From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DF9B022135D3C for ; Tue, 6 Mar 2018 05:04:22 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2018 05:10:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,431,1515484800"; d="scan'208";a="22365619" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga008.fm.intel.com with ESMTP; 06 Mar 2018 05:10:36 -0800 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 05:10:36 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 05:10:35 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.116]) with mapi id 14.03.0319.002; Tue, 6 Mar 2018 21:10:34 +0800 From: "Yao, Jiewen" To: "Yao, Jiewen" , "Zeng, Star" , "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Ni, Ruiyu" , "Dong, Eric" Thread-Topic: [PATCH 2/2] MdeModulePkg/Core: Fix feature conflict between NX and Stack guard Thread-Index: AQHTtURHSpczQBKyh0CjlNws2uvB7aPCmSyAgACTlPCAAAEswA== Date: Tue, 6 Mar 2018 13:10:34 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AADE4A0@shsmsx102.ccr.corp.intel.com> References: <20180306121122.4704-1-hao.a.wu@intel.com> <20180306121122.4704-3-hao.a.wu@intel.com> <0C09AFA07DD0434D9E2A0C6AEB0483103BA473E5@shsmsx102.ccr.corp.intel.com> <74D8A39837DF1E4DA445A8C0B3885C503AADE41C@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503AADE41C@shsmsx102.ccr.corp.intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODRlYjEzZjgtZmYyNi00YWY5LWJlZjUtNzAxMTk1ZWY2Y2QwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJ4VnFEbXZNY1lRNjBreHJFNEhmUDdQaXZjU0xZYXJIcnM4MnBoXC9ZZENndmFWVDl3cjhNNEt4XC9yT1YrOGFxWWUifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 2/2] MdeModulePkg/Core: Fix feature conflict between NX and Stack guard X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 13:04:23 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable BTW: I don't think "StackBaseFound" is really needed. We can use ASSERT (StackBase !=3D 0); directly. :-) Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ya= o, > Jiewen > Sent: Tuesday, March 6, 2018 9:05 PM > To: Zeng, Star ; Wu, Hao A ; > edk2-devel@lists.01.org > Cc: Ni, Ruiyu ; Dong, Eric > Subject: Re: [edk2] [PATCH 2/2] MdeModulePkg/Core: Fix feature conflict > between NX and Stack guard >=20 > Agree. >=20 > With this update, reviewed-by: Jiewen.yao@intel.com >=20 >=20 > > -----Original Message----- > > From: Zeng, Star > > Sent: Tuesday, March 6, 2018 8:16 PM > > To: Wu, Hao A ; edk2-devel@lists.01.org > > Cc: Wang, Jian J ; Dong, Eric ; > > Yao, Jiewen ; Ni, Ruiyu ; Zen= g, > Star > > > > Subject: RE: [PATCH 2/2] MdeModulePkg/Core: Fix feature conflict betwee= n > NX > > and Stack guard > > > > A quick minor comment. > > GetHobList() could be used instead of EfiGetSystemConfigurationTable > > (&gEfiHobListGuid, &HobList). > > > > Thanks, > > Star > > -----Original Message----- > > From: Wu, Hao A > > Sent: Tuesday, March 6, 2018 8:11 PM > > To: edk2-devel@lists.01.org > > Cc: Wu, Hao A ; Wang, Jian J ; > > Zeng, Star ; Dong, Eric ; Yao= , > > Jiewen ; Ni, Ruiyu > > Subject: [PATCH 2/2] MdeModulePkg/Core: Fix feature conflict between NX > and > > Stack guard > > > > If enabled, NX memory protection feature will mark some types of active > > memory as NX (non-executable), which includes the first page of the sta= ck. > > This will overwrite the attributes of the first page of the stack if th= e stack guard > > feature is also enabled. > > > > The solution is to override the attributes setting to the first page of= the stack by > > adding back the 'EFI_MEMORY_RP' attribute when the stack guard feature = is > > enabled. > > > > Cc: Jian J Wang > > Cc: Star Zeng > > Cc: Eric Dong > > Cc: Jiewen Yao > > Cc: Ruiyu Ni > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Hao Wu > > --- > > MdeModulePkg/Core/Dxe/DxeMain.inf | 4 +- > > MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 61 > > +++++++++++++++++++++++++++ > > 2 files changed, 64 insertions(+), 1 deletion(-) > > > > diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf > > b/MdeModulePkg/Core/Dxe/DxeMain.inf > > index 7334780326..d2e7360ed4 100644 > > --- a/MdeModulePkg/Core/Dxe/DxeMain.inf > > +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf > > @@ -3,7 +3,7 @@ > > # > > # It provides an implementation of DXE Core that is compliant with DX= E CIS. > > # > > -# Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<= BR> > > +# Copyright (c) 2006 - 2018, Intel Corporation. All rights > > +reserved.
> > # This program and the accompanying materials # are licensed and > made > > available under the terms and conditions of the BSD License # which > > accompanies this distribution. The full text of the license may be fou= nd at > @@ > > -130,6 +130,7 @@ > > gEfiPropertiesTableGuid ## > > SOMETIMES_PRODUCES ## SystemTable > > gEfiMemoryAttributesTableGuid ## > > SOMETIMES_PRODUCES ## SystemTable > > gEfiEndOfDxeEventGroupGuid ## > > SOMETIMES_CONSUMES ## Event > > + gEfiHobMemoryAllocStackGuid ## > > SOMETIMES_CONSUMES ## SystemTable > > > > [Ppis] > > gEfiVectorHandoffInfoPpiGuid ## UNDEFINED # HOB > > @@ -198,6 +199,7 @@ > > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType > > ## CONSUMES > > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType > > ## CONSUMES > > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask > > ## CONSUMES > > + gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard > > ## CONSUMES > > > > # [Hob] > > # RESOURCE_DESCRIPTOR ## CONSUMES > > diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > > b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > > index a2ea445eef..a6de22d3af 100644 > > --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > > +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > > @@ -801,6 +801,11 @@ InitializeDxeNxMemoryProtectionPolicy ( > > UINT64 Attributes; > > LIST_ENTRY *Link; > > EFI_GCD_MAP_ENTRY *Entry; > > + VOID *HobList; > > + EFI_PEI_HOB_POINTERS Hob; > > + EFI_HOB_MEMORY_ALLOCATION *MemoryHob; > > + EFI_PHYSICAL_ADDRESS StackBase; > > + BOOLEAN StackBaseFound; > > > > // > > // Get the EFI memory map. > > @@ -832,6 +837,45 @@ InitializeDxeNxMemoryProtectionPolicy ( > > } while (Status =3D=3D EFI_BUFFER_TOO_SMALL); > > ASSERT_EFI_ERROR (Status); > > > > + StackBase =3D 0; > > + StackBaseFound =3D FALSE; > > + if (PcdGetBool (PcdCpuStackGuard)) { > > + // > > + // Get the base of stack from Hob. > > + // > > + Status =3D EfiGetSystemConfigurationTable (&gEfiHobListGuid, &HobL= ist); > > + if (!EFI_ERROR (Status)) { > > + for (Hob.Raw =3D HobList; !END_OF_HOB_LIST (Hob); Hob.Raw =3D > > GET_NEXT_HOB (Hob)) { > > + if (GET_HOB_TYPE(Hob) =3D=3D > EFI_HOB_TYPE_MEMORY_ALLOCATION) > > { > > + MemoryHob =3D Hob.MemoryAllocation; > > + if (CompareGuid(&gEfiHobMemoryAllocStackGuid, > > &MemoryHob->AllocDescriptor.Name)) { > > + DEBUG (( > > + DEBUG_INFO, > > + "%a: StackBase =3D 0x%016lx StackSize =3D 0x%016lx\n", > > + __FUNCTION__, > > + MemoryHob->AllocDescriptor.MemoryBaseAddress, > > + MemoryHob->AllocDescriptor.MemoryLength > > + )); > > + > > + StackBase =3D > MemoryHob->AllocDescriptor.MemoryBaseAddress; > > + // > > + // Ensure the base of the stack is page-size aligned. > > + // > > + ASSERT ((StackBase & EFI_PAGE_MASK) =3D=3D 0); > > + StackBaseFound =3D TRUE; > > + break; > > + } > > + } > > + } > > + } > > + > > + // > > + // Ensure the base of stack can be found from Hob when stack guard= is > > + // enabled. > > + // > > + ASSERT (StackBaseFound); > > + } > > + > > DEBUG (( > > DEBUG_INFO, > > "%a: applying strict permissions to active memory regions\n", @@ > -864,6 > > +908,23 @@ InitializeDxeNxMemoryProtectionPolicy ( > > EFI_PAGES_TO_SIZE (1), > > EFI_MEMORY_RP | Attributes); > > } > > + > > + if (StackBaseFound && > > + (StackBase >=3D MemoryMapEntry->PhysicalStart && > > + StackBase < MemoryMapEntry->PhysicalStart + > > + LShiftU64 (MemoryMapEntry->NumberOfPages, > > EFI_PAGE_SHIFT)) && > > + PcdGetBool (PcdCpuStackGuard)) { > > + > > + // > > + // Add EFI_MEMORY_RP attribute for the first page of the stack= if > > stack > > + // guard is enabled. > > + // > > + SetUefiImageMemoryAttributes ( > > + StackBase, > > + EFI_PAGES_TO_SIZE (1), > > + EFI_MEMORY_RP | Attributes); > > + } > > + > > } > > MemoryMapEntry =3D NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, > > DescriptorSize); > > } > > -- > > 2.12.0.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel