1. Patchew
  2. EDK2
  3. [edk2-devel] [Patch V5 00/14] Use CpuPageTableLib to create and update smm page table
  4. View patch

[edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page

duntan posted 14 patches 2 years, 8 months ago
There is a newer version of this series
[edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page
Posted by duntan 2 years, 8 months ago 
Remove RO and NX protection when unset guard page.
When UnsetGuardPage(), remove all the memory attribute protection
for guarded page.

Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
index 8f3bab6fee..7daeeccf13 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
@@ -553,7 +553,7 @@ UnsetGuardPage (
                                          mSmmMemoryAttribute,
                                          BaseAddress,
                                          EFI_PAGE_SIZE,
-                                         EFI_MEMORY_RP
+                                         EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
                                          );
     ASSERT_EFI_ERROR (Status);
     mOnGuarding = FALSE;
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105895): https://edk2.groups.io/g/devel/message/105895
Mute This Topic: https://groups.io/mt/99399226/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page
Posted by Ard Biesheuvel 2 years, 8 months ago 
On Thu, 8 Jun 2023 at 04:28, duntan <dun.tan@intel.com> wrote:
>
> Remove RO and NX protection when unset guard page.
> When UnsetGuardPage(), remove all the memory attribute protection
> for guarded page.
>

Why is it acceptable to remove NX protections here?


> Signed-off-by: Dun Tan <dun.tan@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> index 8f3bab6fee..7daeeccf13 100644
> --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> @@ -553,7 +553,7 @@ UnsetGuardPage (
>                                           mSmmMemoryAttribute,
>                                           BaseAddress,
>                                           EFI_PAGE_SIZE,
> -                                         EFI_MEMORY_RP
> +                                         EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
>                                           );
>      ASSERT_EFI_ERROR (Status);
>      mOnGuarding = FALSE;
> --
> 2.31.1.windows.1
>
>
>
> 
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105932): https://edk2.groups.io/g/devel/message/105932
Mute This Topic: https://groups.io/mt/99399226/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page
Posted by duntan 2 years, 8 months ago 
Hi Ard,
Thanks for your question. This patch does cause a difference that NX protections maybe removed for some EfiConventionalMemory in SMRAM after SmmReadyToLock.

Before SmmReadyToLock, EfiConventionalMemory in SMRAM is always RW and executable.
When SmmReadyToLock, SetMemMapAttributes() in PiSmmCpuDxe driver applies EFI_MEMORY_XP  for EfiConventionalMemory in SMRAM.
With this patch, after SmmReadyToLock, if AllocatePage() and FreePage() is called and HeapGuard is enabled for smm, the guarded page(when ungarded) is marked as executable.

To solve this issue, I'll add code to apply EFI_MEMORY_XP to the guarded page to be freed in UnsetGuardPage() if it happens after SmmReadyToLock. Will send the V6 patch.

Thanks,
Dun

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
Sent: Thursday, June 8, 2023 8:18 PM
To: devel@edk2.groups.io; Tan, Dun <dun.tan@intel.com>
Cc: Gao, Liming <gaoliming@byosoft.com.cn>; Ni, Ray <ray.ni@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page

On Thu, 8 Jun 2023 at 04:28, duntan <dun.tan@intel.com> wrote:
>
> Remove RO and NX protection when unset guard page.
> When UnsetGuardPage(), remove all the memory attribute protection for 
> guarded page.
>

Why is it acceptable to remove NX protections here?


> Signed-off-by: Dun Tan <dun.tan@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c 
> b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> index 8f3bab6fee..7daeeccf13 100644
> --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> @@ -553,7 +553,7 @@ UnsetGuardPage (
>                                           mSmmMemoryAttribute,
>                                           BaseAddress,
>                                           EFI_PAGE_SIZE,
> -                                         EFI_MEMORY_RP
> +                                         
> + EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
>                                           );
>      ASSERT_EFI_ERROR (Status);
>      mOnGuarding = FALSE;
> --
> 2.31.1.windows.1
>
>
>
> 
>
>







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105967): https://edk2.groups.io/g/devel/message/105967
Mute This Topic: https://groups.io/mt/99399226/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page
Posted by Ni, Ray 2 years, 8 months ago 
Reviewed-by: Ray Ni <ray.ni@intel.com>

> -----Original Message-----
> From: Tan, Dun <dun.tan@intel.com>
> Sent: Thursday, June 8, 2023 10:28 AM
> To: devel@edk2.groups.io
> Cc: Gao, Liming <gaoliming@byosoft.com.cn>; Ni, Ray <ray.ni@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>
> Subject: [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection
> when unset guard page
> 
> Remove RO and NX protection when unset guard page.
> When UnsetGuardPage(), remove all the memory attribute protection
> for guarded page.
> 
> Signed-off-by: Dun Tan <dun.tan@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> index 8f3bab6fee..7daeeccf13 100644
> --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> @@ -553,7 +553,7 @@ UnsetGuardPage (
>                                           mSmmMemoryAttribute,
>                                           BaseAddress,
>                                           EFI_PAGE_SIZE,
> -                                         EFI_MEMORY_RP
> +                                         EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
>                                           );
>      ASSERT_EFI_ERROR (Status);
>      mOnGuarding = FALSE;
> --
> 2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105921): https://edk2.groups.io/g/devel/message/105921
Mute This Topic: https://groups.io/mt/99399226/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/xyzzy [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.