From nobody Mon Feb 9 11:28:55 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+109419+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+109419+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1696810085; cv=none; d=zohomail.com; s=zohoarc; b=gB6v/5GaCwuBAu+bmmuVDLHDdvSjetom60nGnj2uPN1iRWS2yDBQW2UqYkNA5l5+AIc8MGC6vpdsNbuWSNXRKrq1MKqy1IQwzh1oQcUymnLACPIypU/pYkRTcfvAN6hqXAzJct0jlyVYPWrmZcbLtc5287XrtxNBzvQcuFp0wYY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1696810085; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id; bh=55+0X2yVQvu4zXfJQ+YM5HWdl9CioDADTxFbSbT5bW0=; b=bmax4yE7aOpdYDLF14o0X3kGjJrdUtkl1cLrY3NeXg3DqE4hmbbQgDgbl2qH9DauTV8aHeuWWr7j5BtakK6nWWdcyrjPDGaCHdGdMCJjY2KWw849FhQ4jquE2s7bbLSEz15i1MrxUN3eM7QAFGjx8K/3to+UCKYIvqbjtrX1PHE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+109419+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1696810085605441.4434951512269; Sun, 8 Oct 2023 17:08:05 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=2IssRbfux7GSvaSsSsRRVT9KQq4syw4BVR9CshIaElM=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1696810085; v=1; b=cvVwHiEJFCaFXQ4IT1ecat6APV7rr0HkCn4xg44K5iGmoKjzLvUqiSefqeMy94dBan5LVqof +Gm6pctiecCIC6JhnY0kyGjku+NeEa/WB2TSMaOgU/Ur0c/LbenPOlxppgu03Q4UQIG3/vuv6CD Pqw4vfwPOBkQuFNGC5u3HQqc= X-Received: by 127.0.0.2 with SMTP id k2TXYY1788612xmHUhlbjGIJ; Sun, 08 Oct 2023 17:08:05 -0700 X-Received: from mail-oa1-f45.google.com (mail-oa1-f45.google.com [209.85.160.45]) by mx.groups.io with SMTP id smtpd.web10.50224.1696810084757720855 for ; Sun, 08 Oct 2023 17:08:04 -0700 X-Received: by mail-oa1-f45.google.com with SMTP id 586e51a60fabf-1e19cb7829bso2773376fac.1 for ; Sun, 08 Oct 2023 17:08:04 -0700 (PDT) X-Gm-Message-State: K1GQmPNUqTAPRo8GxV4fMNCNx1787277AA= X-Google-Smtp-Source: AGHT+IG+LxZ155yJh+kX0l/1NwXRgJJhmMWkKUWkkfXTTufrAaf+znjoEP1OKXwvN7pSxy8JPO4DXg== X-Received: by 2002:a05:6870:82a0:b0:1e1:bd91:5a66 with SMTP id q32-20020a05687082a000b001e1bd915a66mr15831566oae.20.1696810083860; Sun, 08 Oct 2023 17:08:03 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id t20-20020a62ea14000000b0068fcc7f6b00sm5048320pfh.74.2023.10.08.17.08.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Oct 2023 17:08:03 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v5 14/28] MdeModulePkg: Update DXE Handoff to use SetMemoryProtectionsLib Date: Sun, 8 Oct 2023 17:07:26 -0700 Message-ID: <20231009000742.1792-15-taylor.d.beebe@gmail.com> In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com> References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1696810086352100054 Content-Type: text/plain; charset="utf-8" Update the DXE handoff logic in MdeModulePkg to use SetMemoryProtectionsLib to fetch the platform memory protection settings and reference them when creating the page tables. Because the protection profile is equivalent to the PCD settings even when the platform does not explicitly set a profile, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 4 +++- MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 ++ MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9 +++++++-- MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 6 ++++-- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 16 ++++++++-------- MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 +++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 11 +---------- 7 files changed, 28 insertions(+), 23 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/= DxeIplPeim/DxeHandoff.c index 60400da3521a..9f7ed2069a46 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c @@ -33,13 +33,15 @@ HandOffToDxeCore ( EFI_STATUS Status; EDKII_MEMORY_ATTRIBUTE_PPI *MemoryPpi; =20 + GetCurrentMemoryProtectionSettings (&mMps); + // // Allocate 128KB for the Stack // BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); ASSERT (BaseOfStack !=3D NULL); =20 - if (PcdGetBool (PcdSetNxForStack)) { + if (mMps.Dxe.StackExecutionProtectionEnabled) { Status =3D PeiServicesLocatePpi ( &gEdkiiMemoryAttributePpiGuid, 0, diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/Dxe= IplPeim/DxeLoad.c index 2c19f1a507ba..0789dbca6ad8 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c @@ -50,6 +50,8 @@ CONST EFI_PEI_NOTIFY_DESCRIPTOR mMemoryDiscoveredNotifyL= ist =3D { InstallIplPermanentMemoryPpis }; =20 +MEMORY_PROTECTION_SETTINGS mMps =3D { 0 }; + /** Entry point of DXE IPL PEIM. =20 diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg= /Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 65e9bdc99ed5..8a9c844450ae 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -219,11 +219,14 @@ ToBuildPageTable ( return TRUE; } =20 - if (PcdGet8 (PcdHeapGuardPropertyMask) !=3D 0) { + if (mMps.Dxe.HeapGuard.PageGuardEnabled || + mMps.Dxe.HeapGuard.PoolGuardEnabled || + mMps.Dxe.HeapGuard.FreedMemoryGuardEnabled) + { return TRUE; } =20 - if (PcdGetBool (PcdCpuStackGuard)) { + if (mMps.Dxe.CpuStackGuardEnabled) { return TRUE; } =20 @@ -265,6 +268,8 @@ HandOffToDxeCore ( EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; BOOLEAN BuildPageTablesIa32Pae; =20 + GetCurrentMemoryProtectionSettings (&mMps); + // // Clear page 0 and mark it as allocated if NULL pointer detection is en= abled. // diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/X64/DxeLoadFunc.c index fa2050cf023a..7e17a963e9ff 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c @@ -36,6 +36,8 @@ HandOffToDxeCore ( VOID *GhcbBase; UINTN GhcbSize; =20 + GetCurrentMemoryProtectionSettings (&mMps); + // // Clear page 0 and mark it as allocated if NULL pointer detection is en= abled. // @@ -104,8 +106,8 @@ HandOffToDxeCore ( // Set NX for stack feature also require PcdDxeIplBuildPageTables be T= RUE // for the DxeIpl and the DxeCore are both X64. // - ASSERT (PcdGetBool (PcdSetNxForStack) =3D=3D FALSE); - ASSERT (PcdGetBool (PcdCpuStackGuard) =3D=3D FALSE); + ASSERT (!mMps.Dxe.StackExecutionProtectionEnabled); + ASSERT (!mMps.Dxe.CpuStackGuardEnabled); } =20 // diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePk= g/Core/DxeIplPeim/X64/VirtualMemory.c index 980c2002d4f5..2c75702d6a25 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -109,7 +109,7 @@ IsNullDetectionEnabled ( VOID ) { - return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) !=3D 0); + return mMps.Dxe.NullPointerDetection.Enabled; } =20 /** @@ -163,9 +163,9 @@ IsEnableNonExecNeeded ( // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is= set. // Features controlled by Following PCDs need this feature to be enabled. // - return (PcdGetBool (PcdSetNxForStack) || - PcdGet64 (PcdDxeNxMemoryProtectionPolicy) !=3D 0 || - PcdGet32 (PcdImageProtectionPolicy) !=3D 0); + return (mMps.Dxe.StackExecutionProtectionEnabled || + !IsZeroBuffer (&mMps.Dxe.ExecutionProtection.EnabledForType, MPS= _MEMORY_TYPE_BUFFER_SIZE) || + mMps.Dxe.ImageProtection.ProtectImageFromFv || mMps.Dxe.ImagePro= tection.ProtectImageFromUnknown); } =20 /** @@ -214,13 +214,13 @@ ToSplitPageTable ( return TRUE; } =20 - if (PcdGetBool (PcdCpuStackGuard)) { + if (mMps.Dxe.CpuStackGuardEnabled) { if ((StackBase >=3D Address) && (StackBase < (Address + Size))) { return TRUE; } } =20 - if (PcdGetBool (PcdSetNxForStack)) { + if (mMps.Dxe.StackExecutionProtectionEnabled) { if ((Address < StackBase + StackSize) && ((Address + Size) > StackBase= )) { return TRUE; } @@ -403,14 +403,14 @@ Split2MPageTo4K ( PageTableEntry->Bits.ReadWrite =3D 1; =20 if ((IsNullDetectionEnabled () && (PhysicalAddress4K =3D=3D 0)) || - (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K =3D=3D StackB= ase))) + (mMps.Dxe.CpuStackGuardEnabled && (PhysicalAddress4K =3D=3D StackB= ase))) { PageTableEntry->Bits.Present =3D 0; } else { PageTableEntry->Bits.Present =3D 1; } =20 - if ( PcdGetBool (PcdSetNxForStack) + if ( mMps.Dxe.StackExecutionProtectionEnabled && (PhysicalAddress4K >=3D StackBase) && (PhysicalAddress4K < StackBase + StackSize)) { diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h b/MdeModulePkg/Core/DxeI= plPeim/DxeIpl.h index 2f015befceca..f6826349c378 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include #include @@ -46,6 +47,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define STACK_SIZE 0x20000 #define BSP_STORE_SIZE 0x4000 =20 +extern MEMORY_PROTECTION_SETTINGS mMps; + // // This PPI is installed to indicate the end of the PEI usage of memory // diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index f1990eac7760..ccbf5c36d7f6 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -67,6 +67,7 @@ [LibraryClasses] DebugAgentLib PeiServicesTablePointerLib PerformanceLib + SetMemoryProtectionsLib =20 [Ppis] gEfiDxeIplPpiGuid ## PRODUCES @@ -101,20 +102,10 @@ [FeaturePcd] [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##= CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 -[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES - -[Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES - [Depex] gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid =20 --=20 2.42.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109419): https://edk2.groups.io/g/devel/message/109419 Mute This Topic: https://groups.io/mt/101843357/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-