From nobody Sun Feb 8 17:21:12 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+108875+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+108875+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1695171495; cv=none; d=zohomail.com; s=zohoarc; b=FZZ8zW9OL6IQBQnEUcIGOIstMFwhOykWbIarPVnH70P3SrI47ynOzxLC4NaAkIBWxwqqg8UriYbpJDp9cXpRNwyrokzY1/0T1ISLV8imKq37RbhVWQDJKseUDgNbIUu9V67uep/Ur6FIw+Yccca1QtQaRMpUOJkiXGpHixUxCe8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1695171495; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=vRhKWmgTYCC0+IRjzN6SsUmfaKS25+nctjsPXEIng8o=; b=ljogxi/ug2LYncVCeVmqnXRs5rcEVeIOFO+R6+jqNOqS/bgBe9h3zqGY9jsPU7lQL2vEwEszP5tzv1JZ+qwJLtDfXX3ExjGVZQnpgBLE3aVgMjO6rdYlEs+a7+PMRuJUeCcw+F4C0Aiq9o9RCRcikeS9j2lALoqrYKJJkcOlxO0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+108875+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1695171495671948.8466688448289; Tue, 19 Sep 2023 17:58:15 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=gJs5+RqHnKipBAZFCVWr/DnoqKKV09cmPd5+V555VTk=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1695171495; v=1; b=Eo/VYPiKbLojGzBm60oiFwRIlcnimGv6ZDu7zVt0bnTFB6RulSJk8zBH9v2Ib0G0D8GKaomZ qHhMYBS58XYlw21L7tISb/mulz9inloyrd5iQLZRhdA7p5mBHbxWCV0CcOV24+10zsAZQY/hXCv lD4mC78mNNIAuQjTnefvDcCA= X-Received: by 127.0.0.2 with SMTP id TcucYY1788612xVF2bQU5662; Tue, 19 Sep 2023 17:58:15 -0700 X-Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.26924.1695171494706258413 for ; Tue, 19 Sep 2023 17:58:14 -0700 X-Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1bdf4752c3cso46660195ad.2 for ; Tue, 19 Sep 2023 17:58:14 -0700 (PDT) X-Gm-Message-State: SCVEOlCH9FOUslFavTjqsqTvx1787277AA= X-Google-Smtp-Source: AGHT+IEdZuatUOvTMeUm0uAVM07Feg88gnPUfUZCdTbN0EFdT7/lXzVX29jjWrhKCYVNMlWEfCLFuQ== X-Received: by 2002:a17:903:246:b0:1c3:3363:8aea with SMTP id j6-20020a170903024600b001c333638aeamr987165plh.61.1695171493925; Tue, 19 Sep 2023 17:58:13 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id 13-20020a170902c24d00b001bb988ac243sm10563576plg.297.2023.09.19.17.58.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 17:58:13 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Guo Dong , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH v4 13/28] UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib Date: Tue, 19 Sep 2023 17:57:36 -0700 Message-ID: <20230920005752.2041-14-taylor.d.beebe@gmail.com> In-Reply-To: <20230920005752.2041-1-taylor.d.beebe@gmail.com> References: <20230920005752.2041-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1695171496085100051 Content-Type: text/plain; charset="utf-8" Update the DXE handoff logic in UefiPayloadPkg to use SetMemoryProtectionsLib to fetch the platform memory protection settings and reference them when creating the page tables. Because the protection profile is equivalent to the PCD settings even when the platform does not explicitly set a profile, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Guo Dong Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo --- UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c | 11 +++++++++-- UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 ++ UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c | 8 ++++++-- UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c | 15 +++++++++--= ---- UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 1 + UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf | 9 +-------- UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf | 9 +-------- UefiPayloadPkg/UefiPayloadPkg.dsc | 12 ++++++++++++ 8 files changed, 41 insertions(+), 26 deletions(-) diff --git a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c b/UefiPaylo= adPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c index 61a9f01ec9e7..4ede962e6544 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c +++ b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c @@ -78,6 +78,8 @@ GLOBAL_REMOVE_IF_UNREFERENCED IA32_DESCRIPTOR gLidtDesc= riptor =3D { 0 }; =20 +extern MEMORY_PROTECTION_SETTINGS mMps; + /** Allocates and fills in the Page Directory and Page Table Entries to establish a 4G page table. @@ -227,11 +229,14 @@ ToBuildPageTable ( return TRUE; } =20 - if (PcdGet8 (PcdHeapGuardPropertyMask) !=3D 0) { + if (mMps.Dxe.HeapGuard.PageGuardEnabled || + mMps.Dxe.HeapGuard.PageGuardEnabled || + mMps.Dxe.HeapGuard.FreedMemoryGuardEnabled) + { return TRUE; } =20 - if (PcdGetBool (PcdCpuStackGuard)) { + if (mMps.Dxe.CpuStackGuardEnabled) { return TRUE; } =20 @@ -268,6 +273,8 @@ HandOffToDxeCore ( UINT32 Index; X64_IDT_TABLE *IdtTableForX64; =20 + GetCurrentMemoryProtectionSettings (&mMps); + // // Clear page 0 and mark it as allocated if NULL pointer detection is en= abled. // diff --git a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c b/UefiPayloadPkg= /UefiPayloadEntry/LoadDxeCore.c index 898d610951fa..a4074346c059 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c +++ b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c @@ -8,6 +8,8 @@ =20 #include "UefiPayloadEntry.h" =20 +MEMORY_PROTECTION_SETTINGS mMps =3D { 0 }; + /** Allocate pages for code. =20 diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c b/UefiPayloa= dPkg/UefiPayloadEntry/X64/DxeLoadFunc.c index 346e3feb0459..002ae6e5ab97 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c +++ b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c @@ -17,6 +17,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "UefiPayloadEntry.h" #define STACK_SIZE 0x20000 =20 +extern MEMORY_PROTECTION_SETTINGS mMps; + /** Transfers control to DxeCore. =20 @@ -40,6 +42,8 @@ HandOffToDxeCore ( VOID *GhcbBase; UINTN GhcbSize; =20 + GetCurrentMemoryProtectionSettings (&mMps); + // // Clear page 0 and mark it as allocated if NULL pointer detection is en= abled. // @@ -83,8 +87,8 @@ HandOffToDxeCore ( // Set NX for stack feature also require PcdDxeIplBuildPageTables be T= RUE // for the DxeIpl and the DxeCore are both X64. // - ASSERT (PcdGetBool (PcdSetNxForStack) =3D=3D FALSE); - ASSERT (PcdGetBool (PcdCpuStackGuard) =3D=3D FALSE); + ASSERT (!mMps.Dxe.StackExecutionProtectionEnabled); + ASSERT (!mMps.Dxe.CpuStackGuardEnabled); } =20 if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c b/UefiPayl= oadPkg/UefiPayloadEntry/X64/VirtualMemory.c index 1899404b244c..6a986c82cc4b 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c +++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c @@ -27,11 +27,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include #include #include "VirtualMemory.h" =20 +extern MEMORY_PROTECTION_SETTINGS mMps; + // // Global variable to keep track current available memory used as page tab= le. // @@ -115,7 +118,7 @@ IsNullDetectionEnabled ( VOID ) { - return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) !=3D 0); + return mMps.Dxe.NullPointerDetection.Enabled; } =20 /** @@ -169,9 +172,9 @@ IsEnableNonExecNeeded ( // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is= set. // Features controlled by Following PCDs need this feature to be enabled. // - return (PcdGetBool (PcdSetNxForStack) || - PcdGet64 (PcdDxeNxMemoryProtectionPolicy) !=3D 0 || - PcdGet32 (PcdImageProtectionPolicy) !=3D 0); + return (mMps.Dxe.StackExecutionProtectionEnabled || + !IsZeroBuffer (&mMps.Dxe.ExecutionProtection.EnabledForType, MPS= _MEMORY_TYPE_BUFFER_SIZE) || + (mMps.Dxe.ImageProtection.ProtectImageFromFv || mMps.Dxe.ImagePr= otection.ProtectImageFromUnknown)); } =20 /** @@ -399,14 +402,14 @@ Split2MPageTo4K ( PageTableEntry->Bits.ReadWrite =3D 1; =20 if ((IsNullDetectionEnabled () && (PhysicalAddress4K =3D=3D 0)) || - (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K =3D=3D StackB= ase))) + (mMps.Dxe.CpuStackGuardEnabled && (PhysicalAddress4K =3D=3D StackB= ase))) { PageTableEntry->Bits.Present =3D 0; } else { PageTableEntry->Bits.Present =3D 1; } =20 - if ( PcdGetBool (PcdSetNxForStack) + if ( mMps.Dxe.StackExecutionProtectionEnabled && (PhysicalAddress4K >=3D StackBase) && (PhysicalAddress4K < StackBase + StackSize)) { diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h b/UefiPaylo= adPkg/UefiPayloadEntry/UefiPayloadEntry.h index ad8a9fd22b66..c966f3583c77 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h +++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h @@ -13,6 +13,7 @@ =20 #include #include +#include #include #include #include diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf b/UefiPay= loadPkg/UefiPayloadEntry/UefiPayloadEntry.inf index e2af8a4b7c1b..589dd9d3a99c 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf +++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf @@ -55,6 +55,7 @@ [LibraryClasses] PeCoffLib PlatformSupportLib CpuLib + SetMemoryProtectionsLib =20 [Guids] gEfiMemoryTypeInformationGuid @@ -76,9 +77,6 @@ [FeaturePcd.X64] [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 @@ -91,8 +89,3 @@ [Pcd.IA32,Pcd.X64] gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode - - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES - diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf b/Ue= fiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf index 5112cdc1e5df..3e99011e0ac6 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf +++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf @@ -53,6 +53,7 @@ [LibraryClasses] HobLib PeCoffLib CpuLib + SetMemoryProtectionsLib =20 [Guids] gEfiMemoryTypeInformationGuid @@ -81,17 +82,9 @@ [Pcd.IA32,Pcd.X64] gUefiPayloadPkgTokenSpaceGuid.PcdPcdDriverFile gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize gUefiPayloadPkgTokenSpaceGuid.PcdSystemMemoryUefiRegionSize - - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES - diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index 47812048ddcf..b00d75ba08db 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -312,6 +312,18 @@ [LibraryClasses] CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf =20 +# +# Memory Protection Libraries +# +[LibraryClasses.common] + SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/Set= MemoryProtectionsLib.inf + +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER] + GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmG= etMemoryProtectionsLib.inf + +[LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, Library= Classes.common.UEFI_APPLICATION, LibraryClasses.common.UEFI_DRIVER] + GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/Dxe= GetMemoryProtectionsLib.inf + [LibraryClasses.common] !if $(BOOTSPLASH_IMAGE) SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf --=20 2.42.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108875): https://edk2.groups.io/g/devel/message/108875 Mute This Topic: https://groups.io/mt/101469951/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-