From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9F744740035 for ; Wed, 30 Aug 2023 23:19:23 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=AiDisGy1X68Dg2FmkZWC/dgrQ3G0sotkSYf99wH0FgE=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693437562; v=1; b=QTgaZI8bMWKZwkZKS4yls2eKoYNS+3qsJ5vD3094PE4ccQZlEFJ3YSxaJUsgws9/Ffz7rTM2 RhY7KfzMTO4Xlv1x96x1EjllA2X9hK7hmqre19FxVZZusfinVcM7JuZJVoMQCCAEBBvr1Yr+VEc t8E7FauGqGyoRMH69Q/rHg80= X-Received: by 127.0.0.2 with SMTP id jsd6YY7687511x5mGYPCr6k6; Wed, 30 Aug 2023 16:19:22 -0700 X-Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.4960.1693437557024411516 for ; Wed, 30 Aug 2023 16:19:17 -0700 X-Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-68a529e1974so149903b3a.3 for ; Wed, 30 Aug 2023 16:19:16 -0700 (PDT) X-Gm-Message-State: 7Eq5SsZbVI3tg3rj6n69OyzHx7686176AA= X-Google-Smtp-Source: AGHT+IEjdoiLB7vh0bKeS3iXOXFYG7xw4LW9gXU1/h6XbEvRve/3MyAD9QBWCM9WhoL5+MUfPFnHkw== X-Received: by 2002:a05:6a20:1447:b0:147:5ab9:8496 with SMTP id a7-20020a056a20144700b001475ab98496mr4352343pzi.55.1693437556210; Wed, 30 Aug 2023 16:19:16 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id x16-20020a62fb10000000b0064398fe3451sm102550pfm.217.2023.08.30.16.19.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Aug 2023 16:19:15 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v3 19/26] MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Date: Wed, 30 Aug 2023 16:18:27 -0700 Message-ID: <20230830231851.779-20-taylor.d.beebe@gmail.com> In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com> References: <20230830231851.779-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=QTgaZI8b; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Because the protection profile is equivalent to the PCD settings, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 4 +- MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 46 ++++++++------ MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +- MdeModulePkg/Core/Dxe/Mem/Pool.c | 4 +- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 67 +++++++++++--------- MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 29 ++++----- MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +- MdeModulePkg/Core/Dxe/DxeMain.h | 1 + MdeModulePkg/Core/Dxe/DxeMain.inf | 8 +-- MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 1 + MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 4 +- 11 files changed, 87 insertions(+), 83 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c index 0e0f9769b99d..66cb2fcf2ff7 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -256,10 +256,12 @@ DxeMain ( Status = InitializeCpuExceptionHandlers (VectorInfoList); ASSERT_EFI_ERROR (Status); + PopulateMpsGlobal (); + // // Setup Stack Guard // - if (PcdGetBool (PcdCpuStackGuard)) { + if (gMps.Dxe.CpuStackGuardEnabled) { Status = InitializeSeparateExceptionStacks (NULL, NULL); ASSERT_EFI_ERROR (Status); } diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c index 0c0ca61872b4..59d8f36c89b7 100644 --- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c +++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c @@ -553,7 +553,7 @@ UnsetGuardPage ( // memory. // Attributes = 0; - if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & (1 << EfiConventionalMemory)) != 0) { + if (gMps.Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory]) { Attributes |= EFI_MEMORY_XP; } @@ -590,38 +590,48 @@ IsMemoryTypeToGuard ( IN UINT8 PageOrPool ) { - UINT64 TestBit; + UINT32 MpsMemoryType; UINT64 ConfigBit; if (AllocateType == AllocateAddress) { return FALSE; } - if ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) { + ConfigBit = gMps.Dxe.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0; + ConfigBit |= gMps.Dxe.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0; + ConfigBit |= gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled ? GUARD_HEAP_TYPE_FREED : 0; + + if ((PageOrPool & ConfigBit) == 0) { return FALSE; } - if (PageOrPool == GUARD_HEAP_TYPE_POOL) { - ConfigBit = PcdGet64 (PcdHeapGuardPoolType); - } else if (PageOrPool == GUARD_HEAP_TYPE_PAGE) { - ConfigBit = PcdGet64 (PcdHeapGuardPageType); - } else { - ConfigBit = (UINT64)-1; + if (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled) { + return TRUE; } if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) { - TestBit = BIT63; + MpsMemoryType = OS_RESERVED_MPS_MEMORY_TYPE; } else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) { - TestBit = BIT62; + MpsMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE; } else if (MemoryType < EfiMaxMemoryType) { - TestBit = LShiftU64 (1, MemoryType); + MpsMemoryType = MemoryType; } else if (MemoryType == EfiMaxMemoryType) { - TestBit = (UINT64)-1; + return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_DXE_PAGE_GUARD_ACTIVE) || + (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_DXE_POOL_GUARD_ACTIVE) || + (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled); } else { - TestBit = 0; + return FALSE; } - return ((ConfigBit & TestBit) != 0); + if (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Dxe.PageGuard.EnabledForType[MpsMemoryType]) { + return TRUE; + } + + if (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Dxe.PoolGuard.EnabledForType[MpsMemoryType]) { + return TRUE; + } + + return FALSE; } /** @@ -835,7 +845,7 @@ AdjustMemoryS ( // indicated to put the pool near the Tail Guard, we need extra bytes to // make sure alignment of the returned pool address. // - if ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) { + if (gMps.Dxe.HeapGuard.GuardAlignedToTail) { SizeRequested = ALIGN_VALUE (SizeRequested, 8); } @@ -1019,7 +1029,7 @@ AdjustPoolHeadA ( IN UINTN Size ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // @@ -1050,7 +1060,7 @@ AdjustPoolHeadF ( IN UINTN Size ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index 41af50b3d5ab..5cdc2b0c1927 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -181,7 +181,7 @@ CoreAddRange ( // used for other purposes. // if ((Type == EfiConventionalMemory) && (Start == 0) && (End >= EFI_PAGE_SIZE - 1)) { - if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) == 0) { + if (!gMps.Dxe.NullPointerDetection.Enabled) { SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0); } } diff --git a/MdeModulePkg/Core/Dxe/Mem/Pool.c b/MdeModulePkg/Core/Dxe/Mem/Pool.c index 716dd045f9fd..ae1e8b67db10 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Pool.c +++ b/MdeModulePkg/Core/Dxe/Mem/Pool.c @@ -385,7 +385,7 @@ CoreAllocatePoolI ( // HasPoolTail = !(NeedGuard && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Dxe.HeapGuard.GuardAlignedToTail); PageAsPool = (IsHeapGuardEnabled (GUARD_HEAP_TYPE_FREED) && !mOnGuarding); // @@ -717,7 +717,7 @@ CoreFreePoolI ( IsGuarded = IsPoolTypeToGuard (Head->Type) && IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)Head); HasPoolTail = !(IsGuarded && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Dxe.HeapGuard.GuardAlignedToTail); PageAsPool = (Head->Signature == POOLPAGE_HEAD_SIGNATURE); if (HasPoolTail) { diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c index 94ed3111688b..215a9f254065 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -9,7 +9,7 @@ 2) This policy is applied only if the UEFI image meets the page alignment requirement. 3) This policy is applied only if the Source UEFI image matches the - PcdImageProtectionPolicy definition. + Image Protection Policy definition. 4) This policy is not applied to the non-PE image region. The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect @@ -60,7 +60,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define PREVIOUS_MEMORY_DESCRIPTOR(MemoryDescriptor, Size) \ ((EFI_MEMORY_DESCRIPTOR *)((UINT8 *)(MemoryDescriptor) - (Size))) -UINT32 mImageProtectionPolicy; +STATIC BOOLEAN mIsExecutionProtectionActive = FALSE; + +STATIC BOOLEAN mIsPageOrPoolGuardActive = FALSE; extern LIST_ENTRY mGcdMemorySpaceMap; @@ -149,11 +151,13 @@ GetProtectionPolicyFromImageType ( IN UINT32 ImageType ) { - if ((ImageType & mImageProtectionPolicy) == 0) { - return DO_NOT_PROTECT; - } else { + if (((ImageType == IMAGE_UNKNOWN) && gMps.Dxe.ImageProtection.ProtectImageFromUnknown) || + ((ImageType == IMAGE_FROM_FV) && gMps.Dxe.ImageProtection.ProtectImageFromFv)) + { return PROTECT_IF_ALIGNED_ELSE_ALLOW; } + + return DO_NOT_PROTECT; } /** @@ -611,7 +615,7 @@ UnprotectUefiImage ( IMAGE_PROPERTIES_RECORD *ImageRecord; LIST_ENTRY *ImageRecordLink; - if (PcdGet32 (PcdImageProtectionPolicy) != 0) { + if (IS_DXE_IMAGE_PROTECTION_ACTIVE) { for (ImageRecordLink = mProtectedImageRecordList.ForwardLink; ImageRecordLink != &mProtectedImageRecordList; ImageRecordLink = ImageRecordLink->ForwardLink) @@ -648,21 +652,23 @@ GetPermissionAttributeForMemoryType ( IN EFI_MEMORY_TYPE MemoryType ) { - UINT64 TestBit; + UINT32 TestMemoryType; if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) { - TestBit = BIT63; + TestMemoryType = OS_RESERVED_MPS_MEMORY_TYPE; } else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) { - TestBit = BIT62; + TestMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE; + } else if (MemoryType >= EfiMaxMemoryType) { + return EFI_MEMORY_XP; } else { - TestBit = LShiftU64 (1, MemoryType); + TestMemoryType = MemoryType; } - if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) != 0) { + if (gMps.Dxe.ExecutionProtection.EnabledForType[TestMemoryType]) { return EFI_MEMORY_XP; - } else { - return 0; } + + return 0; } /** @@ -772,7 +778,7 @@ MergeMemoryMapForProtectionPolicy ( /** Remove exec permissions from all regions whose type is identified by - PcdDxeNxMemoryProtectionPolicy. + the DXE Execution Protection Policy. **/ STATIC VOID @@ -827,7 +833,7 @@ InitializeDxeNxMemoryProtectionPolicy ( ASSERT_EFI_ERROR (Status); StackBase = 0; - if (PcdGetBool (PcdCpuStackGuard)) { + if (gMps.Dxe.CpuStackGuardEnabled) { // // Get the base of stack from Hob. // @@ -885,7 +891,7 @@ InitializeDxeNxMemoryProtectionPolicy ( // enabled. // if ((MemoryMapEntry->PhysicalStart == 0) && - (PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0)) + (gMps.Dxe.NullPointerDetection.Enabled)) { ASSERT (MemoryMapEntry->NumberOfPages > 0); SetUefiImageMemoryAttributes ( @@ -903,7 +909,7 @@ InitializeDxeNxMemoryProtectionPolicy ( ((StackBase >= MemoryMapEntry->PhysicalStart) && (StackBase < MemoryMapEntry->PhysicalStart + LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT))) && - PcdGetBool (PcdCpuStackGuard)) + gMps.Dxe.CpuStackGuardEnabled) { SetUefiImageMemoryAttributes ( StackBase, @@ -1024,7 +1030,7 @@ MemoryProtectionCpuArchProtocolNotify ( // // Apply the memory protection policy on non-BScode/RTcode regions. // - if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0) { + if (IS_DXE_EXECUTION_PROTECTION_ACTIVE) { InitializeDxeNxMemoryProtectionPolicy (); } @@ -1036,7 +1042,7 @@ MemoryProtectionCpuArchProtocolNotify ( // Mark the HOB list XP and RO. ProtectHobList (); - if (mImageProtectionPolicy == 0) { + if (!IS_DXE_IMAGE_PROTECTION_ACTIVE) { goto Done; } @@ -1099,7 +1105,7 @@ MemoryProtectionExitBootServicesCallback ( // delay setting protections on RT code pages until after SetVirtualAddressMap(). // OS may set protection on RT based upon EFI_MEMORY_ATTRIBUTES_TABLE later. // - if (mImageProtectionPolicy != 0) { + if (IS_DXE_IMAGE_PROTECTION_ACTIVE) { for (Link = gRuntime->ImageHead.ForwardLink; Link != &gRuntime->ImageHead; Link = Link->ForwardLink) { RuntimeImage = BASE_CR (Link, EFI_RUNTIME_IMAGE_ENTRY, Link); SetUefiImageMemoryAttributes ((UINT64)(UINTN)RuntimeImage->ImageBase, ALIGN_VALUE (RuntimeImage->ImageSize, EFI_PAGE_SIZE), 0); @@ -1173,19 +1179,20 @@ CoreInitializeMemoryProtection ( EFI_EVENT EndOfDxeEvent; VOID *Registration; - mImageProtectionPolicy = PcdGet32 (PcdImageProtectionPolicy); + mIsExecutionProtectionActive = IS_DXE_EXECUTION_PROTECTION_ACTIVE; + mIsPageOrPoolGuardActive = IS_DXE_PAGE_GUARD_ACTIVE || IS_DXE_POOL_GUARD_ACTIVE; InitializeListHead (&mProtectedImageRecordList); // - // Sanity check the PcdDxeNxMemoryProtectionPolicy setting: + // Sanity check the DXE NX protection policy setting: // - code regions should have no EFI_MEMORY_XP attribute // - EfiConventionalMemory and EfiBootServicesData should use the // same attribute // - ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI_MEMORY_XP) == 0); - ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & EFI_MEMORY_XP) == 0); - ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMORY_XP) == 0); + ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiLoaderCode]); + ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiBootServicesCode]); + ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiRuntimeServicesCode]); ASSERT ( GetPermissionAttributeForMemoryType (EfiBootServicesData) == GetPermissionAttributeForMemoryType (EfiConventionalMemory) @@ -1213,9 +1220,7 @@ CoreInitializeMemoryProtection ( // // Register a callback to disable NULL pointer detection at EndOfDxe // - if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7)) - == (BIT0|BIT7)) - { + if (gMps.Dxe.NullPointerDetection.Enabled && gMps.Dxe.NullPointerDetection.DisableEndOfDxe) { Status = CoreCreateEventEx ( EVT_NOTIFY_SIGNAL, TPL_NOTIFY, @@ -1279,7 +1284,7 @@ ApplyMemoryProtectionPolicy ( UINT64 NewAttributes; // - // The policy configured in PcdDxeNxMemoryProtectionPolicy + // The policy configured in DXE Execution Protection Policy // does not apply to allocations performed in SMM mode. // if (IsInSmm ()) { @@ -1298,7 +1303,7 @@ ApplyMemoryProtectionPolicy ( // // Check if a DXE memory protection policy has been configured // - if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) == 0) { + if (!mIsExecutionProtectionActive) { return EFI_SUCCESS; } @@ -1306,7 +1311,7 @@ ApplyMemoryProtectionPolicy ( // Don't overwrite Guard pages, which should be the first and/or last page, // if any. // - if (IsHeapGuardEnabled (GUARD_HEAP_TYPE_PAGE|GUARD_HEAP_TYPE_POOL)) { + if (mIsPageOrPoolGuardActive) { if (IsGuardPage (Memory)) { Memory += EFI_PAGE_SIZE; Length -= EFI_PAGE_SIZE; diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c index 25310122ca1b..eac38e699c30 100644 --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c @@ -592,36 +592,29 @@ IsMemoryTypeToGuard ( IN UINT8 PageOrPool ) { - UINT64 TestBit; UINT64 ConfigBit; - if ( ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) + ConfigBit = gMps.Mm.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0; + ConfigBit |= gMps.Mm.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0; + + if ( ((ConfigBit & PageOrPool) == 0) || mOnGuarding || (AllocateType == AllocateAddress)) { return FALSE; } - ConfigBit = 0; - if ((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) { - ConfigBit |= PcdGet64 (PcdHeapGuardPoolType); - } - - if ((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) { - ConfigBit |= PcdGet64 (PcdHeapGuardPageType); - } - if ((MemoryType == EfiRuntimeServicesData) || (MemoryType == EfiRuntimeServicesCode)) { - TestBit = LShiftU64 (1, MemoryType); + return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Mm.PageGuard.EnabledForType[MemoryType]) || + (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Mm.PoolGuard.EnabledForType[MemoryType]); } else if (MemoryType == EfiMaxMemoryType) { - TestBit = (UINT64)-1; - } else { - TestBit = 0; + return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_MM_PAGE_GUARD_ACTIVE) || + (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_MM_POOL_GUARD_ACTIVE); } - return ((ConfigBit & TestBit) != 0); + return FALSE; } /** @@ -951,7 +944,7 @@ AdjustPoolHeadA ( IN UINTN Size ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // @@ -977,7 +970,7 @@ AdjustPoolHeadF ( IN EFI_PHYSICAL_ADDRESS Memory ) { - if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) { + if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) { // // Pool head is put near the head Guard // diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c b/MdeModulePkg/Core/PiSmmCore/Pool.c index e1ff40a8ea55..991efaf33bdd 100644 --- a/MdeModulePkg/Core/PiSmmCore/Pool.c +++ b/MdeModulePkg/Core/PiSmmCore/Pool.c @@ -258,7 +258,7 @@ SmmInternalAllocatePool ( NeedGuard = IsPoolTypeToGuard (PoolType); HasPoolTail = !(NeedGuard && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Mm.HeapGuard.GuardAlignedToTail); // // Adjust the size by the pool header & tail overhead @@ -392,7 +392,7 @@ SmmInternalFreePool ( MemoryGuarded = IsHeapGuardEnabled () && IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)FreePoolHdr); HasPoolTail = !(MemoryGuarded && - ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0)); + gMps.Mm.HeapGuard.GuardAlignedToTail); if (HasPoolTail) { PoolTail = HEAD_TO_TAIL (&FreePoolHdr->Header); diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h index 43daa037be44..8b8b97666f38 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -84,6 +84,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include // // attributes for reserved memory before it is promoted to system memory diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf index 6c896a0e7f0f..ddbbee5f68ce 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.inf +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf @@ -94,6 +94,7 @@ [LibraryClasses] DebugAgentLib CpuExceptionHandlerLib PcdLib + GetMemoryProtectionsLib [Guids] gEfiEventMemoryMapChangeGuid ## PRODUCES ## Event @@ -179,13 +180,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileMemoryType ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel ## CONSUMES diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h index b8a490a8c3b5..2fabed0670e0 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h @@ -55,6 +55,7 @@ #include #include #include +#include #include "PiSmmCorePrivateData.h" #include "HeapGuard.h" diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf index 3df44b38f13c..4586ec39d7c7 100644 --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf @@ -61,6 +61,7 @@ [LibraryClasses] HobLib SmmMemLib SafeIntLib + GetMemoryProtectionsLib [Protocols] gEfiDxeSmmReadyToLockProtocolGuid ## UNDEFINED # SmiHandlerRegister @@ -94,9 +95,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdSmiHandlerProfilePropertyMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES [Guids] -- 2.42.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108173): https://edk2.groups.io/g/devel/message/108173 Mute This Topic: https://groups.io/mt/101064093/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-