From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B021921130707;
 Thu, 13 Sep 2018 22:46:57 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 13 Sep 2018 22:46:57 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,372,1531810800"; d="scan'208";a="69899804"
Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205])
 by fmsmga007.fm.intel.com with ESMTP; 13 Sep 2018 22:46:48 -0700
Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by
 fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 13 Sep 2018 22:46:47 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.240]) by
 SHSMSX152.ccr.corp.intel.com ([169.254.6.150]) with mapi id 14.03.0319.002;
 Fri, 14 Sep 2018 13:46:45 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: edk2-devel <edk2-devel-bounces@lists.01.org>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Ni, Ruiyu" <ruiyu.ni@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>,
 Laszlo Ersek <lersek@redhat.com>, "Zeng, Star" <star.zeng@intel.com>
Thread-Topic: [edk2] [PATCH] MdeModulePkg/DxeIpl: support more NX related PCDs
Thread-Index: AQHUS+nBUfO4f9GtX0OR1bpqetIaGKTvQ5cQ
Date: Fri, 14 Sep 2018 05:46:44 +0000
Message-ID: <D827630B58408649ACB04F44C510003624E3402F@SHSMSX103.ccr.corp.intel.com>
References: <20180914051335.2644-1-jian.j.wang@intel.com>
In-Reply-To: <20180914051335.2644-1-jian.j.wang@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTQzN2Y0ZGMtMzE5ZS00ZmQwLTk0MDUtZDhhMDkzZThmMGQ5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSHpOUWVBb0xBVFYwdzcrMWlqaWlLanRXYlwvMVZlN0lscjZnMThERzZvZ0N6aVFsUEw4Y3VaNUpyckNVV3hzb1kifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] MdeModulePkg/DxeIpl: support more NX related PCDs
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2018 05:46:57 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Tests:
a. try all related PCDs combinations and check the page table attributes
    and ASSERT message
b. boot to shell on real intel platform with valid PCD setting combinations=
 (IA32/X64)
c. boot to fedora26, ubuntu18.04, windows 7 and windows 10 on OVMF  emulate=
d
    platform (X64)

Regards,
Jian

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org]
> Sent: Friday, September 14, 2018 1:14 PM
> To: edk2-devel@lists.01.org
> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Laszlo Ersek <lersek@redhat.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [edk2] [PATCH] MdeModulePkg/DxeIpl: support more NX related PCDs
>=20
> BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1116
>=20
> Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
> confuses developers because following two other PCDs also need NXE
> to be set, but actually not.
>=20
>     PcdDxeNxMemoryProtectionPolicy
>     PcdImageProtectionPolicy
>=20
> This patch solves this issue by adding logic to enable IA32_EFER.NXE
> if any of those PCDs have anything enabled.
>=20
> Due to the fact that NX memory type of stack (enabled by PcdSetNxForStack=
)
> and image data section (enabled by PcdImageProtectionPolicy) are also
> part of PcdDxeNxMemoryProtectionPolicy, this patch also add more checks
> to warn (ASSERT) users any unreasonable setting combinations. For example=
,
>=20
>     PcdSetNxForStack =3D=3D FALSE &&
>       (PcdDxeNxMemoryProtectionPolicy & (1 <<EfiBootServicesData)) !=3D 0
>=20
>     PcdImageProtectionPolicy =3D=3D 0 &&
>       (PcdDxeNxMemoryProtectionPolicy & (1 << EfiRuntimeServicesData)) !=
=3D 0
>=20
>     PcdImageProtectionPolicy =3D=3D 0 &&
>       (PcdDxeNxMemoryProtectionPolicy & (1 <<EfiBootServicesData)) !=3D 0
>=20
>     PcdImageProtectionPolicy =3D=3D 0 &&
>       (PcdDxeNxMemoryProtectionPolicy & (1 <<EfiLoaderData)) !=3D 0
>=20
> In other words, PcdSetNxForStack and PcdImageProtectionPolicy have
> priority over PcdDxeNxMemoryProtectionPolicy.
>=20
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> ---
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf          |  2 +
>  MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c  |  4 +-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 55
> +++++++++++++++++++++++-
>  MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 33 ++++++++++++++
>  4 files changed, 91 insertions(+), 3 deletions(-)
>=20
> diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> index fd82657404..068e700074 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> @@ -117,6 +117,8 @@
>=20
>  [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ##
> SOMETIMES_CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ##
> SOMETIMES_CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ##
> SOMETIMES_CONSUMES
>=20
>  [Depex]
>    gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> index d28baa3615..9a97205ef8 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> @@ -245,7 +245,7 @@ ToBuildPageTable (
>      return TRUE;
>    }
>=20
> -  if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable ()) =
{
> +  if (ToEnableExecuteDisableFeature ()) {
>      return TRUE;
>    }
>=20
> @@ -436,7 +436,7 @@ HandOffToDxeCore (
>      BuildPageTablesIa32Pae =3D ToBuildPageTable ();
>      if (BuildPageTablesIa32Pae) {
>        PageTables =3D Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE)=
;
> -      if (IsExecuteDisableBitAvailable ()) {
> +      if (ToEnableExecuteDisableFeature ()) {
>          EnableExecuteDisableBit();
>        }
>      }
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 496e219913..253fe84223 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -106,6 +106,56 @@ IsNullDetectionEnabled (
>    return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) !=3D 0)=
;
>  }
>=20
> +/**
> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
> +
> +  @retval TRUE    IA32_EFER.NXE should be enabled.
> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
> +
> +**/
> +BOOLEAN
> +ToEnableExecuteDisableFeature (
> +  VOID
> +  )
> +{
> +  if (!IsExecuteDisableBitAvailable ()) {
> +    return FALSE;
> +  }
> +
> +  //
> +  // Normally stack is type of EfiBootServicesData. Disabling NX for sta=
ck
> +  // but enabling NX for EfiBootServicesData doesn't make any sense.
> +  //
> +  if (PcdGetBool (PcdSetNxForStack) =3D=3D FALSE &&
> +      (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) &
> STACK_MEMORY_TYPE) !=3D 0) {
> +    DEBUG ((DEBUG_ERROR,
> +            "ERROR: NX for stack is disabled but NX for its memory type =
is
> enabled!\r\n"));
> +    ASSERT(!(PcdGetBool (PcdSetNxForStack) =3D=3D FALSE &&
> +             (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) &
> STACK_MEMORY_TYPE) !=3D 0));
> +  }
> +
> +  //
> +  // Image data section could be type of EfiLoaderData, EfiBootServicesD=
ata
> +  // or EfiRuntimeServicesData. Disabling NX for image data but enabling=
 NX
> +  // for any those memory types doesn't make any sense.
> +  //
> +  if (PcdGet32 (PcdImageProtectionPolicy) =3D=3D 0 &&
> +      (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) &
> IMAGE_DATA_MEMORY_TYPE) !=3D 0) {
> +    DEBUG ((DEBUG_ERROR,
> +            "ERROR: NX for image data is disabled but NX for its memory =
type(s) is
> enabled!\r\n"));
> +    ASSERT (!(PcdGet32 (PcdImageProtectionPolicy) =3D=3D 0 &&
> +              (PcdGet64 (PcdDxeNxMemoryProtectionPolicy) &
> IMAGE_DATA_MEMORY_TYPE) !=3D 0));
> +  }
> +
> +  //
> +  // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE =
is set.
> +  // Features controlled by Following PCDs need this feature to be enabl=
ed.
> +  //
> +  return (PcdGetBool (PcdSetNxForStack) ||
> +          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) !=3D 0 ||
> +          PcdGet32 (PcdImageProtectionPolicy) !=3D 0);
> +}
> +
>  /**
>    Enable Execute Disable Bit.
>=20
> @@ -755,7 +805,10 @@ CreateIdentityMappingPageTables (
>    //
>    EnablePageTableProtection ((UINTN)PageMap, TRUE);
>=20
> -  if (PcdGetBool (PcdSetNxForStack)) {
> +  //
> +  // Set IA32_EFER.NXE if necessary.
> +  //
> +  if (ToEnableExecuteDisableFeature ()) {
>      EnableExecuteDisableBit ();
>    }
>=20
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> index 85457ff937..9f152e6531 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> @@ -179,6 +179,39 @@ typedef struct {
>    UINTN           FreePages;
>  } PAGE_TABLE_POOL;
>=20
> +//
> +// Bit field repsentations of some EFI_MEMORY_TYPE, for page table
> initialization.
> +//
> +#define STACK_MEMORY_TYPE           (1 << EfiBootServicesData)    /* 0x1=
0 */
> +#define IMAGE_DATA_MEMORY_TYPE      ((1 << EfiLoaderData)       | /* 0x0=
4
> */\
> +                                     (1 << EfiBootServicesData) | /* 0x1=
0 */\
> +                                     (1 << EfiRuntimeServicesData)/* 0x4=
0 */\
> +                                    )                             /* 0x5=
4 */
> +
> +/**
> +  Check if Execute Disable Bit (IA32_EFER.NXE) should be enabled or not.
> +
> +  @retval TRUE    IA32_EFER.NXE should be enabled.
> +  @retval FALSE   IA32_EFER.NXE should not be enabled.
> +
> +**/
> +BOOLEAN
> +ToEnableExecuteDisableFeature (
> +  VOID
> +  );
> +
> +/**
> +  The function will check if Execute Disable Bit is available.
> +
> +  @retval TRUE      Execute Disable Bit is available.
> +  @retval FALSE     Execute Disable Bit is not available.
> +
> +**/
> +BOOLEAN
> +IsExecuteDisableBitAvailable (
> +  VOID
> +  );
> +
>  /**
>    Enable Execute Disable Bit.
>=20
> --
> 2.16.2.windows.1
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel