From: "Zeng, Star" <star.zeng@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Ni, Ruiyu" <ruiyu.ni@intel.com>,
"Dong, Eric" <eric.dong@intel.com>,
"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH 6/6] MdeModulePkg/BootScriptExecutorDxe: remove NX attr for FfsBuffer
Date: Mon, 15 Jan 2018 10:18:37 +0000 [thread overview]
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B9FC325@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20180115085433.25008-7-jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
-----Original Message-----
From: Wang, Jian J
Sent: Monday, January 15, 2018 4:55 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH 6/6] MdeModulePkg/BootScriptExecutorDxe: remove NX attr for FfsBuffer
If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiReservedMemoryType, the BIOS will hang at a page fault exception triggered by BootScriptExecutorDxe.
The root cause is that this driver will allocate memory of EfiReservedMemoryType and relocate itself into this new memory. Since EfiReservedMemoryType of memory is marked non-executable, re-start this driver after relocation will cause exception. The fix is removing the NX attribute after memory allocation.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
.../Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf | 1 +
.../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c | 14 ++++++++++++++
.../Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h | 1 +
3 files changed, 16 insertions(+)
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
index 29af7f55ec..aac132122c 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecut
+++ orDxe.inf
@@ -68,6 +68,7 @@
LockBoxLib
CpuExceptionHandlerLib
DevicePathLib
+ DxeServicesTableLib
[Guids]
gEfiBootScriptExecutorVariableGuid ## PRODUCES ## UNDEFINED # SaveLockBox
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
index 4545d6e581..263a282188 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.c
@@ -273,6 +273,7 @@ ReadyToLockEventNotify (
UINTN Pages;
EFI_PHYSICAL_ADDRESS FfsBuffer;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR MemDesc;
Status = gBS->LocateProtocol (&gEfiDxeSmmReadyToLockProtocolGuid, NULL, &Interface);
if (EFI_ERROR (Status)) {
@@ -322,6 +323,19 @@ ReadyToLockEventNotify (
&FfsBuffer
);
ASSERT_EFI_ERROR (Status);
+
+ //
+ // Make sure that the buffer can be used to store code.
+ //
+ Status = gDS->GetMemorySpaceDescriptor (FfsBuffer, &MemDesc); if
+ (!EFI_ERROR (Status) && (MemDesc.Attributes & EFI_MEMORY_XP) != 0) {
+ gDS->SetMemorySpaceAttributes (
+ FfsBuffer,
+ EFI_PAGES_TO_SIZE (Pages),
+ MemDesc.Attributes & (~EFI_MEMORY_XP)
+ );
+ }
+
ImageContext.ImageAddress = (PHYSICAL_ADDRESS)(UINTN)FfsBuffer;
//
// Align buffer on section boundary
diff --git a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
index 75327569d7..94deae87e6 100644
--- a/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
+++ b/MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/ScriptExecute.h
@@ -38,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/LockBoxLib.h>
#include <Library/CpuExceptionHandlerLib.h>
#include <Library/DevicePathLib.h>
+#include <Library/DxeServicesTableLib.h>
#include <Guid/AcpiS3Context.h>
#include <Guid/BootScriptExecutorVariable.h>
--
2.15.1.windows.2
prev parent reply other threads:[~2018-01-15 10:13 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-15 8:54 [PATCH 0/6] Fix issues caused by NX memory protection Jian J Wang
2018-01-15 8:54 ` [PATCH 1/6] UefiCpuPkg/MpInitLib: split wake up buffer into two parts Jian J Wang
2018-01-18 6:53 ` Dong, Eric
2018-01-27 16:17 ` Laszlo Ersek
2018-01-28 21:43 ` Laszlo Ersek
2018-01-29 1:06 ` Wang, Jian J
2018-01-29 15:50 ` Laszlo Ersek
2018-01-15 8:54 ` [PATCH 2/6] UefiCpuPkg/CpuExceptionHandlerLib: alloc code memory for exception handlers Jian J Wang
2018-01-16 14:02 ` Dong, Eric
2018-01-15 8:54 ` [PATCH 3/6] UefiCpuPkg/CpuDxe: clear NX attr for page directory Jian J Wang
2018-01-16 14:02 ` Dong, Eric
2018-01-15 8:54 ` [PATCH 4/6] UefiCpuPkg/PiSmmCpuDxeSmm: Enable NXE if it's supported Jian J Wang
2018-01-16 14:02 ` Dong, Eric
2018-01-28 22:46 ` Laszlo Ersek
2018-01-29 9:02 ` Wang, Jian J
2018-01-29 19:48 ` Laszlo Ersek
2018-01-30 13:09 ` Laszlo Ersek
2018-02-01 1:08 ` Wang, Jian J
2018-01-15 8:54 ` [PATCH 5/6] MdeModulePkg/PiSmmCore: remove NX attr for SMM RAM Jian J Wang
2018-01-15 10:18 ` Zeng, Star
2018-01-15 8:54 ` [PATCH 6/6] MdeModulePkg/BootScriptExecutorDxe: remove NX attr for FfsBuffer Jian J Wang
2018-01-15 10:18 ` Zeng, Star [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0C09AFA07DD0434D9E2A0C6AEB0483103B9FC325@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox