From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.136; helo=mga12.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1EAE420955F3D for ; Tue, 6 Mar 2018 05:32:14 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2018 05:38:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,431,1515484800"; d="scan'208";a="35888262" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga001.fm.intel.com with ESMTP; 06 Mar 2018 05:38:28 -0800 Received: from fmsmsx116.amr.corp.intel.com (10.18.116.20) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 05:38:28 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx116.amr.corp.intel.com (10.18.116.20) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 05:38:28 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.116]) with mapi id 14.03.0319.002; Tue, 6 Mar 2018 21:38:26 +0800 From: "Yao, Jiewen" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: "Wang, Jian J" , "Zeng, Star" , "Dong, Eric" , "Ni, Ruiyu" Thread-Topic: [PATCH v2 2/2] MdeModulePkg/Core: Fix feature conflict between NX and Stack guard Thread-Index: AQHTtU+tZ7RGrC6r9UuEy9GjzidzH6PDNg9Q Date: Tue, 6 Mar 2018 13:38:25 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AADE642@shsmsx102.ccr.corp.intel.com> References: <20180306133303.14772-1-hao.a.wu@intel.com> <20180306133303.14772-3-hao.a.wu@intel.com> In-Reply-To: <20180306133303.14772-3-hao.a.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYzczYTFmYzctZDNjNy00YTg0LThhODEtM2ZkNGJiNWE1MjgwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJEeFlZN1laWTBTSktSQXJXcU5XZUtxVFZWK1J4cWhMMG1naG8wbWRCc01DTVpiazBOZ0pKUHJ2WnJkY0h1SENnIn0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2 2/2] MdeModulePkg/Core: Fix feature conflict between NX and Stack guard X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2018 13:32:15 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Both patches are reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Wu, Hao A > Sent: Tuesday, March 6, 2018 9:33 PM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Wang, Jian J ; > Zeng, Star ; Dong, Eric ; Yao, > Jiewen ; Ni, Ruiyu > Subject: [PATCH v2 2/2] MdeModulePkg/Core: Fix feature conflict between N= X > and Stack guard >=20 > If enabled, NX memory protection feature will mark some types of active > memory as NX (non-executable), which includes the first page of the stack= . > This will overwrite the attributes of the first page of the stack if the > stack guard feature is also enabled. >=20 > The solution is to override the attributes setting to the first page of > the stack by adding back the 'EFI_MEMORY_RP' attribute when the stack > guard feature is enabled. >=20 > Cc: Jian J Wang > Cc: Star Zeng > Cc: Eric Dong > Cc: Jiewen Yao > Cc: Ruiyu Ni > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > --- > MdeModulePkg/Core/Dxe/DxeMain.inf | 4 +- > MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 54 > +++++++++++++++++++++++++++ > 2 files changed, 57 insertions(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf > b/MdeModulePkg/Core/Dxe/DxeMain.inf > index 7334780326..d2e7360ed4 100644 > --- a/MdeModulePkg/Core/Dxe/DxeMain.inf > +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf > @@ -3,7 +3,7 @@ > # > # It provides an implementation of DXE Core that is compliant with DXE = CIS. > # > -# Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved. > +# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. > # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the= BSD > License > # which accompanies this distribution. The full text of the license ma= y be > found at > @@ -130,6 +130,7 @@ > gEfiPropertiesTableGuid ## > SOMETIMES_PRODUCES ## SystemTable > gEfiMemoryAttributesTableGuid ## > SOMETIMES_PRODUCES ## SystemTable > gEfiEndOfDxeEventGroupGuid ## > SOMETIMES_CONSUMES ## Event > + gEfiHobMemoryAllocStackGuid ## > SOMETIMES_CONSUMES ## SystemTable >=20 > [Ppis] > gEfiVectorHandoffInfoPpiGuid ## UNDEFINED # HOB > @@ -198,6 +199,7 @@ > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType > ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType > ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask > ## CONSUMES > + gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard > ## CONSUMES >=20 > # [Hob] > # RESOURCE_DESCRIPTOR ## CONSUMES > diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > index a2ea445eef..f3e62dd2c5 100644 > --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > @@ -801,6 +801,9 @@ InitializeDxeNxMemoryProtectionPolicy ( > UINT64 Attributes; > LIST_ENTRY *Link; > EFI_GCD_MAP_ENTRY *Entry; > + EFI_PEI_HOB_POINTERS Hob; > + EFI_HOB_MEMORY_ALLOCATION *MemoryHob; > + EFI_PHYSICAL_ADDRESS StackBase; >=20 > // > // Get the EFI memory map. > @@ -832,6 +835,40 @@ InitializeDxeNxMemoryProtectionPolicy ( > } while (Status =3D=3D EFI_BUFFER_TOO_SMALL); > ASSERT_EFI_ERROR (Status); >=20 > + StackBase =3D 0; > + if (PcdGetBool (PcdCpuStackGuard)) { > + // > + // Get the base of stack from Hob. > + // > + Hob.Raw =3D GetHobList (); > + while ((Hob.Raw =3D GetNextHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, > Hob.Raw)) !=3D NULL) { > + MemoryHob =3D Hob.MemoryAllocation; > + if (CompareGuid(&gEfiHobMemoryAllocStackGuid, > &MemoryHob->AllocDescriptor.Name)) { > + DEBUG (( > + DEBUG_INFO, > + "%a: StackBase =3D 0x%016lx StackSize =3D 0x%016lx\n", > + __FUNCTION__, > + MemoryHob->AllocDescriptor.MemoryBaseAddress, > + MemoryHob->AllocDescriptor.MemoryLength > + )); > + > + StackBase =3D MemoryHob->AllocDescriptor.MemoryBaseAddress; > + // > + // Ensure the base of the stack is page-size aligned. > + // > + ASSERT ((StackBase & EFI_PAGE_MASK) =3D=3D 0); > + break; > + } > + Hob.Raw =3D GET_NEXT_HOB (Hob); > + } > + > + // > + // Ensure the base of stack can be found from Hob when stack guard i= s > + // enabled. > + // > + ASSERT (StackBase !=3D 0); > + } > + > DEBUG (( > DEBUG_INFO, > "%a: applying strict permissions to active memory regions\n", > @@ -864,6 +901,23 @@ InitializeDxeNxMemoryProtectionPolicy ( > EFI_PAGES_TO_SIZE (1), > EFI_MEMORY_RP | Attributes); > } > + > + if (StackBase !=3D 0 && > + (StackBase >=3D MemoryMapEntry->PhysicalStart && > + StackBase < MemoryMapEntry->PhysicalStart + > + LShiftU64 (MemoryMapEntry->NumberOfPages, > EFI_PAGE_SHIFT)) && > + PcdGetBool (PcdCpuStackGuard)) { > + > + // > + // Add EFI_MEMORY_RP attribute for the first page of the stack i= f > stack > + // guard is enabled. > + // > + SetUefiImageMemoryAttributes ( > + StackBase, > + EFI_PAGES_TO_SIZE (1), > + EFI_MEMORY_RP | Attributes); > + } > + > } > MemoryMapEntry =3D NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, > DescriptorSize); > } > -- > 2.12.0.windows.1