From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 0AEEBAC0CC6 for ; Mon, 9 Oct 2023 07:52:23 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=DtZ+Hw0KdOjRH05ANvytpm8KFhaLb7+QWU/iufbGE/g=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1696837942; v=1; b=ZjhlF7+7YKs0iu330hkjPwU5ByO6T5XSz2poWDbiCUWU4CeiFK48rVcFsmv9rIKZclxJC/td rDRNfk/JZCW8qHnoUgZstGhl2XwNghh9WSDurGEwwlgFnYJaQp54DXR3pBq/S5LI+ftCHzy4xZ0 lL/hL3Wf76VMIcaPUJphbHI4= X-Received: by 127.0.0.2 with SMTP id YGVQYY7687511x1Fak4sw6CW; Mon, 09 Oct 2023 00:52:22 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.56416.1696837941917149686 for ; Mon, 09 Oct 2023 00:52:22 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-691-s3Bcn61oOvSYDARR4qcWzw-1; Mon, 09 Oct 2023 03:52:17 -0400 X-MC-Unique: s3Bcn61oOvSYDARR4qcWzw-1 X-Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0126E81B13F; Mon, 9 Oct 2023 07:52:17 +0000 (UTC) X-Received: from [10.39.192.114] (unknown [10.39.192.114]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8FDDBC154CE; Mon, 9 Oct 2023 07:52:15 +0000 (UTC) Message-ID: <492e83cb-248e-9169-cca1-5f1f8158cffb@redhat.com> Date: Mon, 9 Oct 2023 09:52:14 +0200 MIME-Version: 1.0 Subject: Re: [edk2-devel] [PATCH v5 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib To: devel@edk2.groups.io, taylor.d.beebe@gmail.com Cc: Jian J Wang , Liming Gao References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> <20231009000742.1792-3-taylor.d.beebe@gmail.com> From: "Laszlo Ersek" In-Reply-To: <20231009000742.1792-3-taylor.d.beebe@gmail.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: NbGDCh34OcgI8cujo5C0FQxNx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ZjhlF7+7; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 10/9/23 02:07, Taylor Beebe wrote: > SetMemoryProtectionsLib is a PEIM which allows platforms to > apply memory protection settings to the current boot. >=20 > GetMemoryProtectionsLib has DXE and MM implementations to allow > platforms to query the current memory protection settings via a > global variable populated by the library Implementations. >=20 > The global variable is a union of the MM and DXE settings. the > DXE struct is only valid in a DXE module and the MM struct is > only valid in an SMM or Stanalone MM module. >=20 > Signed-off-by: Taylor Beebe > Cc: Jian J Wang > Cc: Liming Gao > --- > MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h | 83 +++++++++++ > MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h | 152 +++++++++++= +++++++++ > MdeModulePkg/MdeModulePkg.dec | 8 ++ > 3 files changed, 243 insertions(+) >=20 > diff --git a/MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h b/Mde= ModulePkg/Include/Library/GetMemoryProtectionsLib.h > new file mode 100644 > index 000000000000..c8f7084e9c80 > --- /dev/null > +++ b/MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h > @@ -0,0 +1,83 @@ > +/** @file > +Library for accessing the platform memory protection settings. > + > +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef GET_MEMORY_PROTECTION_SETTINGS_LIB_H_ > +#define GET_MEMORY_PROTECTION_SETTINGS_LIB_H_ > + > +#include > +#include > + > +#pragma pack(1) > + > +typedef union { > + DXE_MEMORY_PROTECTION_SETTINGS Dxe; > + MM_MEMORY_PROTECTION_SETTINGS Mm; > +} MEMORY_PROTECTION_SETTINGS_UNION; > + > +#pragma pack() > + > +// The global used to access current Memory Protection Settings > +extern MEMORY_PROTECTION_SETTINGS_UNION gMps; > + > +#define MPS_IS_DXE_SIGNATURE_VALID (gMps.Dxe.Signature =3D=3D DXE_MEMOR= Y_PROTECTION_SIGNATURE) > +#define MPS_IS_MM_SIGNATURE_VALID (gMps.Mm.Signature =3D=3D MM_MEMORY_= PROTECTION_SIGNATURE) > + > +#define IS_DXE_PAGE_GUARD_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID = && \ > + !IsZeroBuffer (&gMps.Dxe.PageGuard.Ena= bledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) && \ > + gMps.Dxe.HeapGuard.PageGuardEnabled) > + > +#define IS_DXE_POOL_GUARD_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID = && \ > + !IsZeroBuffer (&gMps.Dxe.PoolGuard.Ena= bledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) && \ > + gMps.Dxe.HeapGuard.PoolGuardEnabled) > + > +#define IS_DXE_EXECUTION_PROTECTION_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID = && \ > + !IsZeroBuffer (&gMps.Dxe.Exe= cutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) > + > +#define IS_DXE_IMAGE_PROTECTION_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID = && \ > + (gMps.Dxe.ImageProtection.Protec= tImageFromFv || \ > + gMps.Dxe.ImageProtection.Protec= tImageFromUnknown)) > + > +#define IS_DXE_MEMORY_PROTECTION_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID = && \ > + (IS_DXE_PAGE_GUARD_ACTIVE = || \ > + IS_DXE_POOL_GUARD_ACTIVE = || \ > + IS_DXE_EXECUTION_PROTECTION_AC= TIVE || \ > + IS_DXE_IMAGE_PROTECTION_ACTIVE= || \ > + gMps.Dxe.CpuStackGuardEnabled = || \ > + gMps.Dxe.StackExecutionProtect= ionEnabled || \ > + gMps.Dxe.NullPointerDetection.= Enabled || \ > + gMps.Dxe.HeapGuard.FreedMemory= GuardEnabled)) > + > +#define IS_MM_PAGE_GUARD_ACTIVE (MPS_IS_MM_SIGNATURE_VALID = && \ > + gMps.Mm.HeapGuard.PageGuardEnabled = && \ > + !IsZeroBuffer (&gMps.Mm.PageGuard.Ena= bledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) > + > +#define IS_MM_POOL_GUARD_ACTIVE (MPS_IS_MM_SIGNATURE_VALID = && \ > + gMps.Mm.HeapGuard.PoolGuardEnabled = && \ > + !IsZeroBuffer (&gMps.Mm.PoolGuard.Enab= ledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) > + > +#define IS_MM_MEMORY_PROTECTION_ACTIVE (MPS_IS_MM_SIGNATURE_VALID = && \ > + (IS_MM_PAGE_GUARD_ACTIVE = || \ > + IS_MM_POOL_GUARD_ACTIVE = || \ > + gMps.Mm.NullPointerDetection.En= abled)); > + > +/** > + Populates gMps global. This function is invoked by the library constru= ctor and only needs to be > + called if library contructors have not yet been invoked. > + > + @retval EFI_SUCCESS gMps global was populated. > + @retval EFI_NOT_FOUND The gMemoryProtectionSettingsGuid HOB was no= t found. > + @retval EFI_ABORTED The version number of the DXE or MM memory p= rotection settings was invalid. > + @retval EFI_UNSUPPORTED NULL implementation called. > +**/ > +EFI_STATUS > +EFIAPI > +PopulateMpsGlobal ( > + VOID > + ); > + > +#endif > diff --git a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h b/Mde= ModulePkg/Include/Library/SetMemoryProtectionsLib.h > new file mode 100644 > index 000000000000..023c987c3c7e > --- /dev/null > +++ b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h > @@ -0,0 +1,152 @@ > +/** @file > +Library for creating the MM and DXE memory protection HOB entries. > + > +Copyright (c) Microsoft Corporation. > +SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#ifndef SET_MEMORY_PROTECTION_SETTINGS_LIB_H_ > +#define SET_MEMORY_PROTECTION_SETTINGS_LIB_H_ > + > +#include > + > +typedef struct { > + CHAR8 *Name; > + CHAR8 *Description; > + DXE_MEMORY_PROTECTION_SETTINGS Settings; > +} DXE_MEMORY_PROTECTION_PROFILES; > + > +typedef enum { > + DxeMemoryProtectionSettingsPcd, > + DxeMemoryProtectionSettingsMax > +} DXE_MEMORY_PROTECTION_PROFILE_INDEX; > + > +typedef struct { > + CHAR8 *Name; > + CHAR8 *Description; > + MM_MEMORY_PROTECTION_SETTINGS Settings; > +} MM_MEMORY_PROTECTION_PROFILES; > + > +typedef enum { > + MmMemoryProtectionSettingsPcd, > + MmMemoryProtectionSettingsMax > +} MM_MEMORY_PROTECTION_PROFILE_INDEX; > + > +extern DXE_MEMORY_PROTECTION_PROFILES DxeMemoryProtectionProfiles[DxeMe= moryProtectionSettingsMax]; > +extern MM_MEMORY_PROTECTION_PROFILES MmMemoryProtectionProfiles[MmMemo= ryProtectionSettingsMax]; These names aren't right; global variable names minimally need to start with "m" (for "module"), or if the thing they refer to is firmware-global, they should start with "g". Compare: "gBS", from "MdePkg/Include/Library/UefiBootServicesTableLib.h". Each module using UefiBootServicesTableLib will have a copy of that pointer, but it will point to the same thing. Laszlo > + > +/** > + Prevent further changes to the memory protection settings via this > + library API. > + > + @retval EFI_SUCCESS The memory protection settings are locke= d. > + @retval EFI_ABORTED Unable to get/create the memory protecti= on settings. > + @retval EFI_UNSUPPORTED NULL implementation called. > +**/ > +EFI_STATUS > +EFIAPI > +LockMemoryProtectionSettings ( > + VOID > + ); > + > +/** > + Sets the DXE memory protection settings. If DxeMps is NULL, the settin= gs will be set based > + on ProfileIndex. > + > + @param[in] DxeMps Pointer to the memory protection settings to = publish. If NULL, the > + settings will be created based on ProfileInde= x. > + @param[in] ProfileIndex The index of the memory protection profile to= use if DxeMps is NULL. > + > + @retval EFI_SUCCESS The memory protection HOB was successful= ly created. > + @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the vers= ion number of the > + input DxeMps was not equal to the versio= n currently present > + in the settings. > + @retval EFI_ABORTED Unable to get/create the memory protecti= on settings. > + @retval EFI_ACCESS_DENIED The memory protection settings are locke= d. > + @retval EFI_UNSUPPORTED NULL implementation called. > +**/ > +EFI_STATUS > +EFIAPI > +SetDxeMemoryProtectionSettings ( > + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeMps OPTIONAL, > + IN DXE_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex > + ); > + > +/** > + Sets the MM memory protection HOB entry. If MmMps is NULL, the setting= s will be set based > + on ProfileIndex. > + > + @param[in] MmMps Pointer to the memory protection settings to = publish. If NULL, the > + settings will be created based on ProfileInde= x. > + @param[in] ProfileIndex The index of the memory protection profile to= use if MmMps is NULL. > + > + @retval EFI_SUCCESS The memory protection HOB was successful= ly created. > + @retval EFI_OUT_OF_RESOURCES There was insufficient memory to create = the HOB. > + @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the vers= ion number of the > + input MmMps was not equal to the version= currently present > + in the settings. > + @retval EFI_ABORTED Unable to get/create the memory protecti= on settings. > + @retval EFI_ACCESS_DENIED The memory protection settings are locke= d. > + @retval EFI_UNSUPPORTED NULL implementation called. > +**/ > +EFI_STATUS > +EFIAPI > +SetMmMemoryProtectionSettings ( > + IN MM_MEMORY_PROTECTION_SETTINGS *MmMps OPTIONAL, > + IN MM_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex > + ); > + > +/** > + Copies the current memory protection settings into the input buffer. > + > + NOTE: The returned settings may not be the final settings used by the > + platform on this boot. Unless LockMemoryProtectionSettings() has > + been called, settings may be modified by drivers until DXE hando= ff. > + > + @param[out] Mps The memory protection settings pointer to populate. > + > + @retval EFI_SUCCESS The memory protection settings were copi= ed > + into the input buffer. > + @retval EFI_INVALID_PARAMETER Mps was NULL. > + @retval EFI_ABORTED Unable to get/create the memory protecti= on settings. > + @retval EFI_UNSUPPORTED NULL implementation called. > +**/ > +EFI_STATUS > +EFIAPI > +GetCurrentMemoryProtectionSettings ( > + OUT MEMORY_PROTECTION_SETTINGS *Mps > + ); > + > +/** > + Returns TRUE any form of DXE memory protection is currently active. > + > + NOTE: The returned value may reflect the final settings used by the > + platform on this boot. Unless LockMemoryProtectionSettings() has > + been called, settings may be modified by drivers until DXE hando= ff. > + > + @retval TRUE DXE Memory protection is active. > + @retval FALSE DXE Memory protection is not active. > +**/ > +BOOLEAN > +EFIAPI > +IsDxeMemoryProtectionActive ( > + VOID > + ); > + > +/** > + Returns TRUE any form of MM memory protection is currently active. > + > + NOTE: The returned value may reflect the final settings used by the > + platform on this boot. Unless LockMemoryProtectionSettings() has > + been called, settings may be modified by drivers until DXE hando= ff. > + > + @retval TRUE MM Memory protection is active. > + @retval FALSE MM Memory protection is not active. > +**/ > +BOOLEAN > +EFIAPI > +IsMmMemoryProtectionActive ( > + VOID > + ); > + > +#endif > diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.de= c > index 5e1a0388bed3..6ad0902a1bff 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -164,6 +164,14 @@ [LibraryClasses] > # > VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h > =20 > + ## @libraryclass Provides a global for consuming memory protection set= tings > + # > + GetMemoryProtectionsLib|Include/Library/GetMemoryProtectionsLib.h > + > + ## @libraryclass Library for creating the memory protection settings H= OB > + # > + SetMemoryProtectionsLib|Include/Library/SetMemoryProtectionsLib.h > + > [Guids] > ## MdeModule package token space guid > # Include/Guid/MdeModulePkgTokenSpace.h -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109442): https://edk2.groups.io/g/devel/message/109442 Mute This Topic: https://groups.io/mt/101843342/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-