From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <bounce+27952+108173+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
by spool.mail.gandi.net (Postfix) with ESMTPS id 9F744740035
for <rebecca@openfw.io>; Wed, 30 Aug 2023 23:19:23 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=AiDisGy1X68Dg2FmkZWC/dgrQ3G0sotkSYf99wH0FgE=;
c=relaxed/simple; d=groups.io;
h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
s=20140610; t=1693437562; v=1;
b=QTgaZI8bMWKZwkZKS4yls2eKoYNS+3qsJ5vD3094PE4ccQZlEFJ3YSxaJUsgws9/Ffz7rTM2
RhY7KfzMTO4Xlv1x96x1EjllA2X9hK7hmqre19FxVZZusfinVcM7JuZJVoMQCCAEBBvr1Yr+VEc
t8E7FauGqGyoRMH69Q/rHg80=
X-Received: by 127.0.0.2 with SMTP id jsd6YY7687511x5mGYPCr6k6; Wed, 30 Aug 2023 16:19:22 -0700
X-Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175])
by mx.groups.io with SMTP id smtpd.web11.4960.1693437557024411516
for <devel@edk2.groups.io>;
Wed, 30 Aug 2023 16:19:17 -0700
X-Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-68a529e1974so149903b3a.3
for <devel@edk2.groups.io>; Wed, 30 Aug 2023 16:19:16 -0700 (PDT)
X-Gm-Message-State: 7Eq5SsZbVI3tg3rj6n69OyzHx7686176AA=
X-Google-Smtp-Source: AGHT+IEjdoiLB7vh0bKeS3iXOXFYG7xw4LW9gXU1/h6XbEvRve/3MyAD9QBWCM9WhoL5+MUfPFnHkw==
X-Received: by 2002:a05:6a20:1447:b0:147:5ab9:8496 with SMTP id a7-20020a056a20144700b001475ab98496mr4352343pzi.55.1693437556210;
Wed, 30 Aug 2023 16:19:16 -0700 (PDT)
X-Received: from localhost.localdomain ([50.46.253.1])
by smtp.gmail.com with ESMTPSA id x16-20020a62fb10000000b0064398fe3451sm102550pfm.217.2023.08.30.16.19.15
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 30 Aug 2023 16:19:15 -0700 (PDT)
From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Dandan Bi <dandan.bi@intel.com>
Subject: [edk2-devel] [PATCH v3 19/26] MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs
Date: Wed, 30 Aug 2023 16:18:27 -0700
Message-ID: <20230830231851.779-20-taylor.d.beebe@gmail.com>
In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com>
References: <20230830231851.779-1-taylor.d.beebe@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: 8bit
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
dkim=pass header.d=groups.io header.s=20140610 header.b=QTgaZI8b;
dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none);
spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
---
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 4 +-
MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 46 ++++++++------
MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +-
MdeModulePkg/Core/Dxe/Mem/Pool.c | 4 +-
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 67 +++++++++++---------
MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 29 ++++-----
MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +-
MdeModulePkg/Core/Dxe/DxeMain.h | 1 +
MdeModulePkg/Core/Dxe/DxeMain.inf | 8 +--
MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 1 +
MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 4 +-
11 files changed, 87 insertions(+), 83 deletions(-)
diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index 0e0f9769b99d..66cb2fcf2ff7 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -256,10 +256,12 @@ DxeMain (
Status = InitializeCpuExceptionHandlers (VectorInfoList);
ASSERT_EFI_ERROR (Status);
+ PopulateMpsGlobal ();
+
//
// Setup Stack Guard
//
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
Status = InitializeSeparateExceptionStacks (NULL, NULL);
ASSERT_EFI_ERROR (Status);
}
diff --git a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
index 0c0ca61872b4..59d8f36c89b7 100644
--- a/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
+++ b/MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
@@ -553,7 +553,7 @@ UnsetGuardPage (
// memory.
//
Attributes = 0;
- if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & (1 << EfiConventionalMemory)) != 0) {
+ if (gMps.Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory]) {
Attributes |= EFI_MEMORY_XP;
}
@@ -590,38 +590,48 @@ IsMemoryTypeToGuard (
IN UINT8 PageOrPool
)
{
- UINT64 TestBit;
+ UINT32 MpsMemoryType;
UINT64 ConfigBit;
if (AllocateType == AllocateAddress) {
return FALSE;
}
- if ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) {
+ ConfigBit = gMps.Dxe.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0;
+ ConfigBit |= gMps.Dxe.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0;
+ ConfigBit |= gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled ? GUARD_HEAP_TYPE_FREED : 0;
+
+ if ((PageOrPool & ConfigBit) == 0) {
return FALSE;
}
- if (PageOrPool == GUARD_HEAP_TYPE_POOL) {
- ConfigBit = PcdGet64 (PcdHeapGuardPoolType);
- } else if (PageOrPool == GUARD_HEAP_TYPE_PAGE) {
- ConfigBit = PcdGet64 (PcdHeapGuardPageType);
- } else {
- ConfigBit = (UINT64)-1;
+ if (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled) {
+ return TRUE;
}
if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) {
- TestBit = BIT63;
+ MpsMemoryType = OS_RESERVED_MPS_MEMORY_TYPE;
} else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) {
- TestBit = BIT62;
+ MpsMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE;
} else if (MemoryType < EfiMaxMemoryType) {
- TestBit = LShiftU64 (1, MemoryType);
+ MpsMemoryType = MemoryType;
} else if (MemoryType == EfiMaxMemoryType) {
- TestBit = (UINT64)-1;
+ return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_DXE_PAGE_GUARD_ACTIVE) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_DXE_POOL_GUARD_ACTIVE) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_FREED) != 0) && gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled);
} else {
- TestBit = 0;
+ return FALSE;
}
- return ((ConfigBit & TestBit) != 0);
+ if (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Dxe.PageGuard.EnabledForType[MpsMemoryType]) {
+ return TRUE;
+ }
+
+ if (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Dxe.PoolGuard.EnabledForType[MpsMemoryType]) {
+ return TRUE;
+ }
+
+ return FALSE;
}
/**
@@ -835,7 +845,7 @@ AdjustMemoryS (
// indicated to put the pool near the Tail Guard, we need extra bytes to
// make sure alignment of the returned pool address.
//
- if ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) {
+ if (gMps.Dxe.HeapGuard.GuardAlignedToTail) {
SizeRequested = ALIGN_VALUE (SizeRequested, 8);
}
@@ -1019,7 +1029,7 @@ AdjustPoolHeadA (
IN UINTN Size
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
@@ -1050,7 +1060,7 @@ AdjustPoolHeadF (
IN UINTN Size
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Dxe.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c
index 41af50b3d5ab..5cdc2b0c1927 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Page.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Page.c
@@ -181,7 +181,7 @@ CoreAddRange (
// used for other purposes.
//
if ((Type == EfiConventionalMemory) && (Start == 0) && (End >= EFI_PAGE_SIZE - 1)) {
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) == 0) {
+ if (!gMps.Dxe.NullPointerDetection.Enabled) {
SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0);
}
}
diff --git a/MdeModulePkg/Core/Dxe/Mem/Pool.c b/MdeModulePkg/Core/Dxe/Mem/Pool.c
index 716dd045f9fd..ae1e8b67db10 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Pool.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Pool.c
@@ -385,7 +385,7 @@ CoreAllocatePoolI (
//
HasPoolTail = !(NeedGuard &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Dxe.HeapGuard.GuardAlignedToTail);
PageAsPool = (IsHeapGuardEnabled (GUARD_HEAP_TYPE_FREED) && !mOnGuarding);
//
@@ -717,7 +717,7 @@ CoreFreePoolI (
IsGuarded = IsPoolTypeToGuard (Head->Type) &&
IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)Head);
HasPoolTail = !(IsGuarded &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Dxe.HeapGuard.GuardAlignedToTail);
PageAsPool = (Head->Signature == POOLPAGE_HEAD_SIGNATURE);
if (HasPoolTail) {
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index 94ed3111688b..215a9f254065 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -9,7 +9,7 @@
2) This policy is applied only if the UEFI image meets the page alignment
requirement.
3) This policy is applied only if the Source UEFI image matches the
- PcdImageProtectionPolicy definition.
+ Image Protection Policy definition.
4) This policy is not applied to the non-PE image region.
The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
@@ -60,7 +60,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PREVIOUS_MEMORY_DESCRIPTOR(MemoryDescriptor, Size) \
((EFI_MEMORY_DESCRIPTOR *)((UINT8 *)(MemoryDescriptor) - (Size)))
-UINT32 mImageProtectionPolicy;
+STATIC BOOLEAN mIsExecutionProtectionActive = FALSE;
+
+STATIC BOOLEAN mIsPageOrPoolGuardActive = FALSE;
extern LIST_ENTRY mGcdMemorySpaceMap;
@@ -149,11 +151,13 @@ GetProtectionPolicyFromImageType (
IN UINT32 ImageType
)
{
- if ((ImageType & mImageProtectionPolicy) == 0) {
- return DO_NOT_PROTECT;
- } else {
+ if (((ImageType == IMAGE_UNKNOWN) && gMps.Dxe.ImageProtection.ProtectImageFromUnknown) ||
+ ((ImageType == IMAGE_FROM_FV) && gMps.Dxe.ImageProtection.ProtectImageFromFv))
+ {
return PROTECT_IF_ALIGNED_ELSE_ALLOW;
}
+
+ return DO_NOT_PROTECT;
}
/**
@@ -611,7 +615,7 @@ UnprotectUefiImage (
IMAGE_PROPERTIES_RECORD *ImageRecord;
LIST_ENTRY *ImageRecordLink;
- if (PcdGet32 (PcdImageProtectionPolicy) != 0) {
+ if (IS_DXE_IMAGE_PROTECTION_ACTIVE) {
for (ImageRecordLink = mProtectedImageRecordList.ForwardLink;
ImageRecordLink != &mProtectedImageRecordList;
ImageRecordLink = ImageRecordLink->ForwardLink)
@@ -648,21 +652,23 @@ GetPermissionAttributeForMemoryType (
IN EFI_MEMORY_TYPE MemoryType
)
{
- UINT64 TestBit;
+ UINT32 TestMemoryType;
if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) {
- TestBit = BIT63;
+ TestMemoryType = OS_RESERVED_MPS_MEMORY_TYPE;
} else if ((UINT32)MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) {
- TestBit = BIT62;
+ TestMemoryType = OEM_RESERVED_MPS_MEMORY_TYPE;
+ } else if (MemoryType >= EfiMaxMemoryType) {
+ return EFI_MEMORY_XP;
} else {
- TestBit = LShiftU64 (1, MemoryType);
+ TestMemoryType = MemoryType;
}
- if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & TestBit) != 0) {
+ if (gMps.Dxe.ExecutionProtection.EnabledForType[TestMemoryType]) {
return EFI_MEMORY_XP;
- } else {
- return 0;
}
+
+ return 0;
}
/**
@@ -772,7 +778,7 @@ MergeMemoryMapForProtectionPolicy (
/**
Remove exec permissions from all regions whose type is identified by
- PcdDxeNxMemoryProtectionPolicy.
+ the DXE Execution Protection Policy.
**/
STATIC
VOID
@@ -827,7 +833,7 @@ InitializeDxeNxMemoryProtectionPolicy (
ASSERT_EFI_ERROR (Status);
StackBase = 0;
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (gMps.Dxe.CpuStackGuardEnabled) {
//
// Get the base of stack from Hob.
//
@@ -885,7 +891,7 @@ InitializeDxeNxMemoryProtectionPolicy (
// enabled.
//
if ((MemoryMapEntry->PhysicalStart == 0) &&
- (PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0))
+ (gMps.Dxe.NullPointerDetection.Enabled))
{
ASSERT (MemoryMapEntry->NumberOfPages > 0);
SetUefiImageMemoryAttributes (
@@ -903,7 +909,7 @@ InitializeDxeNxMemoryProtectionPolicy (
((StackBase >= MemoryMapEntry->PhysicalStart) &&
(StackBase < MemoryMapEntry->PhysicalStart +
LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT))) &&
- PcdGetBool (PcdCpuStackGuard))
+ gMps.Dxe.CpuStackGuardEnabled)
{
SetUefiImageMemoryAttributes (
StackBase,
@@ -1024,7 +1030,7 @@ MemoryProtectionCpuArchProtocolNotify (
//
// Apply the memory protection policy on non-BScode/RTcode regions.
//
- if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0) {
+ if (IS_DXE_EXECUTION_PROTECTION_ACTIVE) {
InitializeDxeNxMemoryProtectionPolicy ();
}
@@ -1036,7 +1042,7 @@ MemoryProtectionCpuArchProtocolNotify (
// Mark the HOB list XP and RO.
ProtectHobList ();
- if (mImageProtectionPolicy == 0) {
+ if (!IS_DXE_IMAGE_PROTECTION_ACTIVE) {
goto Done;
}
@@ -1099,7 +1105,7 @@ MemoryProtectionExitBootServicesCallback (
// delay setting protections on RT code pages until after SetVirtualAddressMap().
// OS may set protection on RT based upon EFI_MEMORY_ATTRIBUTES_TABLE later.
//
- if (mImageProtectionPolicy != 0) {
+ if (IS_DXE_IMAGE_PROTECTION_ACTIVE) {
for (Link = gRuntime->ImageHead.ForwardLink; Link != &gRuntime->ImageHead; Link = Link->ForwardLink) {
RuntimeImage = BASE_CR (Link, EFI_RUNTIME_IMAGE_ENTRY, Link);
SetUefiImageMemoryAttributes ((UINT64)(UINTN)RuntimeImage->ImageBase, ALIGN_VALUE (RuntimeImage->ImageSize, EFI_PAGE_SIZE), 0);
@@ -1173,19 +1179,20 @@ CoreInitializeMemoryProtection (
EFI_EVENT EndOfDxeEvent;
VOID *Registration;
- mImageProtectionPolicy = PcdGet32 (PcdImageProtectionPolicy);
+ mIsExecutionProtectionActive = IS_DXE_EXECUTION_PROTECTION_ACTIVE;
+ mIsPageOrPoolGuardActive = IS_DXE_PAGE_GUARD_ACTIVE || IS_DXE_POOL_GUARD_ACTIVE;
InitializeListHead (&mProtectedImageRecordList);
//
- // Sanity check the PcdDxeNxMemoryProtectionPolicy setting:
+ // Sanity check the DXE NX protection policy setting:
// - code regions should have no EFI_MEMORY_XP attribute
// - EfiConventionalMemory and EfiBootServicesData should use the
// same attribute
//
- ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI_MEMORY_XP) == 0);
- ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & EFI_MEMORY_XP) == 0);
- ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMORY_XP) == 0);
+ ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiLoaderCode]);
+ ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiBootServicesCode]);
+ ASSERT (!gMps.Dxe.ExecutionProtection.EnabledForType[EfiRuntimeServicesCode]);
ASSERT (
GetPermissionAttributeForMemoryType (EfiBootServicesData) ==
GetPermissionAttributeForMemoryType (EfiConventionalMemory)
@@ -1213,9 +1220,7 @@ CoreInitializeMemoryProtection (
//
// Register a callback to disable NULL pointer detection at EndOfDxe
//
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7))
- == (BIT0|BIT7))
- {
+ if (gMps.Dxe.NullPointerDetection.Enabled && gMps.Dxe.NullPointerDetection.DisableEndOfDxe) {
Status = CoreCreateEventEx (
EVT_NOTIFY_SIGNAL,
TPL_NOTIFY,
@@ -1279,7 +1284,7 @@ ApplyMemoryProtectionPolicy (
UINT64 NewAttributes;
//
- // The policy configured in PcdDxeNxMemoryProtectionPolicy
+ // The policy configured in DXE Execution Protection Policy
// does not apply to allocations performed in SMM mode.
//
if (IsInSmm ()) {
@@ -1298,7 +1303,7 @@ ApplyMemoryProtectionPolicy (
//
// Check if a DXE memory protection policy has been configured
//
- if (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) == 0) {
+ if (!mIsExecutionProtectionActive) {
return EFI_SUCCESS;
}
@@ -1306,7 +1311,7 @@ ApplyMemoryProtectionPolicy (
// Don't overwrite Guard pages, which should be the first and/or last page,
// if any.
//
- if (IsHeapGuardEnabled (GUARD_HEAP_TYPE_PAGE|GUARD_HEAP_TYPE_POOL)) {
+ if (mIsPageOrPoolGuardActive) {
if (IsGuardPage (Memory)) {
Memory += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
index 25310122ca1b..eac38e699c30 100644
--- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
+++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
@@ -592,36 +592,29 @@ IsMemoryTypeToGuard (
IN UINT8 PageOrPool
)
{
- UINT64 TestBit;
UINT64 ConfigBit;
- if ( ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0)
+ ConfigBit = gMps.Mm.HeapGuard.PageGuardEnabled ? GUARD_HEAP_TYPE_PAGE : 0;
+ ConfigBit |= gMps.Mm.HeapGuard.PoolGuardEnabled ? GUARD_HEAP_TYPE_POOL : 0;
+
+ if ( ((ConfigBit & PageOrPool) == 0)
|| mOnGuarding
|| (AllocateType == AllocateAddress))
{
return FALSE;
}
- ConfigBit = 0;
- if ((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) {
- ConfigBit |= PcdGet64 (PcdHeapGuardPoolType);
- }
-
- if ((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) {
- ConfigBit |= PcdGet64 (PcdHeapGuardPageType);
- }
-
if ((MemoryType == EfiRuntimeServicesData) ||
(MemoryType == EfiRuntimeServicesCode))
{
- TestBit = LShiftU64 (1, MemoryType);
+ return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && gMps.Mm.PageGuard.EnabledForType[MemoryType]) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && gMps.Mm.PoolGuard.EnabledForType[MemoryType]);
} else if (MemoryType == EfiMaxMemoryType) {
- TestBit = (UINT64)-1;
- } else {
- TestBit = 0;
+ return (((PageOrPool & GUARD_HEAP_TYPE_PAGE) != 0) && IS_MM_PAGE_GUARD_ACTIVE) ||
+ (((PageOrPool & GUARD_HEAP_TYPE_POOL) != 0) && IS_MM_POOL_GUARD_ACTIVE);
}
- return ((ConfigBit & TestBit) != 0);
+ return FALSE;
}
/**
@@ -951,7 +944,7 @@ AdjustPoolHeadA (
IN UINTN Size
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
@@ -977,7 +970,7 @@ AdjustPoolHeadF (
IN EFI_PHYSICAL_ADDRESS Memory
)
{
- if ((Memory == 0) || ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0)) {
+ if ((Memory == 0) || (!gMps.Mm.HeapGuard.GuardAlignedToTail)) {
//
// Pool head is put near the head Guard
//
diff --git a/MdeModulePkg/Core/PiSmmCore/Pool.c b/MdeModulePkg/Core/PiSmmCore/Pool.c
index e1ff40a8ea55..991efaf33bdd 100644
--- a/MdeModulePkg/Core/PiSmmCore/Pool.c
+++ b/MdeModulePkg/Core/PiSmmCore/Pool.c
@@ -258,7 +258,7 @@ SmmInternalAllocatePool (
NeedGuard = IsPoolTypeToGuard (PoolType);
HasPoolTail = !(NeedGuard &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Mm.HeapGuard.GuardAlignedToTail);
//
// Adjust the size by the pool header & tail overhead
@@ -392,7 +392,7 @@ SmmInternalFreePool (
MemoryGuarded = IsHeapGuardEnabled () &&
IsMemoryGuarded ((EFI_PHYSICAL_ADDRESS)(UINTN)FreePoolHdr);
HasPoolTail = !(MemoryGuarded &&
- ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0));
+ gMps.Mm.HeapGuard.GuardAlignedToTail);
if (HasPoolTail) {
PoolTail = HEAD_TO_TAIL (&FreePoolHdr->Header);
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index 43daa037be44..8b8b97666f38 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -84,6 +84,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DxeServicesLib.h>
#include <Library/DebugAgentLib.h>
#include <Library/CpuExceptionHandlerLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
//
// attributes for reserved memory before it is promoted to system memory
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf
index 6c896a0e7f0f..ddbbee5f68ce 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -94,6 +94,7 @@ [LibraryClasses]
DebugAgentLib
CpuExceptionHandlerLib
PcdLib
+ GetMemoryProtectionsLib
[Guids]
gEfiEventMemoryMapChangeGuid ## PRODUCES ## Event
@@ -179,13 +180,6 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileMemoryType ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel ## CONSUMES
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
index b8a490a8c3b5..2fabed0670e0 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.h
@@ -55,6 +55,7 @@
#include <Library/HobLib.h>
#include <Library/SmmMemLib.h>
#include <Library/SafeIntLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
#include "PiSmmCorePrivateData.h"
#include "HeapGuard.h"
diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
index 3df44b38f13c..4586ec39d7c7 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
@@ -61,6 +61,7 @@ [LibraryClasses]
HobLib
SmmMemLib
SafeIntLib
+ GetMemoryProtectionsLib
[Protocols]
gEfiDxeSmmReadyToLockProtocolGuid ## UNDEFINED # SmiHandlerRegister
@@ -94,9 +95,6 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdSmiHandlerProfilePropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES
[Guids]
--
2.42.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108173): https://edk2.groups.io/g/devel/message/108173
Mute This Topic: https://groups.io/mt/101064093/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-