[PATCH 5/5] MdeModulePkg: expire PcdSetNxForStack

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>, Laszlo Ersek <lersek@redhat.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Ruiyu Ni <ruiyu.ni@intel.com>, Jiewen Yao <jiewen.yao@intel.com>
Subject: [PATCH 5/5] MdeModulePkg: expire PcdSetNxForStack
Date: Tue, 11 Sep 2018 13:16:36 +0800	[thread overview]
Message-ID: <20180911051636.4888-6-jian.j.wang@intel.com> (raw)
In-Reply-To: <20180911051636.4888-1-jian.j.wang@intel.com>

BZ#: https://bugzilla.tianocore.org/show_bug.cgi?id=1116

Since the stack memory is allocated as EfiBootServicesData, its NX protection
can be covered by BIT4 of PcdDxeNxMemoryProtectionPolicy. To avoid confusing
in setting related PCDs, PcdSetNxForStack will be expired. Set BIT4 of
PcdDxeNxMemoryProtectionPolicy if NX protection is needed for stack.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/MdeModulePkg.dec | 10 +---------
 MdeModulePkg/MdeModulePkg.uni | 10 +---------
 2 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 74a699cbb7..b1f208909c 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1320,6 +1320,7 @@
   #
   # NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServicesCode / EfiRuntimeServicesCode. <BR>
   #       User MUST set the same NX protection for EfiBootServicesData and EfiConventionalMemory. <BR>
+  #       Stack is allocated as type of EfiBootServicesData. Enable NX protection for it will also enable NX protection for stack. <BR>
   #
   # e.g. 0x7FD5 can be used for all memory except Code. <BR>
   # e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserved. <BR>
@@ -1886,15 +1887,6 @@
   # @Prompt Default Creator Revision for ACPI table creation.
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision|0x01000013|UINT32|0x30001038
 
-  ## Indicates if to set NX for stack.<BR><BR>
-  #  For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>
-  #  For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require
-  #  IA32 PAE is supported and Execute Disable Bit is available.<BR>
-  #   TRUE  - to set NX for stack.<BR>
-  #   FALSE - Not to set NX for stack.<BR>
-  # @Prompt Set NX for stack.
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f
-
   ## This PCD specifies the PCI-based SD/MMC host controller mmio base address.
   # Define the mmio base address of the pci-based SD/MMC host controller. If there are multiple SD/MMC
   # host controllers, their mmio base addresses are calculated one by one from this base address.
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 080b8a62c0..6b26b21f00 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -339,15 +339,6 @@
 
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSerialRegisterStride_HELP  #language en-US "The number of bytes between registers in serial device.  The default is 1 byte."
 
-#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSetNxForStack_PROMPT  #language en-US "Set NX for stack"
-
-#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSetNxForStack_HELP  #language en-US "Indicates if to set NX for stack.<BR><BR>"
-                                                                                  "For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>"
-                                                                                  "For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require"
-                                                                                  "IA32 PAE is supported and Execute Disable Bit is available.<BR>"
-                                                                                  "TRUE  - to set NX for stack.<BR>"
-                                                                                  "FALSE - Not to set NX for stack.<BR>"
-
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT  #language en-US "ACPI S3 Enable"
 
 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_HELP  #language en-US "Indicates if ACPI S3 will be enabled.<BR><BR>"
@@ -1129,6 +1120,7 @@
                                                                                                 "\n"
                                                                                                 "NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServicesCode / EfiRuntimeServicesCode. <BR>\n"
                                                                                                 "User MUST set the same NX protection for EfiBootServicesData and EfiConventionalMemory. <BR>\n"
+                                                                                                "Stack is allocated as type of EfiBootServicesData. Enable NX protection for it will also enable NX protection for stack. <BR>\n"
                                                                                                 "\n"
                                                                                                 "e.g. 0x7FD5 can be used for all memory except Code. <BR>\n"
                                                                                                 "e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserved. <BR>\n"
-- 
2.16.2.windows.1

next prev parent reply	other threads:[~2018-09-11  5:16 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-11  5:16 [PATCH 0/5] expire the use of PcdSetNxForStack Jian J Wang
2018-09-11  5:16 ` [PATCH 1/5] MdeModulePkg/DxeIplPeim: " Jian J Wang
2018-09-11  9:00   ` Ni, Ruiyu
2018-09-11  5:16 ` [PATCH 2/5] OvmfPkg/PlatformPei: " Jian J Wang
2018-09-11 15:53   ` Laszlo Ersek
2018-09-12  2:11     ` Wang, Jian J
2018-09-12 10:41       ` Laszlo Ersek
2018-09-13  0:45         ` Wang, Jian J
2018-09-11  5:16 ` [PATCH 3/5] OvmfPkg: " Jian J Wang
2018-09-11  5:16 ` [PATCH 4/5] ArmVirtPkg/ArmVirt.dsc.inc: " Jian J Wang
2018-09-11  5:16 ` Jian J Wang [this message]
2018-09-11  5:52 ` [PATCH 0/5] " Yao, Jiewen
2018-09-11  8:57 ` Ard Biesheuvel
2018-09-11  9:13   ` Ni, Ruiyu
2018-09-11 21:02     ` Ard Biesheuvel
2018-09-12  0:55       ` Ni, Ruiyu
2018-09-12 15:04         ` Ard Biesheuvel
2018-09-11 11:07   ` Wang, Jian J

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:74a699cbb dfblob:b1f208909 dfblob:080b8a62c dfblob:6b26b21f0 )
 OR (
bs:"[PATCH 5/5] MdeModulePkg: expire PcdSetNxForStack" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180911051636.4888-6-jian.j.wang@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox