From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.3736.1686903416257176885 for ; Fri, 16 Jun 2023 01:16:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=eSVNMyqu; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686903416; x=1718439416; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=RdFqjO4YL2QCnSll0FLN1g2Ddusnkpl/zleaFcfP8qA=; b=eSVNMyquTxvtXhL+Q1PjZ9u6MZiJFUJ7isogUPCARLPcYF0KgtsfMCM/ Duda3+pv5OogAF3bmyuHxr/Tn2Zf5sU0x8ZG9GUPZwPn7eufZiVBgH8eS 35e4o7Z1TFkBdjgFj+R4Yk/Rzz1Yckouiwe0KjW0LnyhCDA4E+K5FPKwR QscbcW1WlHH8Asxc/+BnYCClHu9YoH0TpZYuqJROHoBdUKmgWJ0OoPDIT WdOrMtk2+oYQFe0Nhb9XW6lND7cXJbSICOlqenZnsS1QTd0KmogBCFCgI UtVzKyY5peDNPPd1+7lxWQ2NU3VJ7PTjiX84Yyq0ClSk+R1EJM3KaGoXJ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10742"; a="359164708" X-IronPort-AV: E=Sophos;i="6.00,247,1681196400"; d="scan'208";a="359164708" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2023 01:16:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10742"; a="707010413" X-IronPort-AV: E=Sophos;i="6.00,247,1681196400"; d="scan'208";a="707010413" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga007.jf.intel.com with ESMTP; 16 Jun 2023 01:16:55 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Fri, 16 Jun 2023 01:16:55 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Fri, 16 Jun 2023 01:16:55 -0700 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.46) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Fri, 16 Jun 2023 01:16:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f9fCgPp7TZLQtBGLB/ac88kUEBbJVYsWaFDUKB0CytwCsgs4LW/GdbYyWZ98fY4MSCOCkcUkRarE9MU44YBvbrT+Dkpnr/JB8n6SV2ysGU+0tA31G24Yg+UNHzxQzq+RPvLGat1SYLA2dLhz+7YzKQABHMX76kCuaeZz4Qz8DFbCYQb97592JyY9rECqh1+5wV06Mh+nrBhCfkzB+C3GVpEV76M2ZI4vWuSVIlamDrKdClAn50g/BYMIol0QUnOWFe1HyS36k2EE8iGDlcsh0uyiFWBgqrrgneP0sWToqgBfXbqcdD9Je5Ab9RxgszE9kYvrNG5EK5jRVjokLfFO7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=N1EvOPMu+JylhnxcjA+FL4/73VYd3dMz2oxn+aqirSg=; b=BaNZZb8TTeSprsW1nntkzratt9SXuwLjPEUyKOcDsVO4cQ6naQVmApjzAqmqUmpXxjhKiYg88EkoLXjxvSoyCCh9ZQddjiO1EUqFeF8Qs7hm0CgfAp6GbshzUH6Uow+/4QLgMPx2nU38nJ2mDlGqnPLTKaeF1Z5O6B7joeGqsgq3uRO2SP4qxkUNboQDkxd56ymDX77sSLRLgScrGxgazAqo8gx6aNyInXEafhuizyYEXMEHDhsRa/L/OYf+CfDusmzA83x0kaplAtOwMX9jDtOLP63LZFli47SB6KSwfVKP+z2A6edW1aiBPnViq8PvkIdSF8wUSgWlvsLMbqsSWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB6763.namprd11.prod.outlook.com (2603:10b6:303:20b::7) by MW3PR11MB4699.namprd11.prod.outlook.com (2603:10b6:303:54::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 08:16:46 +0000 Received: from MW4PR11MB6763.namprd11.prod.outlook.com ([fe80::ea27:a8a0:3e6:db89]) by MW4PR11MB6763.namprd11.prod.outlook.com ([fe80::ea27:a8a0:3e6:db89%3]) with mapi id 15.20.6500.029; Fri, 16 Jun 2023 08:16:46 +0000 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "Tan, Dun" CC: "Gao, Liming" , "Ni, Ray" , Ard Biesheuvel Subject: Re: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage Thread-Topic: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage Thread-Index: AQHZmrMyWbjr9jnaGUWK8OVIU6Yy+K+NIFgQ Date: Fri, 16 Jun 2023 08:16:46 +0000 Message-ID: References: <20230609091629.798-1-dun.tan@intel.com> <20230609091629.798-3-dun.tan@intel.com> In-Reply-To: <20230609091629.798-3-dun.tan@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB6763:EE_|MW3PR11MB4699:EE_ x-ms-office365-filtering-correlation-id: 796d73b9-03de-4788-b111-08db6e420711 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OJYg3L1QdqX3IBWGkcma5Hx2QIN74MFrd3Q1h7dtySgXRMcgLDhLA8SBtJSVRXlWn8DrE3TE8ytMzl6TLdJk0cyD3engPgmkzI/d1iOHMX13K+1xJ68Z17KJSKTDmvWV3c86krcOvfgx1ij8VbD6rHAbDapZZxJrO3tZ33BkWhJeXLg9/q2zybfp7rM8yTh1wiaIVJ52gLsGNNCyaaKy6ZkoWmYSelft9+G0ZLA9UxYG/Jgay9WX7yCQMG9jgwzTxDA2HbqhNAoJ8O3MyAOWwgZO0y9WD5knpOSz8Q7Ga5oH9oMdurBu/cOUKrRommtTW9aAYTQo1XN3TArwA1+t6LStwLeKrZ1ObOhXvcBgwoGXyijZ7V7FERTiFvBIe48p4ERvnrYpa7FZP1G3qypUzVs0dTUCUIBbHAZu96J9CJt/Qosrt1WanefyVRD7XGrwvhVsm6KldXGTpJ/Ez1iWhPYEIn+57w/V1lZu0lHtYfDSDr7djopUmMkw4OO/dSpx0bEvQmaBH/AEtKYaFRFJdIpBIs4TkEgde9BMPnrUuW8SzwV9ZprOLprXyBCo5HN5ZradjGavT9e7DyPHRuPSp0V6Rv2ZQCphjGijODBsCyY0S/+aaUD8E/ZOrqz9Q5menkfPleOuREuhkO5xWOJXHw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB6763.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(346002)(396003)(366004)(376002)(136003)(39860400002)(451199021)(66899021)(55016003)(2906002)(64756008)(41300700001)(5660300002)(33656002)(8676002)(52536014)(8936002)(316002)(4326008)(6636002)(76116006)(66446008)(66476007)(66556008)(66946007)(83380400001)(71200400001)(26005)(186003)(53546011)(6506007)(9686003)(82960400001)(38100700002)(38070700005)(86362001)(122000001)(110136005)(478600001)(54906003)(966005)(7696005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?qhs5IySB9GwOaWvezuWGNy6OX2KoA8kg0m8QK8G1QSjh9ClggtX+d7uR8W//?= =?us-ascii?Q?a/yZuqJ1bqjAD9clPeTS2SKZ4oOS2Y8JeWeXXuznWGgAiXPeL7CxoNwhIQA6?= =?us-ascii?Q?qfv3eVJbBeQrLhLtlA8aLPQSl3DX08JwpjE+m5O2Pji/PF3HmZ/FtgdF5q9x?= =?us-ascii?Q?dTEfQkhw108BZoRBSyBtCBZdPcEzbTXU1V89JgLKsnEFKbAD0djOq+5lNOZH?= =?us-ascii?Q?fGpZKMSft0EF7ehJdHRGiHca0DHle+lYZUoHOWIyyhvqJgB3YE9ZVouxfI2p?= =?us-ascii?Q?1wQPXrOiiVfmF/AFVzh23yetyK9QuWUVtPidUz/0aBnyRbPFxJDXbg9Fo3Xx?= =?us-ascii?Q?XoVfNnGpKiVpgJ1XUt9duaBJIlS57yUv8OFAJiJBKfBeOmHtw0jJTclPN6UP?= =?us-ascii?Q?OsZ6L9XafU9NkjfHRlRLFaF+nTMhtEY+azS3kRp38P+1Qqw4GYVfptnsRZ2X?= =?us-ascii?Q?jMdldXPK/y8PoQyugagwrj7N0IL28uuXOl8UTj19hWgreT0F8hZRVBzVC3eN?= =?us-ascii?Q?VgPsKAs0a6nDdU29SeY1RKTIciSWchBBlgdmSUMkpGEZFEUoSyIgc+WTVPw3?= =?us-ascii?Q?rEBoYGYfIzlHpVEcSAqU7/sEGbJW4A1w+4ZY83t+pkM93dJGJgsHS1nvXfVd?= =?us-ascii?Q?ih8KTQpiMSSugR0YQwTWbLoNXZwml05sP8FJzqUdyHYwqAnxMXzTPZ7ZU2IQ?= =?us-ascii?Q?aGKTnteymNrpCw5PVKNaaUNOM8DekKXuggX/VIXn+Eluc4w9+4+qAJBWMxwO?= =?us-ascii?Q?5GyJf9jWMekwGIk1WkfFpbXEnD+hs5C3WtGhbAVno7iYvJJEJ67fHs3VbT27?= =?us-ascii?Q?hDKn473eL/LoROgImTqvsOHmyeISHTeNFRjLcveOAJiioxb6S1wYGBP+CqoI?= =?us-ascii?Q?ngb9ygIhlXtlkHFwDW/H2yIP5UfbqU66Lbebm7/GZVHErMgIIfyWYY35r6dR?= =?us-ascii?Q?8/4ZcnZRIv/O88JC5yZfafaaB6XZhd0XiNKgZA/k3OLdTfDkqGsZwRkAjVvg?= =?us-ascii?Q?Pwh3TetFw41JBsh5Z1YAPUdyq5bysBxG53KhFnyfLfETr4a6Y/Q5hovo9sJD?= =?us-ascii?Q?gEFgMmDrlNsFff416mQWemCG7QRF+vYt0b3g9OhOjUu99AOgHbYPx5ImXyJ/?= =?us-ascii?Q?n/oFX8G6Sp26KVMUdD1yamXTQnB8stEJPDLB5HYnAtfjpPdlmxXYMqj8NHn3?= =?us-ascii?Q?QXLNJo+R326NMCscuYxPZx+u7KeJVSpLGZYzLQv1sHtn7yhn/qtoi8zuVLPM?= =?us-ascii?Q?rEHp5RcAn5OfkgX4N02PnpOQblrFBpY3zyAX0+mhzl3x7oSWij6e0R891Fgc?= =?us-ascii?Q?vq4cNWceTuL0XU5z9+9pSnDRbjg51x4is3HCdMkgmV8yeFL54Zdh/XhHmO4f?= =?us-ascii?Q?z2cgmt3XWGFBsRzvmw8upiyuLsRTk54ZbmtX9fMbjRgR3CPsJLNT/NbPaKLO?= =?us-ascii?Q?Lygi+MbVcJRLJ8QDGLz0e4U7IMT1g5q3Eb1G3UL4U0jH+JrHiNgWtSSQYHca?= =?us-ascii?Q?e61fzrt+GoiJ7bFMViBQQITWCmZx0jRcX2L5Wde6InMHV+Q6KipretxwfSoV?= =?us-ascii?Q?5tC70rFwYoPX3YqhXkXmkaol967r2r6p9LSv6EVC?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB6763.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 796d73b9-03de-4788-b111-08db6e420711 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jun 2023 08:16:46.8183 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: EyPFxjaLRgHRSw11WGAUHboMfe3H2aieqtzmbYZVKnsYWKtKrf32Uk+JRzLpgn9kQS9QiE/C9Zy30TUt4UfGFg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4699 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of duntan > Sent: Friday, June 09, 2023 5:16 PM > To: devel@edk2.groups.io > Cc: Gao, Liming ; Ni, Ray ; > Wang, Jian J ; Ard Biesheuvel > > Subject: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribu= te > protection in UnsetGuardPage >=20 > In UnsetGuardPage(), before SmmReadyToLock, remove NX and RO > memory attribute protection for guarded page since > EfiConventionalMemory in SMRAM is RW and executable before > SmmReadyToLock. If UnsetGuardPage() happens after SmmReadyToLock, > then apply EFI_MEMORY_XP to the guarded page to make sure > EfiConventionalMemory in SMRAM is NX since EfiConventionalMemory > in SMRAM is marked as NX in PiSmmCpuDxe driver when SmmReadyToLock. >=20 > Signed-off-by: Dun Tan > Cc: Liming Gao > Cc: Ray Ni > Cc: Jian J Wang > Cc: Ard Biesheuvel > --- > MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) >=20 > diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > index 8f3bab6fee..25310122ca 100644 > --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > @@ -553,9 +553,23 @@ UnsetGuardPage ( > mSmmMemoryAttribute, > BaseAddress, > EFI_PAGE_SIZE, > - EFI_MEMORY_RP > + EFI_MEMORY_RP|EFI_MEMORY_RO|EFI= _MEMORY_XP > ); > ASSERT_EFI_ERROR (Status); > + > + if (gST =3D=3D NULL) { > + // > + // Make sure EfiConventionalMemory is NX after SmmReadyToLock > + // > + Status =3D mSmmMemoryAttribute->SetMemoryAttributes ( > + mSmmMemoryAttribute, > + BaseAddress, > + EFI_PAGE_SIZE, > + EFI_MEMORY_XP > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > mOnGuarding =3D FALSE; > } > } > -- > 2.31.1.windows.1 >=20 >=20 >=20 >=20 >=20