public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Taylor Beebe" <t@taylorbeebe.com>
To: devel@edk2.groups.io
Cc: Taylor Beebe <t@taylorbeebe.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Dandan Bi <dandan.bi@intel.com>
Subject: [PATCH v1 2/3] MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs
Date: Fri,  9 Jun 2023 13:26:00 -0700	[thread overview]
Message-ID: <20230609202601.1153-3-t@taylorbeebe.com> (raw)
In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com>

DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch
the memory protection settings HOB entry for their respective phase,
validate the settings, and populate a global for access.

Memory protection settings are currently dictated via
FixedAtBuild PCDs where the settings needed to be masked.
A future patch series will replace instances of checking the
PCDs with checks to the memory protection globals populated by
MemoryProtectionHobLib.

Signed-off-by: Taylor Beebe <t@taylorbeebe.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
---
 MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c   | 33 ++++++++++++++++++
 MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c    | 33 ++++++++++++++++++
 MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h                          | 36 ++++++++++++++++++++
 MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h                           | 36 ++++++++++++++++++++
 MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf | 25 ++++++++++++++
 MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf  | 26 ++++++++++++++
 MdeModulePkg/MdeModulePkg.dec                                                     |  8 +++++
 MdeModulePkg/MdeModulePkg.dsc                                                     |  8 +++++
 8 files changed, 205 insertions(+)

diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c
new file mode 100644
index 000000000000..4f0191d04974
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c
@@ -0,0 +1,33 @@
+/** @file
+Library defines the gDxeMps global
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+#include <Library/DxeMemoryProtectionHobLib.h>
+
+// According to the C Specification, a global variable
+// which is uninitialized will be zero. The net effect
+// is memory protections will be OFF.
+DXE_MEMORY_PROTECTION_SETTINGS  gDxeMps;
+
+/**
+  Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @param[in]  MemoryType            Memory type to check.
+  @param[in]  HeapGuardMemoryType   DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @return TRUE  The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+  @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetDxeMemoryTypeSettingFromBitfield (
+  IN EFI_MEMORY_TYPE              MemoryType,
+  IN DXE_HEAP_GUARD_MEMORY_TYPES  HeapGuardMemoryType
+  )
+{
+  return FALSE;
+}
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c
new file mode 100644
index 000000000000..c62c9d772063
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c
@@ -0,0 +1,33 @@
+/** @file
+Library defines the gMmMps global
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+#include <Library/MmMemoryProtectionHobLib.h>
+
+// According to the C Specification, a global variable
+// which is uninitialized will be zero. The net effect
+// is memory protections will be OFF.
+MM_MEMORY_PROTECTION_SETTINGS  gMmMps;
+
+/**
+  Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @param[in]  MemoryType            Memory type to check.
+  @param[in]  HeapGuardMemoryType   MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @return TRUE  The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUARD_MEMORY_TYPES
+  @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetMmMemoryTypeSettingFromBitfield (
+  IN EFI_MEMORY_TYPE             MemoryType,
+  IN MM_HEAP_GUARD_MEMORY_TYPES  HeapGuardMemoryType
+  )
+{
+  return FALSE;
+}
diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h
new file mode 100644
index 000000000000..4f49a00a8683
--- /dev/null
+++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h
@@ -0,0 +1,36 @@
+/** @file
+
+Library for controlling hob-backed memory protection settings
+
+Copyright (C) Microsoft Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+#define DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+
+#include <Guid/DxeMemoryProtectionSettings.h>
+
+//
+//  The global used to access current Memory Protection Settings
+//
+extern DXE_MEMORY_PROTECTION_SETTINGS  gDxeMps;
+
+/**
+  Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @param[in]  MemoryType            Memory type to check.
+  @param[in]  HeapGuardMemoryType   DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @return TRUE  The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+  @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetDxeMemoryTypeSettingFromBitfield (
+  IN EFI_MEMORY_TYPE              MemoryType,
+  IN DXE_HEAP_GUARD_MEMORY_TYPES  HeapGuardMemoryType
+  );
+
+#endif
diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h
new file mode 100644
index 000000000000..efeaa9fd55aa
--- /dev/null
+++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h
@@ -0,0 +1,36 @@
+/** @file
+
+Library for controlling hob-backed memory protection settings
+
+Copyright (C) Microsoft Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+#define MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+
+#include <Guid/MmMemoryProtectionSettings.h>
+
+//
+//  The global used to access current Memory Protection Settings
+//
+extern MM_MEMORY_PROTECTION_SETTINGS  gMmMps;
+
+/**
+  Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @param[in]  MemoryType            Memory type to check.
+  @param[in]  HeapGuardMemoryType   MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+  @return TRUE  The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUARD_MEMORY_TYPES
+  @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetMmMemoryTypeSettingFromBitfield (
+  IN EFI_MEMORY_TYPE             MemoryType,
+  IN MM_HEAP_GUARD_MEMORY_TYPES  HeapGuardMemoryType
+  );
+
+#endif
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
new file mode 100644
index 000000000000..6a3166a23b46
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
@@ -0,0 +1,25 @@
+## @file
+# NULL library which defines gDxeMps
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeMemoryProtectionHobLibNull
+  FILE_GUID                      = a35c1dc1-0769-421b-a8bc-9db69fae4334
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = DxeMemoryProtectionHobLib
+
+#
+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
+#
+
+[Sources]
+  DxeMemoryProtectionHobLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
new file mode 100644
index 000000000000..61f50921ee04
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
@@ -0,0 +1,26 @@
+## @file
+# NULL library which defines gMmMps
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = MmMemoryProtectionHobLibNull
+  FILE_GUID                      = 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = MmMemoryProtectionHobLib
+
+#
+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
+#
+
+[Sources]
+  MmMemoryProtectionHobLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 89001f217ed1..50dae9180d2b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -164,6 +164,14 @@ [LibraryClasses]
   #
   VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h
 
+  ## @libraryclass Provides a way to toggle DXE memory protection settings
+  #
+  DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h
+
+  ## @libraryclass Provides a way to toggle SMM memory protection settings
+  #
+  MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h
+
 [Guids]
   ## MdeModule package token space guid
   # Include/Guid/MdeModulePkgTokenSpace.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 5b1f50e9c084..ab6848dc934b 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -107,6 +107,12 @@ [LibraryClasses]
   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
   IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf
 
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION]
+  DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
+
+[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE]
+  MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
+
 [LibraryClasses.EBC.PEIM]
   IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
 
@@ -231,6 +237,8 @@ [Components]
   MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
   MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
   MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
+  MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
+  MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
   MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf
   MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
   MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
-- 
2.36.1.windows.1


  parent reply	other threads:[~2023-06-09 20:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-09 20:25 [PATCH v1 0/3] MdeModulePkg: Adding Dynamic Memory Protection Settings Libraries Taylor Beebe
2023-06-09 20:25 ` [PATCH v1 1/3] MdeModulePkg: Add DXE and MM Memory Protection Settings HOB Definitions Taylor Beebe
2023-06-09 20:26 ` Taylor Beebe [this message]
2023-06-09 20:26 ` [PATCH v1 3/3] MdeModulePkg: Add Phase-Specific MemoryProtectionHobLib Implementations Taylor Beebe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230609202601.1153-3-t@taylorbeebe.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox