From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from g4t3425.houston.hpe.com (g4t3425.houston.hpe.com [15.241.140.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0790021D492DE for ; Wed, 13 Sep 2017 09:31:02 -0700 (PDT) Received: from G2W6311.americas.hpqcorp.net (g2w6311.austin.hp.com [16.197.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by g4t3425.houston.hpe.com (Postfix) with ESMTPS id 7AA39CC; Wed, 13 Sep 2017 16:33:59 +0000 (UTC) Received: from G9W4607.americas.hpqcorp.net (2002:10d8:a08e::10d8:a08e) by G2W6311.americas.hpqcorp.net (2002:10c5:4035::10c5:4035) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 13 Sep 2017 16:33:31 +0000 Received: from G4W10204.americas.hpqcorp.net (16.207.82.16) by G9W4607.americas.hpqcorp.net (16.216.160.142) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 13 Sep 2017 16:33:31 +0000 Received: from NAM01-BN3-obe.outbound.protection.outlook.com (15.241.52.13) by G4W10204.americas.hpqcorp.net (16.207.82.16) with Microsoft SMTP Server (TLS) id 15.0.1178.4 via Frontend Transport; Wed, 13 Sep 2017 16:33:30 +0000 Received: from DF4PR84MB0155.NAMPRD84.PROD.OUTLOOK.COM (10.162.192.29) by DF4PR84MB0315.NAMPRD84.PROD.OUTLOOK.COM (10.162.193.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.12; Wed, 13 Sep 2017 16:33:27 +0000 Received: from DF4PR84MB0155.NAMPRD84.PROD.OUTLOOK.COM ([10.162.192.29]) by DF4PR84MB0155.NAMPRD84.PROD.OUTLOOK.COM ([10.162.192.29]) with mapi id 15.20.0056.010; Wed, 13 Sep 2017 16:33:27 +0000 From: "Johnson, Brian (EXL - Eagan)" To: "Wang, Jian J" , "edk2-devel@lists.01.org" CC: "Justen@ml01.01.org" , Eric Dong , "Kinney@ml01.01.org" , Jordan L , "Wolman@ml01.01.org" , Jiewen Yao , Ayellet , Michael D , Laszlo Ersek , Star Zeng Thread-Topic: [edk2] [PATCH 1/4] MdeModulePkg/Core: Implement NULL pointer detection in EDK-II Core. Thread-Index: AQHTLHJK2aI33GRNpUC682U7ytSgmaKy9J0Q Date: Wed, 13 Sep 2017 16:33:26 +0000 Message-ID: References: <20170913092507.12504-1-jian.j.wang@intel.com> <20170913092507.12504-2-jian.j.wang@intel.com> In-Reply-To: <20170913092507.12504-2-jian.j.wang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=brian.johnson@hpe.com; x-originating-ip: [192.48.192.5] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; DF4PR84MB0315; 6:0XtVcHiqkdeGUkBTT5idFZk5V0a3g4WbxASFRTlzduH3mjVm1ZS9fsSdnQT+6NZaiSSVbncJ1xh1YwfOc1k29L/x3bOq75Y2Hdn31uzRm43vJrJtHyhFtd5CIrJDmA9ahuAK2fF4zau0dCIksY07PaaB9mBkZcYF3P3ZVM/KT8PmuOq0sieq2SfgjG7BASgb+TQ7K2xgmcBLXHpegr/brq/ujZqYpzLyMo86+QgfTSGX/NvIN+SMqVUfacF3fI4OTx7n1lm2R351lVk74le0Ir2gQUI2MowyeHl3nUDHktCS/2JUkDeGx7mw3fzN6h51JYeNNa1DZeOVZ+vAI7rxwg==; 5:AHCVzoj0e1taWKLYhxSqFBsaMnQVwJLCDciFw6J3t9bAX+7ruwD34TDty/XFIHJgNOd13tNoyRLTtqlupp/kZB1B+uLvmm6PlYe6mmSzy11kc9sL080KJVyhzCH9TEK/UOtootVgaLoXLrM550J9YQ==; 24:Xk4I+5+CqUfbqbEV6fSNZ8StG90trkSezeW0PcXWgbKk8ytrs8iS7ub9GR0QJCLq73pkHjpMdnqztqk3g9uAOTHO7Qh+aEaJURLm2n4GjHE=; 7:JwiHHg7WQubnm6u88/vLjeXCMbJblx9DtvqyBHRbKaquW3iw7IefkHlfQCSXQi2ixrs04bXpsgWlZ/teZCu2BAnxLFxFi3clFssEKbVNIhueiukTfaW+p+7dFVlmZGWiDDNh3GB6VI8R1krE9XKAp0Zz63AdJve4GiFsMdA7AX4ZmDHDJ3V9Vwa89VacGleUOQ8A3Yb9za5Qm7uRFJm4Qx9kGKzEMk/RUY33ChMr7bA= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 1066cf95-8083-4c61-683d-08d4fac52911 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DF4PR84MB0315; x-ms-traffictypediagnostic: DF4PR84MB0315: x-exchange-antispam-report-test: UriScan:(227479698468861)(162533806227266)(228905959029699); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123562025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DF4PR84MB0315; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DF4PR84MB0315; x-forefront-prvs: 042957ACD7 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(366002)(346002)(376002)(13464003)(377454003)(199003)(189002)(74316002)(53946003)(4326008)(9686003)(6306002)(6246003)(33656002)(7736002)(305945005)(53936002)(102836003)(6116002)(8676002)(3846002)(81166006)(81156014)(68736007)(55016002)(3660700001)(54906002)(3280700002)(189998001)(66066001)(2906002)(8936002)(229853002)(6436002)(77096006)(14454004)(2900100001)(5660300001)(53546010)(97736004)(316002)(106356001)(105586002)(7416002)(6506006)(2950100002)(7696004)(54356999)(76176999)(50986999)(478600001)(575784001)(25786009)(86362001)(101416001)(966005)(2501003)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:DF4PR84MB0315; H:DF4PR84MB0155.NAMPRD84.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: hpe.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2017 16:33:27.0121 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc X-MS-Exchange-Transport-CrossTenantHeadersStamped: DF4PR84MB0315 X-OriginatorOrg: hpe.com Subject: Re: [PATCH 1/4] MdeModulePkg/Core: Implement NULL pointer detection in EDK-II Core. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2017 16:31:02 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable ClearLegacyMemory() assumes that the memory allocation HOB comes after the = resource descriptor HOB in the HOB list. Is that guaranteed? I'd think th= at the memory allocation HOB traversal should be a separate loop, after the= resource descriptor HOB traversal loop. Other than that: Reviewed-by: Brian J. Johnson -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Wang= , Jian J Sent: Wednesday, September 13, 2017 4:25 AM To: edk2-devel@lists.01.org Cc: Justen@ml01.01.org; Eric Dong ; Kinney@ml01.01.org= ; Jordan L ; Wolman@ml01.01.org; Jiewen Yao ; Ayellet ; Michael D ; Laszlo Ersek ; Star Zeng Subject: [edk2] [PATCH 1/4] MdeModulePkg/Core: Implement NULL pointer detec= tion in EDK-II Core. The mechanism behind is to trigger a page fault exception at address 0. Thi= s can be made by disabling page 0 (0-4095) during page table setup. So this= feature can only be available on platform with paging enabled. Once this f= eature is enabled, any code, like CSM, which has to access memory in page 0= needs to enable this page temporarily in advance and disable it afterwards= . PcdNullPointerDetectionPropertyMask is used to control and elaborate the = use cases. Cc: Jiewen Yao Cc: Eric Dong Cc: Star Zeng Cc: Laszlo Ersek Cc: Justen, Jordan L Cc: Kinney, Michael D Cc: Wolman, Ayellet Suggested-by: Wolman, Ayellet Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Wang, Jian J --- MdeModulePkg/Core/Dxe/DxeMain.inf | 3 +- MdeModulePkg/Core/Dxe/Mem/Page.c | 21 ++++++---- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 47 ++++++++++++++++++++= + MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 15 +++++++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +- MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 53 ++++++++++++++++++++= ++++ MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 8 +++- MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 2 + MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 23 ++++++---- MdeModulePkg/MdeModulePkg.dec | 12 ++++++ 10 files changed, 167 insertions(+), 20 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeM= ain.inf index 30d5984f7c..273b8b7c0e 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.inf +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf @@ -179,7 +179,7 @@ gEfiWatchdogTimerArchProtocolGuid ## CONSUMES =20 [FeaturePcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFrameworkCompatibilitySupport ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFrameworkCompatibilitySupport = ## CONSUMES =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdLoadFixAddressBootTimeCodePageNumber = ## SOMETIMES_CONSUMES @@ -192,6 +192,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable = ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy = ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy = ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask = ## CONSUMES =20 # [Hob] # RESOURCE_DESCRIPTOR ## CONSUMES diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/P= age.c index a142c79ee2..2e0b72f864 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -170,6 +170,7 @@ CoreAddRange ( { LIST_ENTRY *Link; MEMORY_MAP *Entry; + EFI_STATUS Status; =20 ASSERT ((Start & EFI_PAGE_MASK) =3D=3D 0); ASSERT (End > Start) ; @@ -188,7 +189,17 @@ CoreAddRange ( // used for other purposes. // =20 if (Type =3D=3D EfiConventionalMemory && Start =3D=3D 0 && (End >=3D EFI= _PAGE_SIZE - 1)) { - SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0); + if ((PcdGet8(PcdNullPointerDetectionPropertyMask) & BIT0) =3D=3D 0) { + SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0); + } else if (gCpu !=3D NULL) { + Status =3D gCpu->SetMemoryAttributes(gCpu, 0, EFI_PAGE_SIZE, 0); + ASSERT_EFI_ERROR(Status); + + SetMem ((VOID *)(UINTN)Start, EFI_PAGE_SIZE, 0); + + Status =3D gCpu->SetMemoryAttributes(gCpu, 0, EFI_PAGE_SIZE, EFI_MEM= ORY_RP); + ASSERT_EFI_ERROR(Status); + } } =20 // @@ -1972,11 +1983,3 @@ Done: return Status; } =20 - - - - - - - - diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index a73c4ccd64..2367d674e1 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -995,6 +995,36 @@ MemoryProtectionExitBootServicesCallback ( } } =20 +/** + Disable NULL pointer detection after EndOfDxe. This is a workaround reso= rt in=20 + order to skip unfixable NULL pointer access issues detected in OptionROM= or=20 + boot loaders. + + @param[in] Event The Event this notify function registered to. + @param[in] Context Pointer to the context data registered to the Even= t. +**/ +VOID +EFIAPI +DisableNullDetectionAtTheEndOfDxe ( + EFI_EVENT Event, + VOID *Context + ) +{ + EFI_STATUS Status; + + DEBUG((DEBUG_INFO, "DisableNullDetectionAtTheEndOfDxe(): start\r\n")); + // + // Disable NULL pointer detection by enabling first 4K page + // + Status =3D gCpu->SetMemoryAttributes(gCpu, 0, EFI_PAGE_SIZE, 0); + ASSERT_EFI_ERROR(Status); + + CoreCloseEvent (Event); + DEBUG((DEBUG_INFO, "DisableNullDetectionAtTheEndOfDxe(): end\r\n")); + + return; +} + /** Initialize Memory Protection support. **/ @@ -1006,6 +1036,7 @@ CoreInitializeMemoryProtection ( { EFI_STATUS Status; EFI_EVENT Event; + EFI_EVENT EndOfDxeEvent; VOID *Registration; =20 mImageProtectionPolicy =3D PcdGet32(PcdImageProtectionPolicy); @@ -1044,6 +1075,22 @@ CoreInitializeMemoryProtection ( ); ASSERT_EFI_ERROR(Status); } + + // + // Register a callback to disable NULL pointer detection at EndOfDxe + // + if ((PcdGet8(PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7)) =3D=3D = (BIT0|BIT7)) { + Status =3D CoreCreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + DisableNullDetectionAtTheEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + ASSERT_EFI_ERROR (Status); + } + return ; } =20 diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h b/MdeModulePkg/Core/DxeI= plPeim/DxeIpl.h index 72d2532f50..104599156c 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h @@ -52,6 +52,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER= EXPRESS OR IMPLIED. #define STACK_SIZE 0x20000 #define BSP_STORE_SIZE 0x4000 =20 +#define NULL_DETECTION_ENABLED ((PcdGet8(PcdNullPointerDetectionPropertyM= ask) & BIT0) !=3D 0) =20 // // This PPI is installed to indicate the end of the PEI usage of memory @@ -240,4 +241,18 @@ Decompress ( OUT UINTN *OutputSize ); =20 +/** + Clear legacy memory located at the first 4K-page. + + This function traverses the whole HOB list to check if memory from 0 to= 4095=20 + exists and has not been allocated, and then clear it if so. + + @param HoStart The start of HobList passed to DxeCore. + +**/ +VOID +ClearLegacyMemory( + IN VOID *HobStart + ); + #endif diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index c54afe4aa6..fde70f94bb 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -110,11 +110,12 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables ## CONSUME= S =20 [FeaturePcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUME= S + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ##= CONSUMES =20 [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES =20 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/Dxe= IplPeim/DxeLoad.c index 50b5440d15..b5f9d92f5b 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c @@ -825,3 +825,56 @@ UpdateStackHob ( Hob.Raw =3D GET_NEXT_HOB (Hob); } } + +/** + Clear legacy memory located at the first 4K-page, if available. + + This function traverses the whole HOB list to check if memory from 0 to= 4095=20 + exists and has not been allocated, and then clear it if so. + + @param HoStart The start of HobList passed to DxeCore= . + +**/ +VOID +ClearLegacyMemory( + IN VOID *HobStart + ) +{ + EFI_PEI_HOB_POINTERS RscDescHob; + EFI_PEI_HOB_POINTERS MemAllocHob; + BOOLEAN DoClear; + + RscDescHob.Raw =3D HobStart; + MemAllocHob.Raw =3D HobStart; + DoClear =3D FALSE; + + // + // Check if page 0 exists and free + // + while ((RscDescHob.Raw =3D GetNextHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR,= RscDescHob.Raw)) !=3D NULL) { + if (RscDescHob.ResourceDescriptor->ResourceType =3D=3D EFI_RESOURCE_SY= STEM_MEMORY &&=20 + RscDescHob.ResourceDescriptor->PhysicalStart =3D=3D 0) { + DoClear =3D TRUE; + //=20 + // Make sure memory at 0-4095 has not been allocated. + // + while ((MemAllocHob.Raw =3D GetNextHob (EFI_HOB_TYPE_MEMORY_ALLOCATI= ON, MemAllocHob.Raw)) !=3D NULL) { + if (MemAllocHob.MemoryAllocation->AllocDescriptor.MemoryBaseAddres= s < EFI_PAGE_SIZE) { + DoClear =3D FALSE; + break; + } + MemAllocHob.Raw =3D GET_NEXT_HOB (MemAllocHob); + } + break; + } + RscDescHob.Raw =3D GET_NEXT_HOB (RscDescHob); + } + + if (DoClear) { + DEBUG((DEBUG_INFO, "Clearing first 4K-page!\r\n")); + SetMem(NULL, EFI_PAGE_SIZE, 0); + } + + return; +} + diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg= /Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 1957326caf..a8aa0d5d1b 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -123,7 +123,8 @@ Create4GPageTablesIa32Pae ( PageDirectoryPointerEntry->Bits.Present =3D 1; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < = 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress += =3D SIZE_2MB) { - if ((PhysicalAddress < StackBase + StackSize) && ((PhysicalAddress += SIZE_2MB) > StackBase)) { + if ((NULL_DETECTION_ENABLED && PhysicalAddress =3D=3D 0) + || ((PhysicalAddress < StackBase + StackSize) && ((PhysicalAddre= ss + SIZE_2MB) > StackBase))) { // // Need to split this 2M page that covers stack range. // @@ -240,6 +241,8 @@ HandOffToDxeCore ( EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; BOOLEAN BuildPageTablesIa32Pae; =20 + ClearLegacyMemory(HobList.Raw); + Status =3D PeiServicesAllocatePages (EfiBootServicesData, EFI_SIZE_TO_PA= GES (STACK_SIZE), &BaseOfStack); ASSERT_EFI_ERROR (Status); =20 @@ -379,7 +382,8 @@ HandOffToDxeCore ( TopOfStack =3D (EFI_PHYSICAL_ADDRESS) (UINTN) ALIGN_POINTER (TopOfStac= k, CPU_STACK_ALIGNMENT); =20 PageTables =3D 0; - BuildPageTablesIa32Pae =3D (BOOLEAN) (PcdGetBool (PcdSetNxForStack) &&= IsIa32PaeSupport () && IsExecuteDisableBitAvailable ()); + BuildPageTablesIa32Pae =3D (BOOLEAN) (IsIa32PaeSupport () && IsExecute= DisableBitAvailable () + && (PcdGetBool (PcdSetNxForStack) = || NULL_DETECTION_ENABLED)); if (BuildPageTablesIa32Pae) { PageTables =3D Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE); EnableExecuteDisableBit (); diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/X64/DxeLoadFunc.c index 6488880eab..50a8d77a5b 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c @@ -42,6 +42,8 @@ HandOffToDxeCore ( EFI_VECTOR_HANDOFF_INFO *VectorInfo; EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; =20 + ClearLegacyMemory(HobList.Raw); + // // Get Vector Hand-off Info PPI and build Guided HOB // diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePk= g/Core/DxeIplPeim/X64/VirtualMemory.c index 48150be4e1..ccd6e10cb2 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -90,8 +90,14 @@ Split2MPageTo4K ( // PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask= ; PageTableEntry->Bits.ReadWrite =3D 1; - PageTableEntry->Bits.Present =3D 1; - if ((PhysicalAddress4K >=3D StackBase) && (PhysicalAddress4K < StackBa= se + StackSize)) { + + if (NULL_DETECTION_ENABLED && PhysicalAddress4K =3D=3D 0) { + PageTableEntry->Bits.Present =3D 0; + } else { + PageTableEntry->Bits.Present =3D 1; + } + + if (PcdGetBool (PcdSetNxForStack) && (PhysicalAddress4K >=3D StackBase= ) && (PhysicalAddress4K < StackBase + StackSize)) { // // Set Nx bit for stack. // @@ -137,9 +143,10 @@ Split1GPageTo2M ( =20 PhysicalAddress2M =3D PhysicalAddress; for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < 51= 2; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += =3D SIZE_2MB) { - if ((PhysicalAddress2M < StackBase + StackSize) && ((PhysicalAddress2M= + SIZE_2MB) > StackBase)) { + if ((NULL_DETECTION_ENABLED && PhysicalAddress2M =3D=3D 0) + || (PcdGetBool (PcdSetNxForStack) && (PhysicalAddress2M < StackBas= e + StackSize) && ((PhysicalAddress2M + SIZE_2MB) > StackBase))) { // - // Need to split this 2M page that covers stack range. + // Need to split this 2M page that covers NULL or stack range. // Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); } else { @@ -279,7 +286,8 @@ CreateIdentityMappingPageTables ( PageDirectory1GEntry =3D (VOID *) PageDirectoryPointerEntry; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries = < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += =3D SIZE_1GB) { - if (PcdGetBool (PcdSetNxForStack) && (PageAddress < StackBase + St= ackSize) && ((PageAddress + SIZE_1GB) > StackBase)) { + if ((NULL_DETECTION_ENABLED && PageAddress =3D=3D 0) + || (PcdGetBool (PcdSetNxForStack) && (PageAddress < StackBase = + StackSize) && ((PageAddress + SIZE_1GB) > StackBase))) { Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, S= tackBase, StackSize); } else { // @@ -308,9 +316,10 @@ CreateIdentityMappingPageTables ( PageDirectoryPointerEntry->Bits.Present =3D 1; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntrie= s < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += =3D SIZE_2MB) { - if (PcdGetBool (PcdSetNxForStack) && (PageAddress < StackBase + = StackSize) && ((PageAddress + SIZE_2MB) > StackBase)) { + if ((NULL_DETECTION_ENABLED && PageAddress =3D=3D 0) + || (PcdGetBool (PcdSetNxForStack) && (PageAddress < StackBas= e + StackSize) && ((PageAddress + SIZE_2MB) > StackBase))) { // - // Need to split this 2M page that covers stack range. + // Need to split this 2M page that covers NULL or stack range. // Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); } else { diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 593bff357a..1cc84894af 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -860,6 +860,18 @@ # @ValidList 0x80000006 | 0x03058002 gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable|0x03058002|UINT32= |0x30001040 =20 + ## Mask to control the NULL address detection in code for different phas= es. + # If enabled, accessing NULL address in UEFI or SMM code can be caught.=

+ # BIT0 - Enable NULL pointer detection for UEFI.
+ # BIT1 - Enable NULL pointer detection for SMM.
+ # BIT2..6 - Reserved for future uses.
+ # BIT7 - Disable NULL pointer detection just after EndOfDxe.
+ # This is a workaround for those unsolvable NULL access iss= ues in OptionROM, boot loader, etc. + # It can also help to avoid unnecessary exception caused by= legacy memory (0-4095) access after=20 + # EndOfDxe, such as Windows 7 boot on Qemu.
+ # @Prompt Enable NULL address detection. + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x0|U= INT8|0x30001050 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## Dynamic type PCD can be registered callback function for Pcd setting = action. # PcdMaxPeiPcdCallBackNumberPerPcdEntry indicates the maximum number of= callback function --=20 2.14.1.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel