From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.7533.1686735662609264199 for ; Wed, 14 Jun 2023 02:41:03 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=NdwzWKS5; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: dun.tan@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686735662; x=1718271662; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=CpqIAyFfOWcpG89RkZZvqvjunh9vMNko4kBOO0phF5M=; b=NdwzWKS5+5XWzZpWpc31MJMfEi4mPJDVapkzUXhpDGSTmMrCiOUBky97 XEmoRUTIpVd42t5LRIk+7VUPdwYxNA9rwMaMM4/J+KumV89H4gevVFKfM QA7O5iXf/0bytxOhQINQiqpdwndmGiO8Xg7W98Yp9gFsUtfM/FclLxENM L+QrRY3cbsK2TCHe8YK+eFZRoFPaSFlv0Zw4xPGJbH+EPkUi6vMNm4RKU +P1yVAwSYVnWTO+0ag9E/VPx9Zx4vFIauIOM4NgKdzSbr07VDaFm82cxa sm65j4pe3cDIyGeNQrvQhB6BhWiKbfXf0A0pMj5Y35Jp0fjjzv+pUl2NX w==; X-IronPort-AV: E=McAfee;i="6600,9927,10740"; a="444939539" X-IronPort-AV: E=Sophos;i="6.00,242,1681196400"; d="scan'208";a="444939539" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jun 2023 02:41:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10740"; a="745016035" X-IronPort-AV: E=Sophos;i="6.00,242,1681196400"; d="scan'208";a="745016035" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga001.jf.intel.com with ESMTP; 14 Jun 2023 02:41:01 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Wed, 14 Jun 2023 02:41:01 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Wed, 14 Jun 2023 02:41:00 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Wed, 14 Jun 2023 02:41:00 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.173) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Wed, 14 Jun 2023 02:40:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O9o1hpxs2glHoHqbgJBTeAGBwL8PmvZ7f+6ac8TM5nx9zZbJ2k8fx8o+hyhhXdT0gAC01pMCEmYW5CkXD83gmpkc01p4ibrhoUudDaLp+JphHZ9uHld/LIP84eWDXLNbhW7BKyqcsYZxZoU2fkzl0zHA8urL6tJkwkLAR7QHABmRZvFRC7YKMjkVy2J3u5pvoroCWSHCpvvMJQM8a/oU5decpjIt+tjblGdoYPd5crBSJz6VBz+E2OiBde8goNsBF7Gp2aJ5XpHEYdO+pesnkpmGz1XRozjTasKhD/n4V4K1Iy2KOVYZtQg8AdKLMqj6liUiytknaxH1pZ1YhvJCaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rPqjvu5VR/2PF4GV6R3CUI28xrNmR7MJ7+Hjr1n9L2Y=; b=O55c5mR+Xp7nnAbfxd8dHxMA+38tus+DmJ06HsvltHFsxz8iHi/rVKvzihF3Of5SHsVyd5DGOwrtoahHcl6cQSfh7ACDMBfblYW2+KcE9ddF2zwhHVz0qiK5OpTXi1AIHxP+PUaXQruFDM+6jFLgnr+IqgvHwdf8YaVZVmoemOTMQmVRnrNa8g1SbB5vuk15UdaBttzIuxU9JGBqbC8TjjR3AWm6P38hIyEaN4rE64B2/RZVHBI6meLuWjpia/a8+w7mi5J1hG+kJvVCsQzjwoct4k4GW8ABbNQ1z0yBSJIpJ45ZIxkTXtVSPg2XL3atPbEhUmy8Wylv4+BGDvFLDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from BN9PR11MB5483.namprd11.prod.outlook.com (2603:10b6:408:104::10) by SA1PR11MB8426.namprd11.prod.outlook.com (2603:10b6:806:38d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.38; Wed, 14 Jun 2023 09:40:50 +0000 Received: from BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::3023:34d3:bd4e:7901]) by BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::3023:34d3:bd4e:7901%3]) with mapi id 15.20.6477.037; Wed, 14 Jun 2023 09:40:50 +0000 From: "duntan" To: "devel@edk2.groups.io" , "Tan, Dun" CC: "Gao, Liming" , "Ni, Ray" , "Wang, Jian J" , Ard Biesheuvel Subject: Re: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage Thread-Topic: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage Thread-Index: AQHZmrM+qviT2kIvD0q/VK2ZxhbFLq+J68vw Date: Wed, 14 Jun 2023 09:40:50 +0000 Message-ID: References: <20230609091629.798-1-dun.tan@intel.com> <1766F2F16F7E8059.6460@groups.io> In-Reply-To: <1766F2F16F7E8059.6460@groups.io> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BN9PR11MB5483:EE_|SA1PR11MB8426:EE_ x-ms-office365-filtering-correlation-id: 2b8648f8-5a4b-4935-1a24-08db6cbb704d x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: HrDYq6kMpQilUQyMs0oLKbjVYtZbeUNGULRFJQn1OglCerJG0/Sgy0xoPsxwo2kDAehvV3KedKWWbU/g7XUx0ueSXDPTWqjDXQl2sBdwy8JuyUcEXINRnCQHAUnOk8U/BdsXT4Mp5QhXoCIBMY6R85F6PpefDdGfHboaIpvHXyYgajQDmcvub/VYbt2QSM0O/kYME44RFWg0DDP/GqbKDiYDH6/k7ZhrNqUK2coxgbDkPeadQnld8egwT1ZteUYOsrNlIu/Zn5l0gibNMFBugwTBm6FqVhvPF5A5qOkUhVG1eWoRpGMpX4W6/USnI7XLWtoav/fVcf4bYODNsGl9Vkort5nM/QqLnybEAilF7zb5z+E5WtbSOw6qtRl4X3ZCuP/Q1L7pQnzx/+EQr74KVsnRG5lZIt6UWolir4TvVFpZkFtQEfHn+VEoX/kDUShI3ZjGahxzgylBC2FOfBOf9AzOmFVQK3YdXW3voasL+nJMf1kIeGKTmhTbYqokt1JZSU3FmwQiLZFpl/IrxGWqzARfhW9hce5jPHquMTonBJTGD8XkJ32ov2uAXO6YWUqwnHOrB3uY8/WkikHauPBWr/6NGF7z/OeCP+j1qu63z3xI/LpUSbM0f7HTi5riFhtuO7XigRAfLGqQ1601kJJRGw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN9PR11MB5483.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(366004)(376002)(396003)(346002)(39860400002)(451199021)(86362001)(2906002)(33656002)(38070700005)(66899021)(64756008)(55016003)(76116006)(7696005)(83380400001)(71200400001)(966005)(9686003)(26005)(6506007)(53546011)(186003)(122000001)(82960400001)(110136005)(54906003)(66446008)(38100700002)(66556008)(66946007)(8676002)(41300700001)(478600001)(316002)(52536014)(8936002)(66476007)(5660300002)(4326008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?R3ceV83BEGqOlyriGIHgp5fJu+pLnKDfL9SQF3QmHuSYf3bxfhPTGc5TgdoO?= =?us-ascii?Q?/sf+uc8qFE4ZIIV9MBi9ctqEG8pJ0Adc4JgBnypVOdl8/bVptHIslwTSzP68?= =?us-ascii?Q?AqJ7drXyWI4vQuyFh2f+QdcRti+Hncxxy/A3m3m511F0BfTw0h69819STqhf?= =?us-ascii?Q?t+A1867dnUqyblvcrizXDYwRBv1ABmb2aVxuLE2RwB/CKk8EZooptwAVn84W?= =?us-ascii?Q?jk5WtXU8SB6zKpC+XhVgiRCNxK09YTHa+5SWCxsAaYJ3TYIngk070L/SASTv?= =?us-ascii?Q?TgEfuBuWMOb99EnC911t0Zt7Du/3BxHhahu0n86stBGYmSFpXT3AAi+gB6lj?= =?us-ascii?Q?wywSnv1SvUbt98o5iR+WLroV+5nOgrSjLfpNhPhIkAbpa+Wlh6D1MceIC2OI?= =?us-ascii?Q?qSajxHFMFGLz5TW5m1w/f4nSNZdCc/qepzqRZ9tSRn90GDwUpbQTkK5I+qDe?= =?us-ascii?Q?2P7EYY0qFyj0N4rZLanxrPjSSPX+Elbaj6tdNNojKPTEBmLtFk5p4eIiH34L?= =?us-ascii?Q?6k02NgxIBZXmx4MOBi1VC0UGODecmmVeRaxJz1Py7QIG2FzUXWfSj0XKNvcb?= =?us-ascii?Q?tnqBuXB21GKmMiz8q8F7ZGfzODQXnE/rxnV1xhHmWZ6zp8PIB1Hn8SF7y4Ye?= =?us-ascii?Q?mcLvU2KrmOjR/MNsQfgLEt6GxmNVrNvaRivxU6EI9itf6pAom9KqhVGE9Man?= =?us-ascii?Q?huQOgq1G0JmoCR8iQxlE3dMbi/2nMQX7CYLAtjWHJqeofkTuBGHBsASdjJWx?= =?us-ascii?Q?lp7HpRee76LDnAR9qMgezGOERlX9SY8XtvvrnrHk/umQYdnOCopNQI7aUsxp?= =?us-ascii?Q?Y7GPWVTduphqGaohxm+8iObHxOOE5awob1VWl8bIQWs9c31ZtBJra1gHWYQT?= =?us-ascii?Q?vhZBAwDnW0Zyc0rdj+nVwnnqgptZd6jkfCuaoixcciC1ZDs4h4sThZd4Dzte?= =?us-ascii?Q?DB7n2XvUYVehkqy6LE5wmSx2xbAGtJLai+zGkKFHncBFEeBa63UdIkE0rxIN?= =?us-ascii?Q?x0iH6eDQA3oKKC1F87eBgCZw/p3lWByNMY4CUbLC2KzlfXOMou71Y0Z413BR?= =?us-ascii?Q?eDo0FIXy7BPHF9IfFMtXrKDXBx8GOchvlVAcF6TrOsXMhn89c8Mpj4GHjWpo?= =?us-ascii?Q?rkAkg1WUaYn9pBLQH9zKh2Y+tnhQMVmLTSmlUMiMtVDOTe1VIcQN6CCDBk4j?= =?us-ascii?Q?DlFoLc8gr2KCl92zpkDvk59yQBXp2+CBrxk5U0kwm6GceoYgzCwdqH1/Qc0a?= =?us-ascii?Q?sLTpq3uVn4y8izLlVvZoBotIAbMReJrxq2cbao0OZxXpyx94RtvP1hELKl6K?= =?us-ascii?Q?K86boYdj8Ep65TCIwalOBim+CFnWtEzrpV2FnrNep4X3bkCHEGECYGs2wrUd?= =?us-ascii?Q?hSadyUG5TBs7uiVW25g7QN9pk9g8hFc3hIG4yGdarbTTEB2t9x5ao8yG9564?= =?us-ascii?Q?t7Hp61C+AOafIMfyfBf6WVml84oYuGt06j5ja2DL/IYEWK3hTJjIaz5LxN5R?= =?us-ascii?Q?a9ze86FlmvRaqnqRFWljM+AjOVOUYEbdNL1T4YaGgxyPFF9/YKWcCrGKaxRp?= =?us-ascii?Q?hvGMKmyEyl7c8TkLXr4=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5483.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2b8648f8-5a4b-4935-1a24-08db6cbb704d X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2023 09:40:50.1450 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: M5u4szIEd6vD1s2naGS6Iqxiskavlx2EW0akoQkvZPxkAu52t/VVnULQ0B7Tx2Jx1IPgytkdwWvxzRUVoj5+Lg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8426 Return-Path: dun.tan@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, Could you please help to review this patch? Thanks, Dun -----Original Message----- From: devel@edk2.groups.io On Behalf Of duntan Sent: Friday, June 9, 2023 5:16 PM To: devel@edk2.groups.io Cc: Gao, Liming ; Ni, Ray ; Wan= g, Jian J ; Ard Biesheuvel Subject: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute= protection in UnsetGuardPage In UnsetGuardPage(), before SmmReadyToLock, remove NX and RO memory attribu= te protection for guarded page since EfiConventionalMemory in SMRAM is RW a= nd executable before SmmReadyToLock. If UnsetGuardPage() happens after SmmR= eadyToLock, then apply EFI_MEMORY_XP to the guarded page to make sure EfiCo= nventionalMemory in SMRAM is NX since EfiConventionalMemory in SMRAM is mar= ked as NX in PiSmmCpuDxe driver when SmmReadyToLock. Signed-off-by: Dun Tan Cc: Liming Gao Cc: Ray Ni Cc: Jian J Wang Cc: Ard Biesheuvel --- MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/Pi= SmmCore/HeapGuard.c index 8f3bab6fee..25310122ca 100644 --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c @@ -553,9 +553,23 @@ UnsetGuardPage ( mSmmMemoryAttribute, BaseAddress, EFI_PAGE_SIZE, - EFI_MEMORY_RP + =20 + EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP ); ASSERT_EFI_ERROR (Status); + + if (gST =3D=3D NULL) { + // + // Make sure EfiConventionalMemory is NX after SmmReadyToLock + // + Status =3D mSmmMemoryAttribute->SetMemoryAttributes ( + mSmmMemoryAttribute, + BaseAddress, + EFI_PAGE_SIZE, + EFI_MEMORY_XP + ); + ASSERT_EFI_ERROR (Status); + } + mOnGuarding =3D FALSE; } } -- 2.31.1.windows.1