1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH v3 00/26] Implement Dynamic Memory Protections
  4. View patch

[edk2-devel] [PATCH v3 12/26] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib

Taylor Beebe posted 26 patches 2 years, 5 months ago
[edk2-devel] [PATCH v3 12/26] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib
Posted by Taylor Beebe 2 years, 5 months ago 
This patch updates the DXE Handoff in PEI-less Startup to use
SetMemoryProtectionsLib to get the platform memory protection settings
and build the page tables based on the applied protections.

Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
 OvmfPkg/Library/PeilessStartupLib/DxeLoad.c             |  6 +++++-
 OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c   | 13 ++++++++-----
 OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf |  4 ----
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c b/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c
index d34690eb8a0b..f8ff53876369 100644
--- a/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c
+++ b/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c
@@ -20,9 +20,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/PrePiLib.h>
 #include "X64/PageTables.h"
 #include <Library/ReportStatusCodeLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
 
 #define STACK_SIZE  0x20000
-extern EFI_GUID  gEfiNonCcFvGuid;
+extern EFI_GUID             gEfiNonCcFvGuid;
+MEMORY_PROTECTION_SETTINGS  mMps = { 0 };
 
 /**
    Transfers control to DxeCore.
@@ -42,6 +44,8 @@ HandOffToDxeCore (
   VOID   *TopOfStack;
   UINTN  PageTables;
 
+  GetCurrentMemoryProtectionSettings (&mMps);
+
   //
   // Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
   //
diff --git a/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c b/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c
index e2c1bac5e059..41521e3d3d71 100644
--- a/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c
+++ b/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/PcdLib.h>
 #include <Guid/MemoryTypeInformation.h>
 #include <Guid/MemoryAllocationHob.h>
+#include <Library/SetMemoryProtectionsLib.h>
 #include <Register/Intel/Cpuid.h>
 #include <Library/PlatformInitLib.h>
 #include "PageTables.h"
@@ -45,6 +46,8 @@ UINT64  mLevelSize[5] = {
   SIZE_512GB
 };
 
+extern MEMORY_PROTECTION_SETTINGS  mMps;
+
 BOOLEAN
 IsSetNxForStack (
   VOID
@@ -142,7 +145,7 @@ IsNullDetectionEnabled (
   VOID
   )
 {
-  return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
+  return mMps.Dxe.NullPointerDetection.Enabled;
 }
 
 /**
@@ -197,8 +200,8 @@ IsEnableNonExecNeeded (
   // Features controlled by Following PCDs need this feature to be enabled.
   //
   return (IsSetNxForStack () ||
-          FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
-          PcdGet32 (PcdImageProtectionPolicy) != 0);
+          !IsZeroBuffer (&mMps.Dxe.ExecutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) ||
+          (mMps.Dxe.ImageProtection.ProtectImageFromFv || mMps.Dxe.ImageProtection.ProtectImageFromUnknown));
 }
 
 /**
@@ -241,7 +244,7 @@ ToSplitPageTable (
     return TRUE;
   }
 
-  if (FixedPcdGetBool (PcdCpuStackGuard)) {
+  if (mMps.Dxe.CpuStackGuardEnabled) {
     if ((StackBase >= Address) && (StackBase < (Address + Size))) {
       return TRUE;
     }
@@ -427,7 +430,7 @@ Split2MPageTo4K (
     PageTableEntry->Bits.ReadWrite = 1;
 
     if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
-        (FixedPcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
+        (mMps.Dxe.CpuStackGuardEnabled && (PhysicalAddress4K == StackBase)))
     {
       PageTableEntry->Bits.Present = 0;
     } else {
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
index f0a8a5a56df4..47bd42d23d11 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
@@ -77,12 +77,8 @@ [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables       ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard               ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack                       ## CONSUMES
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize
-- 
2.42.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108166): https://edk2.groups.io/g/devel/message/108166
Mute This Topic: https://groups.io/mt/101064084/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.