From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 30F1D941DE5 for ; Fri, 18 Aug 2023 22:58:07 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=cRvpuFUdO9ElnGGbjoTK2kch+Z6LsUrxM/syc0pv2EQ=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1692399485; v=1; b=NL44Beb38eH8G8wzccVro8nNmrYASqPVHrNDNTBnXZqAyeg7dAAuZNftEbIn1kcN0SjiX4G+ RRGeYNCCykulKQI4uwzFC7OF2Tu0m9bSEQYLh3ExMwf/HoA6SSrXkKGiaL22vR+7+J6XblDYWnG Lkbomd2QngNzpEZ5kYtMVTrw= X-Received: by 127.0.0.2 with SMTP id yS6EYY7687511xsXx7ZDRW4I; Fri, 18 Aug 2023 15:58:05 -0700 X-Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web11.3244.1692397957159563846 for ; Fri, 18 Aug 2023 15:32:37 -0700 X-Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-68890d565b5so1179676b3a.2 for ; Fri, 18 Aug 2023 15:32:37 -0700 (PDT) X-Gm-Message-State: LXg5MwGqKwzGCsNZqYMHyaT9x7686176AA= X-Google-Smtp-Source: AGHT+IFMXPVJSiN785NN73O9HSjh3mQCjWKyGNfJSKplHSaTqNU8WfRGuN6F7PjEqPrDUxMhrJ2CBw== X-Received: by 2002:a05:6a00:1794:b0:688:2253:ce07 with SMTP id s20-20020a056a00179400b006882253ce07mr761314pfg.2.1692397956249; Fri, 18 Aug 2023 15:32:36 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id 7-20020aa79207000000b0068779015507sm1989330pfo.194.2023.08.18.15.32.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Aug 2023 15:32:35 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v2 18/25] MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Date: Fri, 18 Aug 2023 15:31:50 -0700 Message-ID: <20230818223159.1073-19-taylor.d.beebe@gmail.com> In-Reply-To: <20230818223159.1073-1-taylor.d.beebe@gmail.com> References: <20230818223159.1073-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=NL44Beb3; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Because the protection profile is equivalent to the PCD settings, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 4 +- MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 46 ++++++++------ MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +- MdeModulePkg/Core/Dxe/Mem/Pool.c | 4 +- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 67 +++++++++++--------- MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 29 ++++----- MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +- MdeModulePkg/Core/Dxe/DxeMain.h | 1 + MdeModulePkg/Core/Dxe/DxeMain.inf | 8 +-- MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 1 + MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 4 +- 11 files changed, 87 insertions(+), 83 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c index 0e0f9769b99d..66cb2fcf2ff7 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -256,10 +256,12 @@ DxeMain ( Status = InitializeCpuExceptionHandlers (VectorInfoList); ASSERT_EFI_ERROR (Status); + PopulateMpsGlobal (); + // // Setup Stack Guard // - if (PcdGetBool (PcdCpuStackGuard)) { + if (gMps.Dxe.CpuStackGuardEnabled) { Status = InitializeSeparateExceptionStacks (NULL, NULL); ASSERT_EFI_ERROR (Status); } diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c index 9377f620c5a5..ee03906a009d 100644 --- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c +++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c @@ -553,7 +553,7 @@ UnsetGuardPage ( // memory. // Attributes = 0; - if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & (1 << EfiConventionalMemory)) != 0) { + if (gMps.Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory]) { Attributes |= EFI_MEMORY_XP; } @@ -590,38 +590,48 @@ IsMemoryTypeToGuard ( IN UINT8 PageOrPool ) { - UINT64 TestBit; + UINT32 MpsMemoryType; UINT64 ConfigBit; if (AllocateType == AllocateAddress) { return FALSE; } - if ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) { + ConfigBit = gMps.Dxe.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0; + ConfigBit |= gMps.Dxe.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0; + ConfigBit |= gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled ? GUARD_HEAP_TYPE_FREED : 0; + + if ((PageOrPool & ConfigBit) == 0) { return FALSE; } - if (PageOrPool == GUARD_HEAP_TYPE_POOL) { - ConfigBit = PcdGet64 (PcdHeapGuardPoolType); - } else if (PageOrPool == GUARD_HEAP_TYPE_PAGE) { - ConfigBit = PcdGet64 (PcdHeapGuardPageType); - } else { - ConfigBit = (UINT64)-1; + if (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled) { + return TRUE; } if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) { - TestBit = BIT63; + MpsMemoryType = OS_RESERVED_MPS_MEMORY_TYPE; } else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) { - TestBit = BIT62; + MpsMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE; } else if (MemoryType < EfiMaxMemoryType) { - TestBit = LShiftU64 (1, MemoryType); + MpsMemoryType = MemoryType; } else if (MemoryType == EfiMaxMemoryType) { - TestBit = (UINT64)-1; + return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_DXE_PAGE_GUARD_ACTIVE) || + (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_DXE_POOL_GUARD_ACTIVE) || + (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled); } else { - TestBit = 0; + return FALSE; } - return ((ConfigBit & TestBit) != 0); + if (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Dxe.PageGuard.EnabledForType[MpsMemoryType]) { + return TRUE; + } + + if (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Dxe.PoolGuard.EnabledForType[MpsMemoryType]) { + return TRUE; + } + + return FALSE; } /** @@ -835,7 +845,7 @@ AdjustMemoryS ( // indicated to put the pool near the Tail Guard, we need extra bytes to // make sure alignment of the returned pool address. // - if ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) { + if (gMps.Dxe.HeapGuard.GuardAlignedToTail) { SizeRequested = ALIGN_VALUE (SizeRequested, 8); } @@ -1019,7 +1029,7 @@ AdjustPoolHeadA ( IN UINTN Size ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // @@ -1045,7 +1055,7 @@ AdjustPoolHeadF ( IN EFI_PHYSICAL_ADDRESS Memory ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index 41af50b3d5ab..5cdc2b0c1927 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -181,7 +181,7 @@ CoreAddRange ( // used for other purposes. // if ((Type == EfiConventionalMemory) && (Start == 0) && (End >= EFI_PAGE_SIZE - 1)) { - if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) == 0) { + if (!gMps.Dxe.NullPointerDetection.Enabled) { SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0); } } diff --git a/MdeModulePkg/Core/Dxe/Mem/Pool.c b/MdeModulePkg/Core/Dxe/Mem/Pool.c index b20cbfdedbab..2a98289ccab4 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Pool.c +++ b/MdeModulePkg/Core/Dxe/Mem/Pool.c @@ -385,7 +385,7 @@ CoreAllocatePoolI ( // HasPoolTail = !(NeedGuard && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Dxe.HeapGuard.GuardAlignedToTail); PageAsPool = (IsHeapGuardEnabled (GUARD_HEAP_TYPE_FREED) && !mOnGuarding); // @@ -717,7 +717,7 @@ CoreFreePoolI ( IsGuarded = IsPoolTypeToGuard (Head->Type) && IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)Head); HasPoolTail = !(IsGuarded && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Dxe.HeapGuard.GuardAlignedToTail); PageAsPool = (Head->Signature == POOLPAGE_HEAD_SIGNATURE); if (HasPoolTail) { diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c index 6c1c17a5c205..7a951fafe79f 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -9,7 +9,7 @@ 2) This policy is applied only if the UEFI image meets the page alignment requirement. 3) This policy is applied only if the Source UEFI image matches the - PcdImageProtectionPolicy definition. + Image Protection Policy definition. 4) This policy is not applied to the non-PE image region. The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect @@ -60,7 +60,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define PREVIOUS_MEMORY_DESCRIPTOR(MemoryDescriptor, Size) \ ((EFI_MEMORY_DESCRIPTOR *)((UINT8 *)(MemoryDescriptor) - (Size))) -UINT32 mImageProtectionPolicy; +STATIC BOOLEAN mIsExecutionProtectionActive = FALSE; + +STATIC BOOLEAN mIsPageOrPoolGuardActive = FALSE; extern LIST_ENTRY mGcdMemorySpaceMap; @@ -149,11 +151,13 @@ GetProtectionPolicyFromImageType ( IN UINT32 ImageType ) { - if ((ImageType & mImageProtectionPolicy) == 0) { - return DO_NOT_PROTECT; - } else { + if (((ImageType == IMAGE_UNKNOWN) && gMps.Dxe.ImageProtection.ProtectImageFromUnknown) || + ((ImageType == IMAGE_FROM_FV) && gMps.Dxe.ImageProtection.ProtectImageFromFv)) + { return PROTECT_IF_ALIGNED_ELSE_ALLOW; } + + return DO_NOT_PROTECT; } /** @@ -611,7 +615,7 @@ UnprotectUefiImage ( IMAGE_PROPERTIES_RECORD *ImageRecord; LIST_ENTRY *ImageRecordLink; - if (PcdGet32 (PcdImageProtectionPolicy) != 0) { + if (IS_DXE_IMAGE_PROTECTION_ACTIVE) { for (ImageRecordLink = mProtectedImageRecordList.ForwardLink; ImageRecordLink != &mProtectedImageRecordList; ImageRecordLink = ImageRecordLink->ForwardLink) @@ -648,21 +652,23 @@ GetPermissionAttributeForMemoryType ( IN EFI_MEMORY_TYPE MemoryType ) { - UINT64 TestBit; + UINT32 TestMemoryType; if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) { - TestBit = BIT63; + TestMemoryType = OS_RESERVED_MPS_MEMORY_TYPE; } else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) { - TestBit = BIT62; + TestMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE; + } else if (MemoryType >= EfiMaxMemoryType) { + return EFI_MEMORY_XP; } else { - TestBit = LShiftU64 (1, MemoryType); + TestMemoryType = MemoryType; } - if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) != 0) { + if (gMps.Dxe.ExecutionProtection.EnabledForType[TestMemoryType]) { return EFI_MEMORY_XP; - } else { - return 0; } + + return 0; } /** @@ -772,7 +778,7 @@ MergeMemoryMapForProtectionPolicy ( /** Remove exec permissions from all regions whose type is identified by - PcdDxeNxMemoryProtectionPolicy. + the DXE Execution Protection Policy. **/ STATIC VOID @@ -827,7 +833,7 @@ InitializeDxeNxMemoryProtectionPolicy ( ASSERT_EFI_ERROR (Status); StackBase = 0; - if (PcdGetBool (PcdCpuStackGuard)) { + if (gMps.Dxe.CpuStackGuardEnabled) { // // Get the base of stack from Hob. // @@ -885,7 +891,7 @@ InitializeDxeNxMemoryProtectionPolicy ( // enabled. // if ((MemoryMapEntry->PhysicalStart == 0) && - (PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0)) + (gMps.Dxe.NullPointerDetection.Enabled)) { ASSERT (MemoryMapEntry->NumberOfPages > 0); SetUefiImageMemoryAttributes ( @@ -903,7 +909,7 @@ InitializeDxeNxMemoryProtectionPolicy ( ((StackBase >= MemoryMapEntry->PhysicalStart) && (StackBase < MemoryMapEntry->PhysicalStart + LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT))) && - PcdGetBool (PcdCpuStackGuard)) + gMps.Dxe.CpuStackGuardEnabled) { SetUefiImageMemoryAttributes ( StackBase, @@ -1027,7 +1033,7 @@ MemoryProtectionCpuArchProtocolNotify ( // // Apply the memory protection policy on non-BScode/RTcode regions. // - if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0) { + if (IS_DXE_EXECUTION_PROTECTION_ACTIVE) { InitializeDxeNxMemoryProtectionPolicy (); } @@ -1036,7 +1042,7 @@ MemoryProtectionCpuArchProtocolNotify ( // HeapGuardCpuArchProtocolNotify (); - if (mImageProtectionPolicy == 0) { + if (!IS_DXE_IMAGE_PROTECTION_ACTIVE) { goto Done; } @@ -1099,7 +1105,7 @@ MemoryProtectionExitBootServicesCallback ( // delay setting protections on RT code pages until after SetVirtualAddressMap(). // OS may set protection on RT based upon EFI_MEMORY_ATTRIBUTES_TABLE later. // - if (mImageProtectionPolicy != 0) { + if (IS_DXE_IMAGE_PROTECTION_ACTIVE) { for (Link = gRuntime->ImageHead.ForwardLink; Link != &gRuntime->ImageHead; Link = Link->ForwardLink) { RuntimeImage = BASE_CR (Link, EFI_RUNTIME_IMAGE_ENTRY, Link); SetUefiImageMemoryAttributes ((UINT64)(UINTN)RuntimeImage->ImageBase, ALIGN_VALUE (RuntimeImage->ImageSize, EFI_PAGE_SIZE), 0); @@ -1173,19 +1179,20 @@ CoreInitializeMemoryProtection ( EFI_EVENT EndOfDxeEvent; VOID *Registration; - mImageProtectionPolicy = PcdGet32 (PcdImageProtectionPolicy); + mIsExecutionProtectionActive = IS_DXE_EXECUTION_PROTECTION_ACTIVE; + mIsPageOrPoolGuardActive = IS_DXE_PAGE_GUARD_ACTIVE || IS_DXE_POOL_GUARD_ACTIVE; InitializeListHead (&mProtectedImageRecordList); // - // Sanity check the PcdDxeNxMemoryProtectionPolicy setting: + // Sanity check the DXE NX protection policy setting: // - code regions should have no EFI_MEMORY_XP attribute // - EfiConventionalMemory and EfiBootServicesData should use the // same attribute // - ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI_MEMORY_XP) == 0); - ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & EFI_MEMORY_XP) == 0); - ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMORY_XP) == 0); + ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiLoaderCode]); + ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiBootServicesCode]); + ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiRuntimeServicesCode]); ASSERT ( GetPermissionAttributeForMemoryType (EfiBootServicesData) == GetPermissionAttributeForMemoryType (EfiConventionalMemory) @@ -1213,9 +1220,7 @@ CoreInitializeMemoryProtection ( // // Register a callback to disable NULL pointer detection at EndOfDxe // - if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7)) - == (BIT0|BIT7)) - { + if (gMps.Dxe.NullPointerDetection.Enabled && gMps.Dxe.NullPointerDetection.DisableEndOfDxe) { Status = CoreCreateEventEx ( EVT_NOTIFY_SIGNAL, TPL_NOTIFY, @@ -1279,7 +1284,7 @@ ApplyMemoryProtectionPolicy ( UINT64 NewAttributes; // - // The policy configured in PcdDxeNxMemoryProtectionPolicy + // The policy configured in DXE Execution Protection Policy // does not apply to allocations performed in SMM mode. // if (IsInSmm ()) { @@ -1298,7 +1303,7 @@ ApplyMemoryProtectionPolicy ( // // Check if a DXE memory protection policy has been configured // - if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) == 0) { + if (!mIsExecutionProtectionActive) { return EFI_SUCCESS; } @@ -1306,7 +1311,7 @@ ApplyMemoryProtectionPolicy ( // Don't overwrite Guard pages, which should be the first and/or last page, // if any. // - if (IsHeapGuardEnabled (GUARD_HEAP_TYPE_PAGE|GUARD_HEAP_TYPE_POOL)) { + if (mIsPageOrPoolGuardActive) { if (IsGuardPage (Memory)) { Memory += EFI_PAGE_SIZE; Length -= EFI_PAGE_SIZE; diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c index 25310122ca1b..eac38e699c30 100644 --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c @@ -592,36 +592,29 @@ IsMemoryTypeToGuard ( IN UINT8 PageOrPool ) { - UINT64 TestBit; UINT64 ConfigBit; - if ( ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) + ConfigBit = gMps.Mm.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0; + ConfigBit |= gMps.Mm.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0; + + if ( ((ConfigBit & PageOrPool) == 0) || mOnGuarding || (AllocateType == AllocateAddress)) { return FALSE; } - ConfigBit = 0; - if ((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) { - ConfigBit |= PcdGet64 (PcdHeapGuardPoolType); - } - - if ((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) { - ConfigBit |= PcdGet64 (PcdHeapGuardPageType); - } - if ((MemoryType == EfiRuntimeServicesData) || (MemoryType == EfiRuntimeServicesCode)) { - TestBit = LShiftU64 (1, MemoryType); + return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Mm.PageGuard.EnabledForType[MemoryType]) || + (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Mm.PoolGuard.EnabledForType[MemoryType]); } else if (MemoryType == EfiMaxMemoryType) { - TestBit = (UINT64)-1; - } else { - TestBit = 0; + return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_MM_PAGE_GUARD_ACTIVE) || + (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_MM_POOL_GUARD_ACTIVE); } - return ((ConfigBit & TestBit) != 0); + return FALSE; } /** @@ -951,7 +944,7 @@ AdjustPoolHeadA ( IN UINTN Size ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // @@ -977,7 +970,7 @@ AdjustPoolHeadF ( IN EFI_PHYSICAL_ADDRESS Memory ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c b/MdeModulePkg/Core/PiSmmCore/Pool.c index e1ff40a8ea55..991efaf33bdd 100644 --- a/MdeModulePkg/Core/PiSmmCore/Pool.c +++ b/MdeModulePkg/Core/PiSmmCore/Pool.c @@ -258,7 +258,7 @@ SmmInternalAllocatePool ( NeedGuard = IsPoolTypeToGuard (PoolType); HasPoolTail = !(NeedGuard && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Mm.HeapGuard.GuardAlignedToTail); // // Adjust the size by the pool header & tail overhead @@ -392,7 +392,7 @@ SmmInternalFreePool ( MemoryGuarded = IsHeapGuardEnabled () && IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)FreePoolHdr); HasPoolTail = !(MemoryGuarded && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Mm.HeapGuard.GuardAlignedToTail); if (HasPoolTail) { PoolTail = HEAD_TO_TAIL (&FreePoolHdr->Header); diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h index 43daa037be44..8b8b97666f38 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -84,6 +84,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include // // attributes for reserved memory before it is promoted to system memory diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf index 6c896a0e7f0f..ddbbee5f68ce 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.inf +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf @@ -94,6 +94,7 @@ [LibraryClasses] DebugAgentLib CpuExceptionHandlerLib PcdLib + GetMemoryProtectionsLib [Guids] gEfiEventMemoryMapChangeGuid ## PRODUCES ## Event @@ -179,13 +180,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileMemoryType ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel ## CONSUMES diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h index b8a490a8c3b5..2fabed0670e0 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h @@ -55,6 +55,7 @@ #include #include #include +#include #include "PiSmmCorePrivateData.h" #include "HeapGuard.h" diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf index 3df44b38f13c..4586ec39d7c7 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf @@ -61,6 +61,7 @@ [LibraryClasses] HobLib SmmMemLib SafeIntLib + GetMemoryProtectionsLib [Protocols] gEfiDxeSmmReadyToLockProtocolGuid ## UNDEFINED # SmiHandlerRegister @@ -94,9 +95,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdSmiHandlerProfilePropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES [Guids] -- 2.41.0.windows.3 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107873): https://edk2.groups.io/g/devel/message/107873 Mute This Topic: https://groups.io/mt/100830917/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-