fn8cEph2FU279GQfx1787277AA= X-Google-Smtp-Source: ACHHUZ43Iwt5gjIslgJ49/ZgIEEjbicwE5BsGLTGTG/+0x0OSrCVFdKBs+DAMjkGgMcSg1QDCH+ntw== X-Received: by 2002:a17:902:ea84:b0:1ab:8f4:af2b with SMTP id x4-20020a170902ea8400b001ab08f4af2bmr1787040plb.38.1686342388061; Fri, 09 Jun 2023 13:26:28 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jun 2023 13:26:27 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Taylor Beebe , Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v1 1/3] MdeModulePkg: Add DXE and MM Memory Protection Settings HOB Definitions Date: Fri, 9 Jun 2023 13:25:59 -0700 Message-Id: <20230609202601.1153-2-t@taylorbeebe.com> In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com> References: <20230609202601.1153-1-t@taylorbeebe.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,t@taylorbeebe.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1686342390; bh=v0NRfxwZZrhU3E1bKSVxbHjr+qFCiJZ5VX31jAH94zE=; h=Cc:Date:From:Reply-To:Subject:To; b=Ql0RwF6BryYqnZnqL1DXLagdbvUEa8DysCKRq8B4PLYf/GPlVZJ7J3v0QxWziPf//Rt WObiPwQo4FP2scpJGqHc1p/VbxN6cJT/7p1nfxU/bPBah8Kufit7XUcXQAtnQerm6P9HO lQlPIQGmdEMUifX22g6+GfPYVqAi2BN2rxA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1686342391951100003 Content-Type: text/plain; charset="utf-8" These headers provide settings definitions for memory protections, settings profiles for easily enabling memory protections, and the GUIDs used for producing the memory protection HOB. The settings options are functionally 1:1 with the existing PCD bitfield definitions. Instead of setting a fixed at build PCD, memory protection settings will be created via a HOB at runtime. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h | 503 ++++++++++++= ++++++++ MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h | 239 ++++++++++ MdeModulePkg/MdeModulePkg.dec | 10 + 3 files changed, 752 insertions(+) diff --git a/MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h b/MdeM= odulePkg/Include/Guid/DxeMemoryProtectionSettings.h new file mode 100644 index 000000000000..7f4b573805a8 --- /dev/null +++ b/MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h @@ -0,0 +1,503 @@ +/** @file + +Defines memory protection settings guid and struct + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef DXE_MEMORY_PROTECTION_SETTINGS_H_ +#define DXE_MEMORY_PROTECTION_SETTINGS_H_ + +typedef union { + UINT8 Data; + struct { + UINT8 NullDetectionEnabled : 1; + UINT8 DisableEndOfDxe : 1; + UINT8 NonstopModeEnabled : 1; + } Fields; +} DXE_NULL_DETECTION_POLICY; + +typedef union { + UINT8 Data; + struct { + UINT8 PageGuardEnabled : 1; + UINT8 PoolGuardEnabled : 1; + UINT8 FreedMemoryGuardEnabled : 1; + UINT8 NonstopModeEnabled : 1; + UINT8 GuardAlignment : 1; + } Fields; +} DXE_HEAP_GUARD_POLICY; + +typedef union { + UINT32 Data; + struct { + UINT8 EfiReservedMemoryType : 1; + UINT8 EfiLoaderCode : 1; + UINT8 EfiLoaderData : 1; + UINT8 EfiBootServicesCode : 1; + UINT8 EfiBootServicesData : 1; + UINT8 EfiRuntimeServicesCode : 1; + UINT8 EfiRuntimeServicesData : 1; + UINT8 EfiConventionalMemory : 1; + UINT8 EfiUnusableMemory : 1; + UINT8 EfiACPIReclaimMemory : 1; + UINT8 EfiACPIMemoryNVS : 1; + UINT8 EfiMemoryMappedIO : 1; + UINT8 EfiMemoryMappedIOPortSpace : 1; + UINT8 EfiPalCode : 1; + UINT8 EfiPersistentMemory : 1; + UINT8 OEMReserved : 1; + UINT8 OSReserved : 1; + } Fields; +} DXE_HEAP_GUARD_MEMORY_TYPES; + +typedef union { + UINT8 Data; + struct { + UINT8 ProtectImageFromUnknown : 1; + UINT8 ProtectImageFromFv : 1; + } Fields; +} DXE_IMAGE_PROTECTION_POLICY; + +typedef UINT8 DXE_MEMORY_PROTECTION_SETTINGS_VERSION; + +#define DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION 1 // Current itera= tion of DXE_MEMORY_PROTECTION_SETTINGS + +// +// Memory Protection Settings struct +// +typedef struct { + // The current version of the structure definition. This is used to ensu= re there isn't a definition mismatch + // if modules have differing iterations of this header. When creating th= is struct, use the + // DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION macro. + DXE_MEMORY_PROTECTION_SETTINGS_VERSION StructVersion; + + // Indicates if UEFI Stack Guard will be enabled. + // + // If enabled, stack overflow in UEFI can be caught. + // TRUE - UEFI Stack Guard will be enabled. + // FALSE - UEFI Stack Guard will be disabled. + BOOLEAN CpuStackGuard; + + // Bitfield to control the NULL address detection in code for different = phases. + // If enabled, accessing NULL address in UEFI or SMM code can be caught = by marking + // the NULL page as not present. + // .NullDetectionEnabled : Enable NULL pointer detection for UEFI. + // .DisableEndOfDxe : Disable NULL pointer detection just afte= r EndOfDxe. + // This is a workaround for those unsolvabl= e NULL access issues in + // OptionROM, boot loader, etc. It can also= help to avoid unnecessary + // exception caused by legacy memory (0-409= 5) access after EndOfDxe, + // such as Windows 7 boot on Qemu. + // .NonstopModeEnabled : Enable UEFI non-stop mode. If enabled, U= EFI will raise the debug flag + // to break into debugger when a fault occu= rs. + DXE_NULL_DETECTION_POLICY NullPointerDetectionPolicy; + + // Bitfield to control Heap Guard behavior. + // + // Note: + // a) Due to the limit of pool memory implementation and the alignment + // requirement of UEFI spec, HeapGuardPolicy.GuardAlignment is a try= -best + // setting which cannot guarantee that the returned pool is exactly + // adjacent to head guard page or tail guard page. + // b) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled + // at the same time. + // + // .PageGuardEnabled : Enable UEFI page guard. + // .PoolGuardEnabled : Enable UEFI pool guard. + // .FreedMemoryGuardEnabled : Enable UEFI freed-memory guard (Use-Afte= r-Free memory detection). + // .NonstopModeEnabled : Enable UEFI non-stop mode. If enabled, t= he debug flag will be raised + // to break into debugger when a fault occu= rs. + // .GuardAlignment : The alignment of Guard Page for Pool Gua= rd. + // 0 - The returned pool is near the tail g= uard page. + // 1 - The returned pool is near the head g= uard page. + DXE_HEAP_GUARD_POLICY HeapGuardPolicy; + + // Set image protection policy. + // + // .ProtectImageFromUnknown : If set, images from unknown devi= ces will be protected by DxeCore + // if they are aligned. The code se= ction becomes read-only, and the data + // section becomes non-executable. + // .ProtectImageFromFv : If set, images from firmware vol= umes will be protected by DxeCore + // if they are aligned. The code se= ction becomes read-only, and the data + // section becomes non-executable. + // + // Note: If a bit is cleared, an image data section could be still non-e= xecutable if + // NxProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData = or EfiRuntimeServicesData. + DXE_IMAGE_PROTECTION_POLICY ImageProtectionPolicy; + + // Indicates which type allocation need guard page. + // + // If bit is set, a head guard page and a tail guard page will be added = just + // before and after corresponding type of pages which the allocated pool= occupies, + // if there's enough free memory for all of them. The pool allocation fo= r the + // type related to cleared bits keeps the same as ususal. + // + // This bitfield is only valid if PoolGuardEnabled and/or PoolGuardEnabl= ed are set in HeapGuardPolicy. + DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardPoolType; + + // Indicates which type allocation need guard page. + // + // If a bit is set, a head guard page and a tail guard page will be adde= d just + // before and after corresponding type of pages allocated if there's eno= ugh + // free pages for all of them. The page allocation for the type related = to + // cleared bits keeps the same as ususal. + // + // This bitfield is only valid if PageGuardEnabled is set in HeapGuardPo= licy. + DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardPageType; + + // DXE no execute memory protection policy. + // + // If a bit is set, memory regions of the associated type will be mapped + // non-executable. If a bit is cleared, nothing will be done to associat= ed type of memory. + // + // NOTE: User MUST set the same NX protection for EfiBootServicesData an= d EfiConventionalMemory. + DXE_HEAP_GUARD_MEMORY_TYPES NxProtectionPolicy; +} DXE_MEMORY_PROTECTION_SETTINGS; + +#define HOB_DXE_MEMORY_PROTECTION_SETTINGS_GUID \ + { \ + { 0x9ABFD639, 0xD1D0, 0x4EFF, { 0xBD, 0xB6, 0x7E, 0xC4, 0x19, 0x0D, 0x= 17, 0xD5 } } \ + } + +extern GUID gDxeMemoryProtectionSettingsGuid; + +// HeapGuardPolicy.Fields.GuardAlignment value indicating tail alignment +#define POOL_ALIGNED_TO_TAIL_GUARD 0 + +// HeapGuardPolicy.Fields.GuardAlignment value indicating head alignment +#define POOL_ALIGNED_TO_HEAD_GUARD 1 + +// +// A memory profile with strict settings. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_DEBUG \ + { \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard On */ \ + { \ + .Fields.NullDetectionEnabled =3D 1, \ + .Fields.DisableEndOfDxe =3D 0, \ + .Fields.NonstopModeEnabled =3D 1 \ + }, \ + { \ + .Fields.PageGuardEnabled =3D 1, \ + .Fields.PoolGuardEnabled =3D 1, \ + .Fields.FreedMemoryGuardEnabled =3D 0, \ + .Fields.NonstopModeEnabled =3D 1, \ + .Fields.GuardAlignment =3D 0 \ + }, \ + { \ + .Fields.ProtectImageFromUnknown =3D 1, \ + .Fields.ProtectImageFromFv =3D 1, \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 1, \ + .Fields.EfiLoaderCode =3D 1, \ + .Fields.EfiLoaderData =3D 1, \ + .Fields.EfiBootServicesCode =3D 1, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 1, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 1, \ + .Fields.EfiACPIReclaimMemory =3D 1, \ + .Fields.EfiACPIMemoryNVS =3D 1, \ + .Fields.EfiMemoryMappedIO =3D 1, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \ + .Fields.EfiPalCode =3D 1, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 1, \ + .Fields.OSReserved =3D 1 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 1, \ + .Fields.EfiLoaderCode =3D 1, \ + .Fields.EfiLoaderData =3D 1, \ + .Fields.EfiBootServicesCode =3D 1, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 1, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 1, \ + .Fields.EfiACPIReclaimMemory =3D 1, \ + .Fields.EfiACPIMemoryNVS =3D 1, \ + .Fields.EfiMemoryMappedIO =3D 1, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \ + .Fields.EfiPalCode =3D 1, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 1, \ + .Fields.OSReserved =3D 1 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 1, \ + .Fields.EfiLoaderCode =3D 1, \ + .Fields.EfiLoaderData =3D 1, \ + .Fields.EfiBootServicesCode =3D 1, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 1, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 1, \ + .Fields.EfiUnusableMemory =3D 1, \ + .Fields.EfiACPIReclaimMemory =3D 1, \ + .Fields.EfiACPIMemoryNVS =3D 1, \ + .Fields.EfiMemoryMappedIO =3D 1, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \ + .Fields.EfiPalCode =3D 1, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 1, \ + .Fields.OSReserved =3D 1 \ + } \ + } + +// +// A memory profile recommended for production. Compared to the debug +// settings, this removes the pool guards and uses page guards for +// fewer memory types. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE \ + { \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard On */ \ + { \ + .Fields.NullDetectionEnabled =3D 1, \ + .Fields.DisableEndOfDxe =3D 0, \ + .Fields.NonstopModeEnabled =3D 0 \ + }, \ + { \ + .Fields.PageGuardEnabled =3D 1, \ + .Fields.PoolGuardEnabled =3D 0, \ + .Fields.FreedMemoryGuardEnabled =3D 0, \ + .Fields.NonstopModeEnabled =3D 0, \ + .Fields.GuardAlignment =3D 0 \ + }, \ + { \ + .Fields.ProtectImageFromUnknown =3D 0, \ + .Fields.ProtectImageFromFv =3D 1, \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 1, \ + .Fields.EfiLoaderCode =3D 1, \ + .Fields.EfiLoaderData =3D 1, \ + .Fields.EfiBootServicesCode =3D 1, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 1, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 1, \ + .Fields.EfiUnusableMemory =3D 1, \ + .Fields.EfiACPIReclaimMemory =3D 1, \ + .Fields.EfiACPIMemoryNVS =3D 1, \ + .Fields.EfiMemoryMappedIO =3D 1, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \ + .Fields.EfiPalCode =3D 1, \ + .Fields.EfiPersistentMemory =3D 1, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + } \ + } + +// +// A memory profile which mirrors DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE +// but doesn't include page guards. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE_NO_PAGE_GUARDS \ + { \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard On */ \ + { \ + .Fields.NullDetectionEnabled =3D 1, \ + .Fields.DisableEndOfDxe =3D 0, \ + .Fields.NonstopModeEnabled =3D 0 \ + }, \ + { \ + .Fields.PageGuardEnabled =3D 0, \ + .Fields.PoolGuardEnabled =3D 0, \ + .Fields.FreedMemoryGuardEnabled =3D 0, \ + .Fields.NonstopModeEnabled =3D 0, \ + .Fields.GuardAlignment =3D 0 \ + }, \ + { \ + .Fields.ProtectImageFromUnknown =3D 0, \ + .Fields.ProtectImageFromFv =3D 1, \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 1, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 1, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 1, \ + .Fields.EfiUnusableMemory =3D 1, \ + .Fields.EfiACPIReclaimMemory =3D 1, \ + .Fields.EfiACPIMemoryNVS =3D 1, \ + .Fields.EfiMemoryMappedIO =3D 1, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \ + .Fields.EfiPalCode =3D 1, \ + .Fields.EfiPersistentMemory =3D 1, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + } \ + } + +// +// A memory profile which disables all memory protection settings. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_OFF \ + { \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + FALSE, /* Stack Guard On */ \ + { \ + .Fields.NullDetectionEnabled =3D 0, \ + .Fields.DisableEndOfDxe =3D 0, \ + .Fields.NonstopModeEnabled =3D 0 \ + }, \ + { \ + .Fields.PageGuardEnabled =3D 0, \ + .Fields.PoolGuardEnabled =3D 0, \ + .Fields.FreedMemoryGuardEnabled =3D 0, \ + .Fields.NonstopModeEnabled =3D 0, \ + .Fields.GuardAlignment =3D 0 \ + }, \ + { \ + .Fields.ProtectImageFromUnknown =3D 0, \ + .Fields.ProtectImageFromFv =3D 0, \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + } \ + } + +#endif diff --git a/MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h b/MdeMo= dulePkg/Include/Guid/MmMemoryProtectionSettings.h new file mode 100644 index 000000000000..77c362afcc1e --- /dev/null +++ b/MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h @@ -0,0 +1,239 @@ +/** @file + +Defines memory protection settings guid and struct + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef MM_MEMORY_PROTECTION_SETTINGS_H_ +#define MM_MEMORY_PROTECTION_SETTINGS_H_ + +typedef union { + UINT8 Data; + struct { + UINT8 NullDetectionEnabled : 1; + UINT8 NonstopModeEnabled : 1; + } Fields; +} MM_NULL_DETECTION_POLICY; + +typedef union { + UINT8 Data; + struct { + UINT8 PageGuardEnabled : 1; + UINT8 PoolGuardEnabled : 1; + UINT8 NonstopModeEnabled : 1; + UINT8 GuardAlignment : 1; + } Fields; +} MM_HEAP_GUARD_POLICY; + +typedef union { + UINT32 Data; + struct { + UINT8 EfiReservedMemoryType : 1; + UINT8 EfiLoaderCode : 1; + UINT8 EfiLoaderData : 1; + UINT8 EfiBootServicesCode : 1; + UINT8 EfiBootServicesData : 1; + UINT8 EfiRuntimeServicesCode : 1; + UINT8 EfiRuntimeServicesData : 1; + UINT8 EfiConventionalMemory : 1; + UINT8 EfiUnusableMemory : 1; + UINT8 EfiACPIReclaimMemory : 1; + UINT8 EfiACPIMemoryNVS : 1; + UINT8 EfiMemoryMappedIO : 1; + UINT8 EfiMemoryMappedIOPortSpace : 1; + UINT8 EfiPalCode : 1; + UINT8 EfiPersistentMemory : 1; + UINT8 OEMReserved : 1; + UINT8 OSReserved : 1; + } Fields; +} MM_HEAP_GUARD_MEMORY_TYPES; + +typedef UINT8 MM_MEMORY_PROTECTION_SETTINGS_VERSION; + +#define MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION 1 // Current iterat= ion of MM_MEMORY_PROTECTION_SETTINGS + +// +// Memory Protection Settings struct +// +typedef struct { + // The current version of the structure definition. This is used to ensu= re there isn't a definition mismatch + // if modules have differing iterations of this header. When creating th= is struct, use the + // MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION macro. + MM_MEMORY_PROTECTION_SETTINGS_VERSION StructVersion; + + // If enabled, accessing NULL address in UEFI or SMM code can be caught = by marking + // the NULL page as not present. + // + // .NullDetectionEnabled : Enable MM NULL detection. + // .NonstopModeEnabled : Enable MM non-stop mode. If enabled, t= he debug flag will be raised + // to break into debugger when a fault oc= curs. + MM_NULL_DETECTION_POLICY NullPointerDetectionPolicy; + + // Bitfield to control Heap Guard behavior. + // + // Note: + // a) Due to the limit of pool memory implementation and the alignment + // requirement of UEFI spec, HeapGuardPolicy.GuardAlignment is a try= -best + // setting which cannot guarantee that the returned pool is exactly + // adjacent to head guard page or tail guard page. + // + // .PageGuardEnabled : Enable MM page guard. + // .PoolGuardEnabled : Enable MM pool guard. + // .NonstopModeEnabled : Enable MM non-stop mode. If enabled, th= e debug flag will be raised + // to break into debugger when a fault occ= urs. + // .GuardAlignment : The alignment of Guard Page for Pool Gu= ard. + // 0 - The returned pool is near the tail = guard page. + // 1 - The returned pool is near the head = guard page. + MM_HEAP_GUARD_POLICY HeapGuardPolicy; + + // Indicates which type allocation need guard page. + // + // If bit is set, a head guard page and a tail guard page will be added = just + // before and after corresponding type of pages which the allocated pool= occupies, + // if there's enough free memory for all of them. The pool allocation fo= r the + // type related to cleared bits keeps the same as ususal. + // + // This bitfield is only valid if PoolGuardEnabled and/or PoolGuardEnabl= ed are set in HeapGuardPolicy. + MM_HEAP_GUARD_MEMORY_TYPES HeapGuardPoolType; + + // Indicates which type allocation need guard page. + // + // If a bit is set, a head guard page and a tail guard page will be adde= d just + // before and after corresponding type of pages allocated if there's eno= ugh + // free pages for all of them. The page allocation for the type related = to + // cleared bits keeps the same as ususal. + // + // This bitfield is only valid if PageGuardEnabled is set in HeapGuardPo= licy. + MM_HEAP_GUARD_MEMORY_TYPES HeapGuardPageType; +} MM_MEMORY_PROTECTION_SETTINGS; + +#define HOB_MM_MEMORY_PROTECTION_SETTINGS_GUID \ + { \ + { 0x0CF445DD, 0xA67C, 0x4F8C, { 0x81, 0x9B, 0xB7, 0xB6, 0x86, 0xED, 0x= 7C, 0x75 } } \ + } + +extern GUID gMmMemoryProtectionSettingsGuid; + +// HeapGuardPolicy.Fields.GuardAlignment value indicating tail alignment +#define HEAP_GUARD_ALIGNED_TO_TAIL 0 + +// HeapGuardPolicy.Fields.GuardAlignment value indicating head alignment +#define HEAP_GUARD_ALIGNED_TO_HEAD 1 + +// +// An MM memory profile with strict settings. This will likely add to the +// total boot time but will catch more configuration and memory errors. +// +#define MM_MEMORY_PROTECTION_SETTINGS_DEBUG \ + { \ + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + { \ + .Fields.NullDetectionEnabled =3D 1, \ + .Fields.NonstopModeEnabled =3D 1 \ + }, \ + { \ + .Fields.PageGuardEnabled =3D 1, \ + .Fields.PoolGuardEnabled =3D 1, \ + .Fields.NonstopModeEnabled =3D 1, \ + .Fields.GuardAlignment =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 1, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 1, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + } \ + } + +// +// An SMM memory profile with all settings off. +// +#define MM_MEMORY_PROTECTION_SETTINGS_OFF \ + { \ + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + { \ + .Fields.NullDetectionEnabled =3D 1, \ + .Fields.NonstopModeEnabled =3D 0 \ + }, \ + { \ + .Fields.PageGuardEnabled =3D 0, \ + .Fields.PoolGuardEnabled =3D 0, \ + .Fields.NonstopModeEnabled =3D 0, \ + .Fields.GuardAlignment =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + }, \ + { \ + .Fields.EfiReservedMemoryType =3D 0, \ + .Fields.EfiLoaderCode =3D 0, \ + .Fields.EfiLoaderData =3D 0, \ + .Fields.EfiBootServicesCode =3D 0, \ + .Fields.EfiBootServicesData =3D 0, \ + .Fields.EfiRuntimeServicesCode =3D 0, \ + .Fields.EfiRuntimeServicesData =3D 0, \ + .Fields.EfiConventionalMemory =3D 0, \ + .Fields.EfiUnusableMemory =3D 0, \ + .Fields.EfiACPIReclaimMemory =3D 0, \ + .Fields.EfiACPIMemoryNVS =3D 0, \ + .Fields.EfiMemoryMappedIO =3D 0, \ + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \ + .Fields.EfiPalCode =3D 0, \ + .Fields.EfiPersistentMemory =3D 0, \ + .Fields.OEMReserved =3D 0, \ + .Fields.OSReserved =3D 0 \ + } \ + } + +#endif diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 95dd077e19b3..89001f217ed1 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -399,6 +399,16 @@ [Guids] ## Include/Guid/EndofS3Resume.h gEdkiiEndOfS3ResumeGuid =3D { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0= xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } } =20 + ## DXE Memory Protection Settings Guid. Used to create and fetch the DXE= memory protection settings HOB entry. + # + # Include/Guid/DxeMemoryProtectionSettings + gDxeMemoryProtectionSettingsGuid =3D { 0x9ABFD639, 0xD1D0, 0x4EFF, { 0xB= D, 0xB6, 0x7E, 0xC4, 0x19, 0x0D, 0x17, 0xD5 }} + + ## SMM Memory Protection Settings Guid. Used to create and fetch the SMM= memory protection settings HOB entry. + # + # Include/Guid/MmMemoryProtectionSettings + gMmMemoryProtectionSettingsGuid =3D { 0x0CF445DD, 0xA67C, 0x4F8C, { 0x81= , 0x9B, 0xB7, 0xB6, 0x86, 0xED, 0x7C, 0x75 }} + ## Used (similar to Variable Services) to communicate policies to the en= forcement engine. # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB} gVarCheckPolicyLibMmiHandlerGuid =3D { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9= d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }} --=20 2.36.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105987): https://edk2.groups.io/g/devel/message/105987 Mute This Topic: https://groups.io/mt/99437078/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 01:44:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105988+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105988+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1686342394; cv=none; d=zohomail.com; s=zohoarc; b=AiuETWOkBVqMOts74mzlA4Av61g7t59MSaj0U93esfMPbXMN38CiY4AG2Ovx3lDu8Os+R9rDeTPN22glEeHtXcXjMgyUEO/47lZniv3qvWwZt5+zxBeaN7EEiVOGQTS56mbZnWEUjnO/qFjd2ZtVkIDwXIoRJPi2AZ2jNzEjiTs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1686342394; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KuPyODJ+nkZOsm7kFg1+RtF7hQc14Z+83pKfMqFNKKo=; b=HHpfCKxOr3CEDokouaxIJSdLvrchOzNdySJxkf08qZWihukr9pjpc5+L3BZbsZ0tmtGUyDqhlNnqcpzycvQJq+Q5iBXQ0waQbcECjTErEh4S7VIyP9b+p4TsnNMVBPFIUJ0cXm+2Ax8smTyRVCbNNeS0rOYfm9n7BE/IiriUKzY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105988+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1686342394980894.0782927027001; Fri, 9 Jun 2023 13:26:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xk2KYY1788612xpvjMehsodZ; Fri, 09 Jun 2023 13:26:34 -0700 X-Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.4852.1686342393938174145 for ; Fri, 09 Jun 2023 13:26:34 -0700 X-Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1b075e13a5eso11321615ad.3 for ; Fri, 09 Jun 2023 13:26:33 -0700 (PDT) X-Gm-Message-State: mNtHNDBI354zCQCSsigUh17cx1787277AA= X-Google-Smtp-Source: ACHHUZ6aIccLH5NGUDk1Esq3+aYZxPasmqz/kMlBI4zY0gvE7ThHYt0coTaiV/plS1ZJValq8vrqTA== X-Received: by 2002:a17:903:1109:b0:1b0:2d08:eb51 with SMTP id n9-20020a170903110900b001b02d08eb51mr2543481plh.12.1686342393295; Fri, 09 Jun 2023 13:26:33 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jun 2023 13:26:33 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Taylor Beebe , Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v1 2/3] MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs Date: Fri, 9 Jun 2023 13:26:00 -0700 Message-Id: <20230609202601.1153-3-t@taylorbeebe.com> In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com> References: <20230609202601.1153-1-t@taylorbeebe.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,t@taylorbeebe.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1686342394; bh=HWS4Raynmk87nZxVZjy8FqAzPFoFfotEosDwBD+zxFg=; h=Cc:Date:From:Reply-To:Subject:To; b=o5jsV258gLw4DKL5dv0jAowZu3/io15oUTZ1yRxXJtDRknChX6Iv/66/ZPaydwrCFzN nteCqAfFzF0dkqSNDTauyVez45UQ0iddY4RsJ8U6+a2S2t7KCNqRfIslppS6yU2//C69U LovMY/QSVKeHIHPtJMMeBNnAV0HKXs4QLAY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1686342395984100001 Content-Type: text/plain; charset="utf-8" DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch the memory protection settings HOB entry for their respective phase, validate the settings, and populate a global for access. Memory protection settings are currently dictated via FixedAtBuild PCDs where the settings needed to be masked. A future patch series will replace instances of checking the PCDs with checks to the memory protection globals populated by MemoryProtectionHobLib. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibN= ull.c | 33 ++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNu= ll.c | 33 ++++++++++++++++++ MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h = | 36 ++++++++++++++++++++ MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h = | 36 ++++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibN= ull.inf | 25 ++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNu= ll.inf | 26 ++++++++++++++ MdeModulePkg/MdeModulePkg.dec = | 8 +++++ MdeModulePkg/MdeModulePkg.dsc = | 8 +++++ 8 files changed, 205 insertions(+) diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProte= ctionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemo= ryProtectionHobLibNull.c new file mode 100644 index 000000000000..4f0191d04974 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHo= bLibNull.c @@ -0,0 +1,33 @@ +/** @file +Library defines the gDxeMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include + +// According to the C Specification, a global variable +// which is uninitialized will be zero. The net effect +// is memory protections will be OFF. +DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtec= tionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemory= ProtectionHobLibNull.c new file mode 100644 index 000000000000..c62c9d772063 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHob= LibNull.c @@ -0,0 +1,33 @@ +/** @file +Library defines the gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include + +// According to the C Specification, a global variable +// which is uninitialized will be zero. The net effect +// is memory protections will be OFF. +MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/Mde= ModulePkg/Include/Library/DxeMemoryProtectionHobLib.h new file mode 100644 index 000000000000..4f49a00a8683 --- /dev/null +++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h @@ -0,0 +1,36 @@ +/** @file + +Library for controlling hob-backed memory protection settings + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ +#define DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ + +#include + +// +// The global used to access current Memory Protection Settings +// +extern DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ); + +#endif diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeM= odulePkg/Include/Library/MmMemoryProtectionHobLib.h new file mode 100644 index 000000000000..efeaa9fd55aa --- /dev/null +++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h @@ -0,0 +1,36 @@ +/** @file + +Library for controlling hob-backed memory protection settings + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ +#define MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ + +#include + +// +// The global used to access current Memory Protection Settings +// +extern MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ); + +#endif diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProte= ctionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMe= moryProtectionHobLibNull.inf new file mode 100644 index 000000000000..6a3166a23b46 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHo= bLibNull.inf @@ -0,0 +1,25 @@ +## @file +# NULL library which defines gDxeMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D DxeMemoryProtectionHobLibNull + FILE_GUID =3D a35c1dc1-0769-421b-a8bc-9db69fae4334 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D DxeMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + DxeMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtec= tionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemo= ryProtectionHobLibNull.inf new file mode 100644 index 000000000000..61f50921ee04 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHob= LibNull.inf @@ -0,0 +1,26 @@ +## @file +# NULL library which defines gMmMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D MmMemoryProtectionHobLibNull + FILE_GUID =3D 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MmMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + MmMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 89001f217ed1..50dae9180d2b 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -164,6 +164,14 @@ [LibraryClasses] # VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h =20 + ## @libraryclass Provides a way to toggle DXE memory protection settings + # + DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h + + ## @libraryclass Provides a way to toggle SMM memory protection settings + # + MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h + [Guids] ## MdeModule package token space guid # Include/Guid/MdeModulePkgTokenSpace.h diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 5b1f50e9c084..ab6848dc934b 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -107,6 +107,12 @@ [LibraryClasses] VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseV= ariableFlashInfoLib.inf IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiComma= ndLibNull.inf =20 +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, Library= Classes.common.UEFI_APPLICATION] + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNul= l/DxeMemoryProtectionHobLibNull.inf + +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, Lib= raryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE] + MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull= /MmMemoryProtectionHobLibNull.inf + [LibraryClasses.EBC.PEIM] IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf =20 @@ -231,6 +237,8 @@ [Components] MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLi= bNull.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLib= Null.inf MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTa= bleLib.inf MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf --=20 2.36.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105988): https://edk2.groups.io/g/devel/message/105988 Mute This Topic: https://groups.io/mt/99437080/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 01:44:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105989+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105989+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1686342397; cv=none; d=zohomail.com; s=zohoarc; b=YzSP6nMcqCAspmGM5XB/vxAdJ+zlaXLl4RFgv16bbADnnNdCvW4gSnjlr12NMPCPMU+LDgeBcWb/kUF1JlLincweOcgFxemgfFBdgU++stryt4xRb1dzXIN0gEkq+cfZbfevXTT2hPdL4oPK6VxKTWFGZ9EhXv2PcrUyobkgX5w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1686342397; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=0bwczruYjxB3YHbQhTIhFSXvLjN441TkQae3E+BTiS4=; b=iGkL+0+coPXxHa2/yWmeYKZ8FOCInb/XVzXW/EpIyt7c6u8feAPlsNXV9jWOiZLeWrARh1iE6XSDJr1g92LaJy4Dnd5ijZ2w/HG2bByWhPzhFqYu2XN1VW6Y/QPXpZycpsuoZsz0sj+rb8YOKf+Z4LeKW1FYXNrodzLKz4Sgr4k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105989+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1686342397862245.41637739648058; Fri, 9 Jun 2023 13:26:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qhCkYY1788612xAjepQXwRpl; Fri, 09 Jun 2023 13:26:37 -0700 X-Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.4785.1686342396563230431 for ; Fri, 09 Jun 2023 13:26:36 -0700 X-Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1b038064d97so9687395ad.0 for ; Fri, 09 Jun 2023 13:26:36 -0700 (PDT) X-Gm-Message-State: B63MggP9aisStCwzZJ8BJ3Z3x1787277AA= X-Google-Smtp-Source: ACHHUZ5p9DDWC77GhXFQy2PPm+zHxjo/XBA0j8HdqdhTyEOMgApGwAwAT7VvnSpKPwqcrWTw++G/fw== X-Received: by 2002:a17:902:ce87:b0:1b2:4fc1:da47 with SMTP id f7-20020a170902ce8700b001b24fc1da47mr7296447plg.21.1686342395825; Fri, 09 Jun 2023 13:26:35 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jun 2023 13:26:35 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Taylor Beebe , Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v1 3/3] MdeModulePkg: Add Phase-Specific MemoryProtectionHobLib Implementations Date: Fri, 9 Jun 2023 13:26:01 -0700 Message-Id: <20230609202601.1153-4-t@taylorbeebe.com> In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com> References: <20230609202601.1153-1-t@taylorbeebe.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,t@taylorbeebe.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1686342397; bh=I9udinHGtjguZi7lJvBSkrUx9a8WPUsAVSUkJ5nhb/Q=; h=Cc:Date:From:Reply-To:Subject:To; b=gEeFhaQrZ7FQVneh+KEf/ZJg1XOSdFXKynrE2XywXOHT6yyNBhDqmbmwW8r3gCCA1uR x5Hd/DDfJ6vpBK1sA23W0mqeUB/JaSGuc05TIHbp9citke5wv9e3HoHDRx4fMqbQGne9v Kni0zPIZs1/B6SImoGiTBjgANN6l+K1b6WE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1686342400067100007 Content-Type: text/plain; charset="utf-8" Add DXE, SMM, and STANDALONE MM implementations of the MemoryProtectionHobLib. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.c = | 182 ++++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProtectionHobLib= .c | 139 +++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.c = | 37 ++++ MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtectionHo= bLib.c | 37 ++++ MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf = | 34 ++++ MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.inf = | 35 ++++ MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtectionHo= bLib.inf | 36 ++++ MdeModulePkg/MdeModulePkg.dsc = | 3 + 8 files changed, 503 insertions(+) diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectio= nHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtection= HobLib.c new file mode 100644 index 000000000000..fa6137f90eba --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib= .c @@ -0,0 +1,182 @@ +/** @file +Library fills out gDxeMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include + +#include +#include +#include +#include + +DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + switch (MemoryType) { + case EfiReservedMemoryType: + return HeapGuardMemoryType.Fields.EfiReservedMemoryType; + case EfiLoaderCode: + return HeapGuardMemoryType.Fields.EfiLoaderCode; + case EfiLoaderData: + return HeapGuardMemoryType.Fields.EfiLoaderData; + case EfiBootServicesCode: + return HeapGuardMemoryType.Fields.EfiBootServicesCode; + case EfiBootServicesData: + return HeapGuardMemoryType.Fields.EfiBootServicesData; + case EfiRuntimeServicesCode: + return HeapGuardMemoryType.Fields.EfiRuntimeServicesCode; + case EfiRuntimeServicesData: + return HeapGuardMemoryType.Fields.EfiRuntimeServicesData; + case EfiConventionalMemory: + return HeapGuardMemoryType.Fields.EfiConventionalMemory; + case EfiUnusableMemory: + return HeapGuardMemoryType.Fields.EfiUnusableMemory; + case EfiACPIReclaimMemory: + return HeapGuardMemoryType.Fields.EfiACPIReclaimMemory; + case EfiACPIMemoryNVS: + return HeapGuardMemoryType.Fields.EfiACPIMemoryNVS; + case EfiMemoryMappedIO: + return HeapGuardMemoryType.Fields.EfiMemoryMappedIO; + case EfiMemoryMappedIOPortSpace: + return HeapGuardMemoryType.Fields.EfiMemoryMappedIOPortSpace; + case EfiPalCode: + return HeapGuardMemoryType.Fields.EfiPalCode; + case EfiPersistentMemory: + return HeapGuardMemoryType.Fields.EfiPersistentMemory; + default: + return FALSE; + } +} + +/** + This function checks the memory protection settings and provides warning= s of conflicts and/or + potentially unforseen consequences from the settings. This logic will on= ly ever turn off + protections to create consistency, never turn others on. +**/ +VOID +DxeMemoryProtectionSettingsConsistencyCheck ( + VOID + ) +{ + if ((gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled || gDxeMps.HeapGuar= dPolicy.Fields.PageGuardEnabled) && + gDxeMps.HeapGuardPolicy.Fields.FreedMemoryGuardEnabled) + { + DEBUG (( + DEBUG_WARN, + "%a: - HeapGuardPolicy.FreedMemoryGuardEnabled and " + "UEFI HeapGuardPolicy.PoolGuardEnabled/HeapGuardPolicy.PageGuardEnab= led " + "cannot be active at the same time. Setting all three to ZERO in " + "the memory protection settings global.\n", + __func__ + )); + ASSERT ( + !(gDxeMps.HeapGuardPolicy.Fields.FreedMemoryGuardEnabled && + (gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled || gDxeMps.HeapGu= ardPolicy.Fields.PageGuardEnabled)) + ); + gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled =3D 0; + gDxeMps.HeapGuardPolicy.Fields.PageGuardEnabled =3D 0; + gDxeMps.HeapGuardPolicy.Fields.FreedMemoryGuardEnabled =3D 0; + } + + if (gDxeMps.HeapGuardPoolType.Data && + (!(gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled))) + { + DEBUG (( + DEBUG_WARN, + "%a: - Heap Guard Pool protections are active, " + "but neither HeapGuardPolicy.PoolGuardEnabled nor " + "HeapGuardPolicy.PoolGuardEnabled are active.\n", + __func__ + )); + } + + if (gDxeMps.HeapGuardPageType.Data && + (!(gDxeMps.HeapGuardPolicy.Fields.PageGuardEnabled))) + { + DEBUG (( + DEBUG_WARN, + "%a: - Heap Guard Page protections are active, " + "but neither HeapGuardPolicy.PageGuardEnabled nor " + "HeapGuardPolicy.PageGuardEnabled are active.\n", + __func__ + )); + } + + if (gDxeMps.NxProtectionPolicy.Fields.EfiBootServicesData !=3D gDxeMps.N= xProtectionPolicy.Fields.EfiConventionalMemory) { + DEBUG (( + DEBUG_WARN, + "%a: - NxProtectionPolicy.EfiBootServicesData " + "and NxProtectionPolicy.EfiConventionalMemory must have the same val= ue. " + "Setting both to ZERO in the memory protection settings global.\n", + __func__ + )); + ASSERT ( + gDxeMps.NxProtectionPolicy.Fields.EfiBootServicesData =3D=3D + gDxeMps.NxProtectionPolicy.Fields.EfiConventionalMemory + ); + gDxeMps.NxProtectionPolicy.Fields.EfiBootServicesData =3D 0; + gDxeMps.NxProtectionPolicy.Fields.EfiConventionalMemory =3D 0; + } +} + +/** + Populates gDxeMps global with the data present in the HOB. If the HOB en= try does not exist, + this constructor will zero the memory protection settings. + + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +EFI_STATUS +EFIAPI +DxeMemoryProtectionHobLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + VOID *Ptr; + + Ptr =3D GetFirstGuidHob (&gDxeMemoryProtectionSettingsGuid); + + // + // Cache the Memory Protection Settings HOB entry + // + if (Ptr !=3D NULL) { + if (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) !=3D (UINT8)DXE_MEMORY_PROTECT= ION_SETTINGS_CURRENT_VERSION) { + DEBUG (( + DEBUG_ERROR, + "%a: - Version number of the Memory Protection Settings HOB is inv= alid!\n", + __func__ + )); + ASSERT (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) =3D=3D (UINT8)DXE_MEMORY= _PROTECTION_SETTINGS_CURRENT_VERSION); + ZeroMem (&gDxeMps, sizeof (gDxeMps)); + return EFI_SUCCESS; + } + + CopyMem (&gDxeMps, GET_GUID_HOB_DATA (Ptr), sizeof (DXE_MEMORY_PROTECT= ION_SETTINGS)); + DxeMemoryProtectionSettingsConsistencyCheck (); + } + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProt= ectionHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemory= ProtectionHobLib.c new file mode 100644 index 000000000000..c546a943a515 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProtectionH= obLib.c @@ -0,0 +1,139 @@ +/** @file +Library fills out gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include + +#include +#include +#include +#include + +MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + switch (MemoryType) { + case EfiReservedMemoryType: + return HeapGuardMemoryType.Fields.EfiReservedMemoryType; + case EfiLoaderCode: + return HeapGuardMemoryType.Fields.EfiLoaderCode; + case EfiLoaderData: + return HeapGuardMemoryType.Fields.EfiLoaderData; + case EfiBootServicesCode: + return HeapGuardMemoryType.Fields.EfiBootServicesCode; + case EfiBootServicesData: + return HeapGuardMemoryType.Fields.EfiBootServicesData; + case EfiRuntimeServicesCode: + return HeapGuardMemoryType.Fields.EfiRuntimeServicesCode; + case EfiRuntimeServicesData: + return HeapGuardMemoryType.Fields.EfiRuntimeServicesData; + case EfiConventionalMemory: + return HeapGuardMemoryType.Fields.EfiConventionalMemory; + case EfiUnusableMemory: + return HeapGuardMemoryType.Fields.EfiUnusableMemory; + case EfiACPIReclaimMemory: + return HeapGuardMemoryType.Fields.EfiACPIReclaimMemory; + case EfiACPIMemoryNVS: + return HeapGuardMemoryType.Fields.EfiACPIMemoryNVS; + case EfiMemoryMappedIO: + return HeapGuardMemoryType.Fields.EfiMemoryMappedIO; + case EfiMemoryMappedIOPortSpace: + return HeapGuardMemoryType.Fields.EfiMemoryMappedIOPortSpace; + case EfiPalCode: + return HeapGuardMemoryType.Fields.EfiPalCode; + case EfiPersistentMemory: + return HeapGuardMemoryType.Fields.EfiPersistentMemory; + default: + return FALSE; + } +} + +/** + This function checks the memory protection settings and provides warning= s of conflicts and/or + potentially unforseen consequences from the settings. This logic will on= ly ever turn off + protections to create consistency, never turn others on. +**/ +VOID +MmMemoryProtectionSettingsConsistencyCheck ( + VOID + ) +{ + if (gMmMps.HeapGuardPoolType.Data && + (!(gMmMps.HeapGuardPolicy.Fields.PoolGuardEnabled))) + { + DEBUG (( + DEBUG_WARN, + "%a: - Bits set in gMmMps.HeapGuardPoolType, but gMmMps.HeapGuardPol= icy.Fields.PoolGuardEnabled is inactive. " + "No pool guards will be set.\n", + __func__ + )); + } + + if (gMmMps.HeapGuardPageType.Data && + (!(gMmMps.HeapGuardPolicy.Fields.PageGuardEnabled))) + { + DEBUG (( + DEBUG_WARN, + "%a: - Bits are set in gMmMps.HeapGuardPageType, but gMmMps.HeapGuar= dPolicy.Fields.PageGuardEnabled is inactive. " + "No page guards will be set.\n", + __func__ + )); + } +} + +/** + Abstraction layer for library constructor of Standalone MM and SMM insta= nces. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +EFI_STATUS +EFIAPI +MmMemoryProtectionHobLibConstructorCommon ( + VOID + ) +{ + VOID *Ptr; + + Ptr =3D GetFirstGuidHob (&gMmMemoryProtectionSettingsGuid); + + // + // Cache the Memory Protection Settings HOB entry + // + if (Ptr !=3D NULL) { + if (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) !=3D (UINT8)MM_MEMORY_PROTECTI= ON_SETTINGS_CURRENT_VERSION) { + DEBUG (( + DEBUG_ERROR, + "%a: - Version number of the Memory Protection Settings HOB is inv= alid!\n", + __func__ + )); + ASSERT (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) =3D=3D (UINT8)MM_MEMORY_= PROTECTION_SETTINGS_CURRENT_VERSION); + ZeroMem (&gMmMps, sizeof (gMmMps)); + return EFI_SUCCESS; + } + + CopyMem (&gMmMps, GET_GUID_HOB_DATA (Ptr), sizeof (MM_MEMORY_PROTECTIO= N_SETTINGS)); + MmMemoryProtectionSettingsConsistencyCheck (); + } + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectio= nHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtection= HobLib.c new file mode 100644 index 000000000000..fffc90a7215c --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib= .c @@ -0,0 +1,37 @@ +/** @file +Library fills out gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +/** + Abstraction layer for library constructor of Standalone MM and SMM insta= nces. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +EFI_STATUS +EFIAPI +MmMemoryProtectionHobLibConstructorCommon ( + VOID + ); + +/** + Library constructor of SMM instance. + + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +EFI_STATUS +EFIAPI +SmmMemoryProtectionHobLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return MmMemoryProtectionHobLibConstructorCommon (); +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemory= ProtectionHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/Standalone= MmMemoryProtectionHobLib.c new file mode 100644 index 000000000000..3fd8b9f2593d --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtect= ionHobLib.c @@ -0,0 +1,37 @@ +/** @file +Library fills out gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +/** + Abstraction layer for library constructor of Standalone MM and SMM insta= nces. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +EFI_STATUS +EFIAPI +MmMemoryProtectionHobLibConstructorCommon ( + VOID + ); + +/** + Library constructor of Standalone MM instance. + + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. + @param[in] SystemTable A pointer to the EFI MM System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +EFI_STATUS +EFIAPI +StandaloneMmMemoryProtectionHobLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return MmMemoryProtectionHobLibConstructorCommon (); +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectio= nHobLib.inf b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtecti= onHobLib.inf new file mode 100644 index 000000000000..57ca55446b81 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib= .inf @@ -0,0 +1,34 @@ +## @file +# DXE library instance to support platform-specific global controls for al= l memory protections. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D DxeMemoryProtectionHobLib + FILE_GUID =3D f497f7de-b9ab-4b9f-807e-89778922542d + MODULE_TYPE =3D UEFI_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D DxeMemoryProtectionHobLib|DXE_DRIVER = DXE_CORE UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR =3D DxeMemoryProtectionHobLibConstructor + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + DxeMemoryProtectionHobLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + HobLib + DebugLib + BaseMemoryLib + +[Guids] + gDxeMemoryProtectionSettingsGuid diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectio= nHobLib.inf b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtecti= onHobLib.inf new file mode 100644 index 000000000000..4651158bd405 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib= .inf @@ -0,0 +1,35 @@ +## @file +# SMM library instance to support platform-specific global controls for al= l memory protections. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SmmMemoryProtectionHobLib + FILE_GUID =3D dc9666f4-917f-400d-8026-2b3beeeff195 + MODULE_TYPE =3D DXE_SMM_DRIVER + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MmMemoryProtectionHobLib|SMM_CORE DXE= _SMM_DRIVER + CONSTRUCTOR =3D SmmMemoryProtectionHobLibConstructor + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + MmCommonMemoryProtectionHobLib.c + SmmMemoryProtectionHobLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + HobLib + DebugLib + BaseMemoryLib + +[Guids] + gMmMemoryProtectionSettingsGuid diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemory= ProtectionHobLib.inf b/MdeModulePkg/Library/MemoryProtectionHobLib/Standalo= neMmMemoryProtectionHobLib.inf new file mode 100644 index 000000000000..3cadb5ec6e9a --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtect= ionHobLib.inf @@ -0,0 +1,36 @@ +## @file +# SMM library instance to support platform-specific global controls for al= l memory protections. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D StandaloneMmMemoryProtectionHobLib + FILE_GUID =3D C0A0D9C4-A249-483A-86EA-D73146D397B3 + MODULE_TYPE =3D MM_CORE_STANDALONE + PI_SPECIFICATION_VERSION =3D 0x00010032 + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MmMemoryProtectionHobLib|MM_CORE_STAN= DALONE MM_STANDALONE + CONSTRUCTOR =3D StandaloneMmMemoryProtectionHobLibCon= structor + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + MmCommonMemoryProtectionHobLib.c + StandaloneMmMemoryProtectionHobLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + HobLib + DebugLib + BaseMemoryLib + +[Guids] + gMmMemoryProtectionSettingsGuid diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index ab6848dc934b..bad4318771f9 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -237,6 +237,9 @@ [Components] MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf + MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.inf + MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtection= HobLib.inf MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLi= bNull.inf MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLib= Null.inf MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf --=20 2.36.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105989): https://edk2.groups.io/g/devel/message/105989 Mute This Topic: https://groups.io/mt/99437081/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-