From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Guo Dong <guo.dong@intel.com>,
Sean Rhodes <sean@starlabs.systems>,
James Lu <james.lu@intel.com>, Gua Guo <gua.guo@intel.com>
Subject: [edk2-devel] [PATCH v5 13/28] UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib
Date: Sun, 8 Oct 2023 17:07:25 -0700 [thread overview]
Message-ID: <20231009000742.1792-14-taylor.d.beebe@gmail.com> (raw)
In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com>
Update the DXE handoff logic in UefiPayloadPkg to use
SetMemoryProtectionsLib to fetch the platform memory protection
settings and reference them when creating the page tables.
Because the protection profile is equivalent to the PCD settings
even when the platform does not explicitly set a profile, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
---
UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c | 11 +++++++++--
UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 ++
UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c | 8 ++++++--
UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c | 15 +++++++++------
UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 1 +
UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf | 9 +--------
UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf | 9 +--------
UefiPayloadPkg/UefiPayloadPkg.dsc | 13 +++++++++++++
8 files changed, 42 insertions(+), 26 deletions(-)
diff --git a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
index 61a9f01ec9e7..4ede962e6544 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
@@ -78,6 +78,8 @@ GLOBAL_REMOVE_IF_UNREFERENCED IA32_DESCRIPTOR gLidtDescriptor = {
0
};
+extern MEMORY_PROTECTION_SETTINGS mMps;
+
/**
Allocates and fills in the Page Directory and Page Table Entries to
establish a 4G page table.
@@ -227,11 +229,14 @@ ToBuildPageTable (
return TRUE;
}
- if (PcdGet8 (PcdHeapGuardPropertyMask) != 0) {
+ if (mMps.Dxe.HeapGuard.PageGuardEnabled ||
+ mMps.Dxe.HeapGuard.PageGuardEnabled ||
+ mMps.Dxe.HeapGuard.FreedMemoryGuardEnabled)
+ {
return TRUE;
}
- if (PcdGetBool (PcdCpuStackGuard)) {
+ if (mMps.Dxe.CpuStackGuardEnabled) {
return TRUE;
}
@@ -268,6 +273,8 @@ HandOffToDxeCore (
UINT32 Index;
X64_IDT_TABLE *IdtTableForX64;
+ GetCurrentMemoryProtectionSettings (&mMps);
+
//
// Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
//
diff --git a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
index 898d610951fa..a4074346c059 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
@@ -8,6 +8,8 @@
#include "UefiPayloadEntry.h"
+MEMORY_PROTECTION_SETTINGS mMps = { 0 };
+
/**
Allocate pages for code.
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
index 346e3feb0459..002ae6e5ab97 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
@@ -17,6 +17,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "UefiPayloadEntry.h"
#define STACK_SIZE 0x20000
+extern MEMORY_PROTECTION_SETTINGS mMps;
+
/**
Transfers control to DxeCore.
@@ -40,6 +42,8 @@ HandOffToDxeCore (
VOID *GhcbBase;
UINTN GhcbSize;
+ GetCurrentMemoryProtectionSettings (&mMps);
+
//
// Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
//
@@ -83,8 +87,8 @@ HandOffToDxeCore (
// Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE
// for the DxeIpl and the DxeCore are both X64.
//
- ASSERT (PcdGetBool (PcdSetNxForStack) == FALSE);
- ASSERT (PcdGetBool (PcdCpuStackGuard) == FALSE);
+ ASSERT (!mMps.Dxe.StackExecutionProtectionEnabled);
+ ASSERT (!mMps.Dxe.CpuStackGuardEnabled);
}
if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
index 1899404b244c..6a986c82cc4b 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
@@ -27,11 +27,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
#include <Register/Intel/Cpuid.h>
#include "VirtualMemory.h"
+extern MEMORY_PROTECTION_SETTINGS mMps;
+
//
// Global variable to keep track current available memory used as page table.
//
@@ -115,7 +118,7 @@ IsNullDetectionEnabled (
VOID
)
{
- return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
+ return mMps.Dxe.NullPointerDetection.Enabled;
}
/**
@@ -169,9 +172,9 @@ IsEnableNonExecNeeded (
// XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
// Features controlled by Following PCDs need this feature to be enabled.
//
- return (PcdGetBool (PcdSetNxForStack) ||
- PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
- PcdGet32 (PcdImageProtectionPolicy) != 0);
+ return (mMps.Dxe.StackExecutionProtectionEnabled ||
+ !IsZeroBuffer (&mMps.Dxe.ExecutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) ||
+ (mMps.Dxe.ImageProtection.ProtectImageFromFv || mMps.Dxe.ImageProtection.ProtectImageFromUnknown));
}
/**
@@ -399,14 +402,14 @@ Split2MPageTo4K (
PageTableEntry->Bits.ReadWrite = 1;
if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
- (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
+ (mMps.Dxe.CpuStackGuardEnabled && (PhysicalAddress4K == StackBase)))
{
PageTableEntry->Bits.Present = 0;
} else {
PageTableEntry->Bits.Present = 1;
}
- if ( PcdGetBool (PcdSetNxForStack)
+ if ( mMps.Dxe.StackExecutionProtectionEnabled
&& (PhysicalAddress4K >= StackBase)
&& (PhysicalAddress4K < StackBase + StackSize))
{
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
index ad8a9fd22b66..c966f3583c77 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -13,6 +13,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DebugLib.h>
#include <Library/PeCoffLib.h>
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
index e2af8a4b7c1b..589dd9d3a99c 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
@@ -55,6 +55,7 @@ [LibraryClasses]
PeCoffLib
PlatformSupportLib
CpuLib
+ SetMemoryProtectionsLib
[Guids]
gEfiMemoryTypeInformationGuid
@@ -76,9 +77,6 @@ [FeaturePcd.X64]
[Pcd.IA32,Pcd.X64]
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ## CONSUMES
@@ -91,8 +89,3 @@ [Pcd.IA32,Pcd.X64]
gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData
gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode
-
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIMES_CONSUMES
-
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
index 5112cdc1e5df..3e99011e0ac6 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
HobLib
PeCoffLib
CpuLib
+ SetMemoryProtectionsLib
[Guids]
gEfiMemoryTypeInformationGuid
@@ -81,17 +82,9 @@ [Pcd.IA32,Pcd.X64]
gUefiPayloadPkgTokenSpaceGuid.PcdPcdDriverFile
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ## CONSUMES
gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase
gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize
gUefiPayloadPkgTokenSpaceGuid.PcdSystemMemoryUefiRegionSize
-
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIMES_CONSUMES
-
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index af9308ef8ed7..9de6a4fbc4a0 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -319,6 +319,19 @@ [LibraryClasses]
CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
FdtLib|MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
+
+#
+# Memory Protection Libraries
+#
+[LibraryClasses.common]
+ SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
+
+[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER]
+ GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
+
+[LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION, LibraryClasses.common.UEFI_DRIVER]
+ GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
+
[LibraryClasses.common]
!if $(BOOTSPLASH_IMAGE)
SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109418): https://edk2.groups.io/g/devel/message/109418
Mute This Topic: https://groups.io/mt/101843356/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-09 0:08 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 0:07 [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-11-03 5:52 ` Ni, Ray
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 7:52 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-10-09 6:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 06/28] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-10-09 6:54 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-10-09 7:10 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-10-09 7:28 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-10-09 7:30 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 10/28] OvmfPkg: " Taylor Beebe
2023-10-09 7:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 8:19 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` Taylor Beebe [this message]
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 14/28] MdeModulePkg: Update DXE Handoff " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 16/28] EmulatorPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 17/28] OvmfPkg: " Taylor Beebe
2023-10-09 8:29 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 18/28] UefiCpuPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 19/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib Taylor Beebe
2023-10-09 8:40 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 22/28] OvmfPkg: Add MemoryProtectionConfigLib Taylor Beebe
2023-10-09 9:17 ` Laszlo Ersek
2023-10-09 9:22 ` Laszlo Ersek
2023-10-09 9:34 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-10-09 9:53 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 10:00 ` Laszlo Ersek
2023-10-10 11:48 ` Gerd Hoffmann
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 26/28] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 27/28] ArmVirtPkg: " Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 28/28] MdeModulePkg: " Taylor Beebe
2023-10-09 10:03 ` Laszlo Ersek
2023-10-09 14:47 ` Taylor Beebe
2023-10-09 10:16 ` [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231009000742.1792-14-taylor.d.beebe@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox