[PATCH v2 0/2] clarify NXE enabling logic

[PATCH v2 0/2] clarify NXE enabling logic

[Jian J Wang]

> v2 changes:
>    Incorporates review comments from Laszlo and Star.

BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116

Test:
a. try all related PCDs combinations and check the page table attributes
b. boot to shell on real intel platform with valid PCD setting combinations
    (IA32/X64)
c. boot to fedora26, ubuntu18.04, windows 7 and windows 10 on OVMF emulated
    platform (X64)

Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>

Jian J Wang (2):
  MdeModulePkg/MdeModulePkg.dec/.uni: clarify PCDs usage
  MdeModulePkg/DxeIpl: support more NX related PCDs

 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
 MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30 +++++++++++++++++++++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24 +++++++++++++++++++
 MdeModulePkg/MdeModulePkg.dec                    | 20 ++++++++++++----
 MdeModulePkg/MdeModulePkg.uni                    | 13 ++++++----
 6 files changed, 81 insertions(+), 12 deletions(-)

-- 
2.16.2.windows.1

[PATCH v2 1/2] MdeModulePkg/MdeModulePkg.dec/.uni: clarify PCDs usage

[Jian J Wang]

> v2 changes:
>    Newly added patch to clarify PCDs usage.

BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116

The usage of following PCDs described in MdeModulePkg.dec don't match
the implementation exactly. This patch updates related description in
both .dec and .uni files to avoid confusion in platform configuration.

  PcdSetNxForStack
  PcdImageProtectionPolicy
  PcdDxeNxMemoryProtectionPolicy

The main change is at the statement on how to handle the FALSE or 0
setting value in those PCDs. Current statement says the implementation
should unset or disable related features but in fact the related code
just do nothing (leave it to AS-IS). That means the result might be
disabled, or might be not. It depends on other features or platform
policy.

For example, if one don't want to enforce NX onto stack memory, he/she
needs to set PcdSetNxForStack to FALSE as well as to clear BIT4 of
PcdDxeNxMemoryProtectionPolicy.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/MdeModulePkg.dec | 20 +++++++++++++++-----
 MdeModulePkg/MdeModulePkg.uni | 13 +++++++++----
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 74a699cbb7..6566b57fd4 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1288,17 +1288,23 @@
   ## Set image protection policy. The policy is bitwise.
   #  If a bit is set, the image will be protected by DxeCore if it is aligned.
   #   The code section becomes read-only, and the data section becomes non-executable.
-  #  If a bit is clear, the image will not be protected.<BR><BR>
+  #  If a bit is clear, nothing will be done to image code/data sections.<BR><BR>
   #    BIT0       - Image from unknown device. <BR>
   #    BIT1       - Image from firmware volume.<BR>
+  #  <BR>
+  #  Note: If a bit is cleared, the data section could be still non-executable if
+  #  PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData
+  #  and/or EfiRuntimeServicesData.<BR>
+  #  <BR>
   # @Prompt Set image protection policy.
   # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
   gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
 
   ## Set DXE memory protection policy. The policy is bitwise.
   #  If a bit is set, memory regions of the associated type will be mapped
-  #  non-executable.<BR><BR>
-  #
+  #  non-executable.<BR>
+  #  If a bit is cleared, nothing will be done to associated type of memory.<BR>
+  #  <BR>
   # Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>
   #  EfiReservedMemoryType          0x0001<BR>
   #  EfiLoaderCode                  0x0002<BR>
@@ -1890,8 +1896,12 @@
   #  For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>
   #  For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require
   #  IA32 PAE is supported and Execute Disable Bit is available.<BR>
-  #   TRUE  - to set NX for stack.<BR>
-  #   FALSE - Not to set NX for stack.<BR>
+  #  <BR>
+  #  Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for
+  #  EfiBootServicesData.<BR>
+  #  <BR>
+  #   TRUE  - Set NX for stack.<BR>
+  #   FALSE - Do nothing for stack.<BR>
   # @Prompt Set NX for stack.
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f
 
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 080b8a62c0..61befdc1e4 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -345,8 +345,9 @@
                                                                                   "For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>"
                                                                                   "For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require"
                                                                                   "IA32 PAE is supported and Execute Disable Bit is available.<BR>"
-                                                                                  "TRUE  - to set NX for stack.<BR>"
-                                                                                  "FALSE - Not to set NX for stack.<BR>"
+                                                                                  "Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for EfiBootServicesData.<BR>"
+                                                                                  "TRUE  - Set NX for stack.<BR>"
+                                                                                  "FALSE - Do nothing for stack.<BR>"
 
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT  #language en-US "ACPI S3 Enable"
 
@@ -1098,15 +1099,19 @@
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_HELP  #language en-US "Set image protection policy. The policy is bitwise.\n"
                                                                                           "If a bit is set, the image will be protected by DxeCore if it is aligned.\n"
                                                                                           "The code section becomes read-only, and the data section becomes non-executable.\n"
-                                                                                          "If a bit is clear, the image will not be protected.<BR><BR>\n"
+                                                                                          "If a bit is clear, nothing will be done to image code/data sections.<BR><BR>\n"
                                                                                           "BIT0       - Image from unknown device. <BR>\n"
                                                                                           "BIT1       - Image from firmware volume.<BR>"
+                                                                                          "Note: If a bit is cleared, the data section could be still non-executable if\n"
+                                                                                          "PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\n"
+                                                                                          "and/or EfiRuntimeServicesData.<BR>"
 
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT  #language en-US "Set DXE memory protection policy."
 
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP  #language en-US "Set DXE memory protection policy. The policy is bitwise.\n"
                                                                                                 "If a bit is set, memory regions of the associated type will be mapped\n"
-                                                                                                "non-executable.<BR><BR>\n"
+                                                                                                "non-executable.<BR>\n"
+                                                                                                "If a bit is cleared, nothing will be done to associated type of memory.<BR><BR>\n"
                                                                                                 "\n"
                                                                                                 "Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"
                                                                                                 "EfiReservedMemoryType          0x0001<BR>\n"
-- 
2.16.2.windows.1

Re: [PATCH v2 1/2] MdeModulePkg/MdeModulePkg.dec/.uni: clarify PCDs usage

[Zeng, Star]

Jian,

The clarifications are very good.
There is a very superficial comment at below.

On 2018/9/20 14:02, Jian J Wang wrote:
>> v2 changes:
>>     Newly added patch to clarify PCDs usage.
> 
> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
> 
> The usage of following PCDs described in MdeModulePkg.dec don't match
> the implementation exactly. This patch updates related description in
> both .dec and .uni files to avoid confusion in platform configuration.
> 
>    PcdSetNxForStack
>    PcdImageProtectionPolicy
>    PcdDxeNxMemoryProtectionPolicy
> 
> The main change is at the statement on how to handle the FALSE or 0
> setting value in those PCDs. Current statement says the implementation
> should unset or disable related features but in fact the related code
> just do nothing (leave it to AS-IS). That means the result might be
> disabled, or might be not. It depends on other features or platform
> policy.
> 
> For example, if one don't want to enforce NX onto stack memory, he/she
> needs to set PcdSetNxForStack to FALSE as well as to clear BIT4 of
> PcdDxeNxMemoryProtectionPolicy.
> 
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>   MdeModulePkg/MdeModulePkg.dec | 20 +++++++++++++++-----
>   MdeModulePkg/MdeModulePkg.uni | 13 +++++++++----
>   2 files changed, 24 insertions(+), 9 deletions(-)
> 
> diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
> index 74a699cbb7..6566b57fd4 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -1288,17 +1288,23 @@
>     ## Set image protection policy. The policy is bitwise.
>     #  If a bit is set, the image will be protected by DxeCore if it is aligned.
>     #   The code section becomes read-only, and the data section becomes non-executable.
> -  #  If a bit is clear, the image will not be protected.<BR><BR>
> +  #  If a bit is clear, nothing will be done to image code/data sections.<BR><BR>
>     #    BIT0       - Image from unknown device. <BR>
>     #    BIT1       - Image from firmware volume.<BR>
> +  #  <BR>
> +  #  Note: If a bit is cleared, the data section could be still non-executable if
> +  #  PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData
> +  #  and/or EfiRuntimeServicesData.<BR>
> +  #  <BR>
>     # @Prompt Set image protection policy.
>     # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
>     gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
>   
>     ## Set DXE memory protection policy. The policy is bitwise.
>     #  If a bit is set, memory regions of the associated type will be mapped
> -  #  non-executable.<BR><BR>
> -  #
> +  #  non-executable.<BR>
> +  #  If a bit is cleared, nothing will be done to associated type of memory.<BR>
> +  #  <BR>
>     # Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>
>     #  EfiReservedMemoryType          0x0001<BR>
>     #  EfiLoaderCode                  0x0002<BR>
> @@ -1890,8 +1896,12 @@
>     #  For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>
>     #  For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require
>     #  IA32 PAE is supported and Execute Disable Bit is available.<BR>
> -  #   TRUE  - to set NX for stack.<BR>
> -  #   FALSE - Not to set NX for stack.<BR>
> +  #  <BR>
> +  #  Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for
> +  #  EfiBootServicesData.<BR>

How about adding this sentence to be after TRUE/FALSE statements below?

Anyway, Reviewed-by: Star Zeng <star.zeng@intel.com>.

Thanks,
Star

> +  #  <BR>
> +  #   TRUE  - Set NX for stack.<BR>
> +  #   FALSE - Do nothing for stack.<BR>
>     # @Prompt Set NX for stack.
>     gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f
>   
> diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
> index 080b8a62c0..61befdc1e4 100644
> --- a/MdeModulePkg/MdeModulePkg.uni
> +++ b/MdeModulePkg/MdeModulePkg.uni
> @@ -345,8 +345,9 @@
>                                                                                     "For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>"
>                                                                                     "For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require"
>                                                                                     "IA32 PAE is supported and Execute Disable Bit is available.<BR>"
> -                                                                                  "TRUE  - to set NX for stack.<BR>"
> -                                                                                  "FALSE - Not to set NX for stack.<BR>"
> +                                                                                  "Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for EfiBootServicesData.<BR>"
> +                                                                                  "TRUE  - Set NX for stack.<BR>"
> +                                                                                  "FALSE - Do nothing for stack.<BR>"
>   
>   #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT  #language en-US "ACPI S3 Enable"
>   
> @@ -1098,15 +1099,19 @@
>   #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_HELP  #language en-US "Set image protection policy. The policy is bitwise.\n"
>                                                                                             "If a bit is set, the image will be protected by DxeCore if it is aligned.\n"
>                                                                                             "The code section becomes read-only, and the data section becomes non-executable.\n"
> -                                                                                          "If a bit is clear, the image will not be protected.<BR><BR>\n"
> +                                                                                          "If a bit is clear, nothing will be done to image code/data sections.<BR><BR>\n"
>                                                                                             "BIT0       - Image from unknown device. <BR>\n"
>                                                                                             "BIT1       - Image from firmware volume.<BR>"
> +                                                                                          "Note: If a bit is cleared, the data section could be still non-executable if\n"
> +                                                                                          "PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\n"
> +                                                                                          "and/or EfiRuntimeServicesData.<BR>"
>   
>   #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT  #language en-US "Set DXE memory protection policy."
>   
>   #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP  #language en-US "Set DXE memory protection policy. The policy is bitwise.\n"
>                                                                                                   "If a bit is set, memory regions of the associated type will be mapped\n"
> -                                                                                                "non-executable.<BR><BR>\n"
> +                                                                                                "non-executable.<BR>\n"
> +                                                                                                "If a bit is cleared, nothing will be done to associated type of memory.<BR><BR>\n"
>                                                                                                   "\n"
>                                                                                                   "Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"
>                                                                                                   "EfiReservedMemoryType          0x0001<BR>\n"
> 

[PATCH v2 2/2] MdeModulePkg/DxeIpl: support more NX related PCDs

[Jian J Wang]

> v2 changes:
>    a. remove macros no longer needed
>    b. remove DEBUG and ASSERT in ToEnableExecuteDisableFeature()
>    c. change ToEnableExecuteDisableFeature to EnableNonExec

BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116

Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
confuses developers because following two other PCDs also need NXE
to be set, but actually not.

    PcdDxeNxMemoryProtectionPolicy
    PcdImageProtectionPolicy

This patch solves this issue by adding logic to enable IA32_EFER.NXE
if any of those PCDs have anything enabled.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
 MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30 +++++++++++++++++++++++-
 MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24 +++++++++++++++++++
 4 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index fd82657404..068e700074 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -117,6 +117,8 @@
 
 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIMES_CONSUMES
 
 [Depex]
   gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
index d28baa3615..ccd30f964b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
@@ -245,7 +245,7 @@ ToBuildPageTable (
     return TRUE;
   }
 
-  if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable ()) {
+  if (EnableNonExec ()) {
     return TRUE;
   }
 
@@ -436,7 +436,7 @@ HandOffToDxeCore (
     BuildPageTablesIa32Pae = ToBuildPageTable ();
     if (BuildPageTablesIa32Pae) {
       PageTables = Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE);
-      if (IsExecuteDisableBitAvailable ()) {
+      if (EnableNonExec ()) {
         EnableExecuteDisableBit();
       }
     }
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 496e219913..73b0f67c6b 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -106,6 +106,31 @@ IsNullDetectionEnabled (
   return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
 }
 
+/**
+  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
+
+  @retval TRUE    IA32_EFER.NXE should be enabled.
+  @retval FALSE   IA32_EFER.NXE should not be enabled.
+
+**/
+BOOLEAN
+EnableNonExec (
+  VOID
+  )
+{
+  if (!IsExecuteDisableBitAvailable ()) {
+    return FALSE;
+  }
+
+  //
+  // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
+  // Features controlled by Following PCDs need this feature to be enabled.
+  //
+  return (PcdGetBool (PcdSetNxForStack) ||
+          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
+          PcdGet32 (PcdImageProtectionPolicy) != 0);
+}
+
 /**
   Enable Execute Disable Bit.
 
@@ -755,7 +780,10 @@ CreateIdentityMappingPageTables (
   //
   EnablePageTableProtection ((UINTN)PageMap, TRUE);
 
-  if (PcdGetBool (PcdSetNxForStack)) {
+  //
+  // Set IA32_EFER.NXE if necessary.
+  //
+  if (EnableNonExec ()) {
     EnableExecuteDisableBit ();
   }
 
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
index 85457ff937..09085312aa 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
@@ -179,6 +179,30 @@ typedef struct {
   UINTN           FreePages;
 } PAGE_TABLE_POOL;
 
+/**
+  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
+
+  @retval TRUE    IA32_EFER.NXE should be enabled.
+  @retval FALSE   IA32_EFER.NXE should not be enabled.
+
+**/
+BOOLEAN
+EnableNonExec (
+  VOID
+  );
+
+/**
+  The function will check if Execute Disable Bit is available.
+
+  @retval TRUE      Execute Disable Bit is available.
+  @retval FALSE     Execute Disable Bit is not available.
+
+**/
+BOOLEAN
+IsExecuteDisableBitAvailable (
+  VOID
+  );
+
 /**
   Enable Execute Disable Bit.
 
-- 
2.16.2.windows.1

Re: [PATCH v2 2/2] MdeModulePkg/DxeIpl: support more NX related PCDs

[Zeng, Star]

Jian and Laszlo,

There is also a superficial comment at below.

On 2018/9/20 14:02, Jian J Wang wrote:
>> v2 changes:
>>     a. remove macros no longer needed
>>     b. remove DEBUG and ASSERT in ToEnableExecuteDisableFeature()
>>     c. change ToEnableExecuteDisableFeature to EnableNonExec
> 
> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
> 
> Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
> confuses developers because following two other PCDs also need NXE
> to be set, but actually not.
> 
>      PcdDxeNxMemoryProtectionPolicy
>      PcdImageProtectionPolicy
> 
> This patch solves this issue by adding logic to enable IA32_EFER.NXE
> if any of those PCDs have anything enabled.
> 
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>   MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
>   MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30 +++++++++++++++++++++++-
>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24 +++++++++++++++++++
>   4 files changed, 57 insertions(+), 3 deletions(-)
> 
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index fd82657404..068e700074 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -117,6 +117,8 @@
>   
>   [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>     gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIMES_CONSUMES
>   
>   [Depex]
>     gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> index d28baa3615..ccd30f964b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> @@ -245,7 +245,7 @@ ToBuildPageTable (
>       return TRUE;
>     }
>   
> -  if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable ()) {
> +  if (EnableNonExec ()) {
>       return TRUE;
>     }
>   
> @@ -436,7 +436,7 @@ HandOffToDxeCore (
>       BuildPageTablesIa32Pae = ToBuildPageTable ();
>       if (BuildPageTablesIa32Pae) {
>         PageTables = Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE);
> -      if (IsExecuteDisableBitAvailable ()) {
> +      if (EnableNonExec ()) {
>           EnableExecuteDisableBit();
>         }
>       }
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 496e219913..73b0f67c6b 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -106,6 +106,31 @@ IsNullDetectionEnabled (
>     return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
>   }
>   
> +/**
> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
> +
> +  @retval TRUE    IA32_EFER.NXE should be enabled.
> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
> +
> +**/
> +BOOLEAN
> +EnableNonExec (
> +  VOID
> +  )
> +{
> +  if (!IsExecuteDisableBitAvailable ()) {
> +    return FALSE;
> +  }
> +
> +  //
> +  // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
> +  // Features controlled by Following PCDs need this feature to be enabled.
> +  //
> +  return (PcdGetBool (PcdSetNxForStack) ||
> +          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
> +          PcdGet32 (PcdImageProtectionPolicy) != 0);
> +}

I am a little confused by this function name compared with 
EnableExecuteDisableBit(). This function is not really to enable NX, but 
just to check whether enable NX is needed or not. How about using name 
IsEnableNonExecNeeded or IsEnableNxNeeded or IsDisableExecuteNeeded?


Sorry I did not raise this comment in V1 patch thread.
If you agree with the name changing, Reviewed-by: Star Zeng 
<star.zeng@intel.com>.


Thanks,
Star
> +
>   /**
>     Enable Execute Disable Bit.
>   
> @@ -755,7 +780,10 @@ CreateIdentityMappingPageTables (
>     //
>     EnablePageTableProtection ((UINTN)PageMap, TRUE);
>   
> -  if (PcdGetBool (PcdSetNxForStack)) {
> +  //
> +  // Set IA32_EFER.NXE if necessary.
> +  //
> +  if (EnableNonExec ()) {
>       EnableExecuteDisableBit ();
>     }
>   
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> index 85457ff937..09085312aa 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> @@ -179,6 +179,30 @@ typedef struct {
>     UINTN           FreePages;
>   } PAGE_TABLE_POOL;
>   
> +/**
> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
> +
> +  @retval TRUE    IA32_EFER.NXE should be enabled.
> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
> +
> +**/
> +BOOLEAN
> +EnableNonExec (
> +  VOID
> +  );
> +
> +/**
> +  The function will check if Execute Disable Bit is available.
> +
> +  @retval TRUE      Execute Disable Bit is available.
> +  @retval FALSE     Execute Disable Bit is not available.
> +
> +**/
> +BOOLEAN
> +IsExecuteDisableBitAvailable (
> +  VOID
> +  );
> +
>   /**
>     Enable Execute Disable Bit.
>   
> 

Re: [PATCH v2 2/2] MdeModulePkg/DxeIpl: support more NX related PCDs

[Zeng, Star]

Another minor suggestion is to move IsExecuteDisableBitAvailable() to 
VirtualMemory.c, then there will be no need to declare it in 
VirtualMemeory.h.


Thanks,
Star
On 2018/9/21 14:00, Zeng, Star wrote:
> Jian and Laszlo,
> 
> There is also a superficial comment at below.
> 
> On 2018/9/20 14:02, Jian J Wang wrote:
>>> v2 changes:
>>>     a. remove macros no longer needed
>>>     b. remove DEBUG and ASSERT in ToEnableExecuteDisableFeature()
>>>     c. change ToEnableExecuteDisableFeature to EnableNonExec
>>
>> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
>>
>> Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
>> confuses developers because following two other PCDs also need NXE
>> to be set, but actually not.
>>
>>      PcdDxeNxMemoryProtectionPolicy
>>      PcdImageProtectionPolicy
>>
>> This patch solves this issue by adding logic to enable IA32_EFER.NXE
>> if any of those PCDs have anything enabled.
>>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
>> ---
>>   MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
>>   MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
>>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30 
>> +++++++++++++++++++++++-
>>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24 
>> +++++++++++++++++++
>>   4 files changed, 57 insertions(+), 3 deletions(-)
>>
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf 
>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> index fd82657404..068e700074 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>> @@ -117,6 +117,8 @@
>>   [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>     gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## 
>> SOMETIMES_CONSUMES
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## 
>> SOMETIMES_CONSUMES
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## 
>> SOMETIMES_CONSUMES
>>   [Depex]
>>     gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c 
>> b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> index d28baa3615..ccd30f964b 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>> @@ -245,7 +245,7 @@ ToBuildPageTable (
>>       return TRUE;
>>     }
>> -  if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable 
>> ()) {
>> +  if (EnableNonExec ()) {
>>       return TRUE;
>>     }
>> @@ -436,7 +436,7 @@ HandOffToDxeCore (
>>       BuildPageTablesIa32Pae = ToBuildPageTable ();
>>       if (BuildPageTablesIa32Pae) {
>>         PageTables = Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE);
>> -      if (IsExecuteDisableBitAvailable ()) {
>> +      if (EnableNonExec ()) {
>>           EnableExecuteDisableBit();
>>         }
>>       }
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c 
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> index 496e219913..73b0f67c6b 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>> @@ -106,6 +106,31 @@ IsNullDetectionEnabled (
>>     return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
>>   }
>> +/**
>> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
>> +
>> +  @retval TRUE    IA32_EFER.NXE should be enabled.
>> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
>> +
>> +**/
>> +BOOLEAN
>> +EnableNonExec (
>> +  VOID
>> +  )
>> +{
>> +  if (!IsExecuteDisableBitAvailable ()) {
>> +    return FALSE;
>> +  }
>> +
>> +  //
>> +  // XD flag (BIT63) in page table entry is only valid if 
>> IA32_EFER.NXE is set.
>> +  // Features controlled by Following PCDs need this feature to be 
>> enabled.
>> +  //
>> +  return (PcdGetBool (PcdSetNxForStack) ||
>> +          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
>> +          PcdGet32 (PcdImageProtectionPolicy) != 0);
>> +}
> 
> I am a little confused by this function name compared with 
> EnableExecuteDisableBit(). This function is not really to enable NX, but 
> just to check whether enable NX is needed or not. How about using name 
> IsEnableNonExecNeeded or IsEnableNxNeeded or IsDisableExecuteNeeded?
> 
> 
> Sorry I did not raise this comment in V1 patch thread.
> If you agree with the name changing, Reviewed-by: Star Zeng 
> <star.zeng@intel.com>.
> 
> 
> Thanks,
> Star
>> +
>>   /**
>>     Enable Execute Disable Bit.
>> @@ -755,7 +780,10 @@ CreateIdentityMappingPageTables (
>>     //
>>     EnablePageTableProtection ((UINTN)PageMap, TRUE);
>> -  if (PcdGetBool (PcdSetNxForStack)) {
>> +  //
>> +  // Set IA32_EFER.NXE if necessary.
>> +  //
>> +  if (EnableNonExec ()) {
>>       EnableExecuteDisableBit ();
>>     }
>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h 
>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> index 85457ff937..09085312aa 100644
>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>> @@ -179,6 +179,30 @@ typedef struct {
>>     UINTN           FreePages;
>>   } PAGE_TABLE_POOL;
>> +/**
>> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
>> +
>> +  @retval TRUE    IA32_EFER.NXE should be enabled.
>> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
>> +
>> +**/
>> +BOOLEAN
>> +EnableNonExec (
>> +  VOID
>> +  );
>> +
>> +/**
>> +  The function will check if Execute Disable Bit is available.
>> +
>> +  @retval TRUE      Execute Disable Bit is available.
>> +  @retval FALSE     Execute Disable Bit is not available.
>> +
>> +**/
>> +BOOLEAN
>> +IsExecuteDisableBitAvailable (
>> +  VOID
>> +  );
>> +
>>   /**
>>     Enable Execute Disable Bit.
>>

Re: [PATCH v2 2/2] MdeModulePkg/DxeIpl: support more NX related PCDs

[Laszlo Ersek]

On 09/21/18 10:42, Zeng, Star wrote:
> Another minor suggestion is to move IsExecuteDisableBitAvailable() to
> VirtualMemory.c, then there will be no need to declare it in
> VirtualMemeory.h.

I'm fine with both ideas (name change as you see fit, and code movement).

Thanks
Laszlo

> 
> 
> Thanks,
> Star
> On 2018/9/21 14:00, Zeng, Star wrote:
>> Jian and Laszlo,
>>
>> There is also a superficial comment at below.
>>
>> On 2018/9/20 14:02, Jian J Wang wrote:
>>>> v2 changes:
>>>>     a. remove macros no longer needed
>>>>     b. remove DEBUG and ASSERT in ToEnableExecuteDisableFeature()
>>>>     c. change ToEnableExecuteDisableFeature to EnableNonExec
>>>
>>> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
>>>
>>> Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
>>> confuses developers because following two other PCDs also need NXE
>>> to be set, but actually not.
>>>
>>>      PcdDxeNxMemoryProtectionPolicy
>>>      PcdImageProtectionPolicy
>>>
>>> This patch solves this issue by adding logic to enable IA32_EFER.NXE
>>> if any of those PCDs have anything enabled.
>>>
>>> Cc: Star Zeng <star.zeng@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Contributed-under: TianoCore Contribution Agreement 1.1
>>> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
>>> ---
>>>   MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
>>>   MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
>>>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30
>>> +++++++++++++++++++++++-
>>>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24
>>> +++++++++++++++++++
>>>   4 files changed, 57 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> index fd82657404..068e700074 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>>> @@ -117,6 +117,8 @@
>>>   [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>>>     gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ##
>>> SOMETIMES_CONSUMES
>>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ##
>>> SOMETIMES_CONSUMES
>>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ##
>>> SOMETIMES_CONSUMES
>>>   [Depex]
>>>     gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>>> b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>>> index d28baa3615..ccd30f964b 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
>>> @@ -245,7 +245,7 @@ ToBuildPageTable (
>>>       return TRUE;
>>>     }
>>> -  if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable
>>> ()) {
>>> +  if (EnableNonExec ()) {
>>>       return TRUE;
>>>     }
>>> @@ -436,7 +436,7 @@ HandOffToDxeCore (
>>>       BuildPageTablesIa32Pae = ToBuildPageTable ();
>>>       if (BuildPageTablesIa32Pae) {
>>>         PageTables = Create4GPageTablesIa32Pae (BaseOfStack,
>>> STACK_SIZE);
>>> -      if (IsExecuteDisableBitAvailable ()) {
>>> +      if (EnableNonExec ()) {
>>>           EnableExecuteDisableBit();
>>>         }
>>>       }
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> index 496e219913..73b0f67c6b 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
>>> @@ -106,6 +106,31 @@ IsNullDetectionEnabled (
>>>     return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) !=
>>> 0);
>>>   }
>>> +/**
>>> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or
>>> not.
>>> +
>>> +  @retval TRUE    IA32_EFER.NXE should be enabled.
>>> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
>>> +
>>> +**/
>>> +BOOLEAN
>>> +EnableNonExec (
>>> +  VOID
>>> +  )
>>> +{
>>> +  if (!IsExecuteDisableBitAvailable ()) {
>>> +    return FALSE;
>>> +  }
>>> +
>>> +  //
>>> +  // XD flag (BIT63) in page table entry is only valid if
>>> IA32_EFER.NXE is set.
>>> +  // Features controlled by Following PCDs need this feature to be
>>> enabled.
>>> +  //
>>> +  return (PcdGetBool (PcdSetNxForStack) ||
>>> +          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
>>> +          PcdGet32 (PcdImageProtectionPolicy) != 0);
>>> +}
>>
>> I am a little confused by this function name compared with
>> EnableExecuteDisableBit(). This function is not really to enable NX,
>> but just to check whether enable NX is needed or not. How about using
>> name IsEnableNonExecNeeded or IsEnableNxNeeded or IsDisableExecuteNeeded?
>>
>>
>> Sorry I did not raise this comment in V1 patch thread.
>> If you agree with the name changing, Reviewed-by: Star Zeng
>> <star.zeng@intel.com>.
>>
>>
>> Thanks,
>> Star
>>> +
>>>   /**
>>>     Enable Execute Disable Bit.
>>> @@ -755,7 +780,10 @@ CreateIdentityMappingPageTables (
>>>     //
>>>     EnablePageTableProtection ((UINTN)PageMap, TRUE);
>>> -  if (PcdGetBool (PcdSetNxForStack)) {
>>> +  //
>>> +  // Set IA32_EFER.NXE if necessary.
>>> +  //
>>> +  if (EnableNonExec ()) {
>>>       EnableExecuteDisableBit ();
>>>     }
>>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>>> index 85457ff937..09085312aa 100644
>>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
>>> @@ -179,6 +179,30 @@ typedef struct {
>>>     UINTN           FreePages;
>>>   } PAGE_TABLE_POOL;
>>> +/**
>>> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or
>>> not.
>>> +
>>> +  @retval TRUE    IA32_EFER.NXE should be enabled.
>>> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
>>> +
>>> +**/
>>> +BOOLEAN
>>> +EnableNonExec (
>>> +  VOID
>>> +  );
>>> +
>>> +/**
>>> +  The function will check if Execute Disable Bit is available.
>>> +
>>> +  @retval TRUE      Execute Disable Bit is available.
>>> +  @retval FALSE     Execute Disable Bit is not available.
>>> +
>>> +**/
>>> +BOOLEAN
>>> +IsExecuteDisableBitAvailable (
>>> +  VOID
>>> +  );
>>> +
>>>   /**
>>>     Enable Execute Disable Bit.
>>>
> 

Re: [PATCH v2 2/2] MdeModulePkg/DxeIpl: support more NX related PCDs

[Wang, Jian J]

I'm fine with them too. So we have two minor changes:

1. Change EnableNonExec to IsEnableNonExecNeeded
2. Move IsExecuteDisableBitAvailable() to VirtualMemory.c

I think v3 is not necessary. I'll push the patch after enough test.

Regards,
Jian

> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Friday, September 21, 2018 6:14 PM
> To: Zeng, Star <star.zeng@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> edk2-devel@lists.01.org
> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: Re: [edk2] [PATCH v2 2/2] MdeModulePkg/DxeIpl: support more NX
> related PCDs
> 
> On 09/21/18 10:42, Zeng, Star wrote:
> > Another minor suggestion is to move IsExecuteDisableBitAvailable() to
> > VirtualMemory.c, then there will be no need to declare it in
> > VirtualMemeory.h.
> 
> I'm fine with both ideas (name change as you see fit, and code movement).
> 
> Thanks
> Laszlo
> 
> >
> >
> > Thanks,
> > Star
> > On 2018/9/21 14:00, Zeng, Star wrote:
> >> Jian and Laszlo,
> >>
> >> There is also a superficial comment at below.
> >>
> >> On 2018/9/20 14:02, Jian J Wang wrote:
> >>>> v2 changes:
> >>>>     a. remove macros no longer needed
> >>>>     b. remove DEBUG and ASSERT in ToEnableExecuteDisableFeature()
> >>>>     c. change ToEnableExecuteDisableFeature to EnableNonExec
> >>>
> >>> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
> >>>
> >>> Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
> >>> confuses developers because following two other PCDs also need NXE
> >>> to be set, but actually not.
> >>>
> >>>      PcdDxeNxMemoryProtectionPolicy
> >>>      PcdImageProtectionPolicy
> >>>
> >>> This patch solves this issue by adding logic to enable IA32_EFER.NXE
> >>> if any of those PCDs have anything enabled.
> >>>
> >>> Cc: Star Zeng <star.zeng@intel.com>
> >>> Cc: Laszlo Ersek <lersek@redhat.com>
> >>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> >>> Cc: Jiewen Yao <jiewen.yao@intel.com>
> >>> Contributed-under: TianoCore Contribution Agreement 1.1
> >>> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> >>> ---
> >>>   MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
> >>>   MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
> >>>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30
> >>> +++++++++++++++++++++++-
> >>>   MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24
> >>> +++++++++++++++++++
> >>>   4 files changed, 57 insertions(+), 3 deletions(-)
> >>>
> >>> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >>> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >>> index fd82657404..068e700074 100644
> >>> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >>> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >>> @@ -117,6 +117,8 @@
> >>>   [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
> >>>     gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ##
> >>> SOMETIMES_CONSUMES
> >>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy
> ##
> >>> SOMETIMES_CONSUMES
> >>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ##
> >>> SOMETIMES_CONSUMES
> >>>   [Depex]
> >>>     gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
> >>> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> >>> b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> >>> index d28baa3615..ccd30f964b 100644
> >>> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> >>> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> >>> @@ -245,7 +245,7 @@ ToBuildPageTable (
> >>>       return TRUE;
> >>>     }
> >>> -  if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable
> >>> ()) {
> >>> +  if (EnableNonExec ()) {
> >>>       return TRUE;
> >>>     }
> >>> @@ -436,7 +436,7 @@ HandOffToDxeCore (
> >>>       BuildPageTablesIa32Pae = ToBuildPageTable ();
> >>>       if (BuildPageTablesIa32Pae) {
> >>>         PageTables = Create4GPageTablesIa32Pae (BaseOfStack,
> >>> STACK_SIZE);
> >>> -      if (IsExecuteDisableBitAvailable ()) {
> >>> +      if (EnableNonExec ()) {
> >>>           EnableExecuteDisableBit();
> >>>         }
> >>>       }
> >>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >>> index 496e219913..73b0f67c6b 100644
> >>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> >>> @@ -106,6 +106,31 @@ IsNullDetectionEnabled (
> >>>     return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) !=
> >>> 0);
> >>>   }
> >>> +/**
> >>> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or
> >>> not.
> >>> +
> >>> +  @retval TRUE    IA32_EFER.NXE should be enabled.
> >>> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
> >>> +
> >>> +**/
> >>> +BOOLEAN
> >>> +EnableNonExec (
> >>> +  VOID
> >>> +  )
> >>> +{
> >>> +  if (!IsExecuteDisableBitAvailable ()) {
> >>> +    return FALSE;
> >>> +  }
> >>> +
> >>> +  //
> >>> +  // XD flag (BIT63) in page table entry is only valid if
> >>> IA32_EFER.NXE is set.
> >>> +  // Features controlled by Following PCDs need this feature to be
> >>> enabled.
> >>> +  //
> >>> +  return (PcdGetBool (PcdSetNxForStack) ||
> >>> +          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
> >>> +          PcdGet32 (PcdImageProtectionPolicy) != 0);
> >>> +}
> >>
> >> I am a little confused by this function name compared with
> >> EnableExecuteDisableBit(). This function is not really to enable NX,
> >> but just to check whether enable NX is needed or not. How about using
> >> name IsEnableNonExecNeeded or IsEnableNxNeeded or
> IsDisableExecuteNeeded?
> >>
> >>
> >> Sorry I did not raise this comment in V1 patch thread.
> >> If you agree with the name changing, Reviewed-by: Star Zeng
> >> <star.zeng@intel.com>.
> >>
> >>
> >> Thanks,
> >> Star
> >>> +
> >>>   /**
> >>>     Enable Execute Disable Bit.
> >>> @@ -755,7 +780,10 @@ CreateIdentityMappingPageTables (
> >>>     //
> >>>     EnablePageTableProtection ((UINTN)PageMap, TRUE);
> >>> -  if (PcdGetBool (PcdSetNxForStack)) {
> >>> +  //
> >>> +  // Set IA32_EFER.NXE if necessary.
> >>> +  //
> >>> +  if (EnableNonExec ()) {
> >>>       EnableExecuteDisableBit ();
> >>>     }
> >>> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> >>> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> >>> index 85457ff937..09085312aa 100644
> >>> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> >>> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> >>> @@ -179,6 +179,30 @@ typedef struct {
> >>>     UINTN           FreePages;
> >>>   } PAGE_TABLE_POOL;
> >>> +/**
> >>> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or
> >>> not.
> >>> +
> >>> +  @retval TRUE    IA32_EFER.NXE should be enabled.
> >>> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
> >>> +
> >>> +**/
> >>> +BOOLEAN
> >>> +EnableNonExec (
> >>> +  VOID
> >>> +  );
> >>> +
> >>> +/**
> >>> +  The function will check if Execute Disable Bit is available.
> >>> +
> >>> +  @retval TRUE      Execute Disable Bit is available.
> >>> +  @retval FALSE     Execute Disable Bit is not available.
> >>> +
> >>> +**/
> >>> +BOOLEAN
> >>> +IsExecuteDisableBitAvailable (
> >>> +  VOID
> >>> +  );
> >>> +
> >>>   /**
> >>>     Enable Execute Disable Bit.
> >>>
> >

Re: [PATCH v2 0/2] clarify NXE enabling logic

[Laszlo Ersek]

On 09/20/18 08:02, Jian J Wang wrote:
>> v2 changes:
>>    Incorporates review comments from Laszlo and Star.
> 
> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116
> 
> Test:
> a. try all related PCDs combinations and check the page table attributes
> b. boot to shell on real intel platform with valid PCD setting combinations
>     (IA32/X64)
> c. boot to fedora26, ubuntu18.04, windows 7 and windows 10 on OVMF emulated
>     platform (X64)
> 
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> 
> Jian J Wang (2):
>   MdeModulePkg/MdeModulePkg.dec/.uni: clarify PCDs usage
>   MdeModulePkg/DxeIpl: support more NX related PCDs
> 
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 ++
>  MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 ++--
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 30 +++++++++++++++++++++++-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 24 +++++++++++++++++++
>  MdeModulePkg/MdeModulePkg.dec                    | 20 ++++++++++++----
>  MdeModulePkg/MdeModulePkg.uni                    | 13 ++++++----
>  6 files changed, 81 insertions(+), 12 deletions(-)
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>