From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jian.j.wang@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C645C21B02822
 for <edk2-devel@lists.01.org>; Tue,  6 Nov 2018 16:38:25 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 06 Nov 2018 16:38:24 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,473,1534834800"; d="scan'208";a="106491334"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
 by orsmga002.jf.intel.com with ESMTP; 06 Nov 2018 16:38:25 -0800
Received: from fmsmsx158.amr.corp.intel.com (10.18.116.75) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 6 Nov 2018 16:38:24 -0800
Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by
 fmsmsx158.amr.corp.intel.com (10.18.116.75) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 6 Nov 2018 16:38:24 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.161]) by
 SHSMSX152.ccr.corp.intel.com ([169.254.6.214]) with mapi id 14.03.0415.000;
 Wed, 7 Nov 2018 08:38:22 +0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: Leif Lindholm <leif.lindholm@linaro.org>
CC: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>, "Ni, Ruiyu"
 <ruiyu.ni@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>, "Zeng, Star"
 <star.zeng@intel.com>
Thread-Topic: [edk2] [PATCH 2/2] MdeModulePkg/Core: fix ineffective guard
 page issue
Thread-Index: AQHUc0BtxtTVIYxYLUODczbxvINdN6VCJo+AgAFV/OA=
Date: Wed, 7 Nov 2018 00:38:22 +0000
Message-ID: <D827630B58408649ACB04F44C510003624E9DCFA@SHSMSX103.ccr.corp.intel.com>
References: <20181103064221.4764-1-jian.j.wang@intel.com>
 <20181103064221.4764-3-jian.j.wang@intel.com>
 <20181106120937.3k73y7l6ucsqxil6@bivouac.eciton.net>
In-Reply-To: <20181106120937.3k73y7l6ucsqxil6@bivouac.eciton.net>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzA5MWY5YzUtMWFiZi00NDRiLThjNDItOTg1ZmUxY2YyYmE1IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQnVrVDdWQkcwenV5bElsNWRYTHZjT0h5UXdmNW02SXoxdzBMdUkyaXBUZEJDckcrelV3OThNTkZZQzd2aldMQiJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH 2/2] MdeModulePkg/Core: fix ineffective guard page issue
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 00:38:26 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Leif,

Thanks for catching that. I'll re-generate the patch files.

Regards,
Jian

> -----Original Message-----
> From: Leif Lindholm [mailto:leif.lindholm@linaro.org]
> Sent: Tuesday, November 06, 2018 8:10 PM
> To: Wang, Jian J <jian.j.wang@intel.com>
> Cc: edk2-devel@lists.01.org; Ni, Ruiyu <ruiyu.ni@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: Re: [edk2] [PATCH 2/2] MdeModulePkg/Core: fix ineffective guard =
page
> issue
>=20
> On Sat, Nov 03, 2018 at 02:42:21PM +0800, Jian J Wang wrote:
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1295
> >
> > This issue originates from following patch which allows to enable
> > paging if PcdImageProtectionPolicy and PcdDxeNxMemoryProtectionPolicy
> > (in addition to PcdSetNxForStack) are set to enable related features.
> >
> >   5267926134d17e86672b84fd57b438f05ffa68e1
> >
> > Due to above change, PcdImageProtectionPolicy will be set to 0 by
> > default in many platforms, which, in turn, cause following code in
> > MdeModulePkg\Core\Dxe\Misc\MemoryProtection.c fail the creation of
> > notify event of CpuArchProtocol.
> >
> > 1138:  if (mImageProtectionPolicy !=3D 0 ||
> >            PcdGet64 (PcdDxeNxMemoryProtectionPolicy) !=3D 0) {
> > 1139:  Status =3D CoreCreateEvent (
> > ...
> > 1142:             MemoryProtectionCpuArchProtocolNotify,
> > ...
> > 1145:             );
> >
> > Then following call flow won't be done and Guard pages will not be
> > set as not-present in SetAllGuardPages() eventually.
> >
> >    MemoryProtectionCpuArchProtocolNotify()
> > =3D> HeapGuardCpuArchProtocolNotify()
> > =3D> SetAllGuardPages()
> >
> > The solution is removing the if(...) statement so that the notify
> > event will always be created and handler be registered. This won't
> > cause unnecessary code execution because, in the notify event handler,
> > the related PCDs like
> >
> >     PcdImageProtectionPolicy and
> >     PcdDxeNxMemoryProtectionPolicy
> >
> > will be checked again to do its job.
> >
> > Cc: Star Zeng <star.zeng@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> > ---
> >  MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 2 --
> >  1 file changed, 2 deletions(-)
> >
> > diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> > index 30e5c5153c..30798b05b9 100644
> > --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> > +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> > @@ -1135,7 +1135,6 @@ CoreInitializeMemoryProtection (
> >    ASSERT (GetPermissionAttributeForMemoryType (EfiBootServicesData) =
=3D=3D
> >            GetPermissionAttributeForMemoryType (EfiConventionalMemory))=
;
> >
> > -  if (mImageProtectionPolicy !=3D 0 || PcdGet64
> (PcdDxeNxMemoryProtectionPolicy) !=3D 0) {
> >    Status =3D CoreCreateEvent (
> >               EVT_NOTIFY_SIGNAL,
> >               TPL_CALLBACK,
> > @@ -1154,7 +1153,6 @@ CoreInitializeMemoryProtection (
> >               &Registration
> >               );
> >    ASSERT_EFI_ERROR(Status);
> > -  }
>=20
> And here we see why.
> The indentation changes need to be part of this patch, not 1/2.
>=20
> /
>     Leif
>=20
> >
> >    //
> >    // Register a callback to disable NULL pointer detection at EndOfDxe
> > --
> > 2.16.2.windows.1
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel