public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Taylor Beebe" <t@taylorbeebe.com>
To: devel@edk2.groups.io
Cc: Guo Dong <guo.dong@intel.com>,
	Sean Rhodes <sean@starlabs.systems>,
	James Lu <james.lu@intel.com>, Gua Guo <gua.guo@intel.com>
Subject: [PATCH 11/14] UefiPayloadPkg: Update to use memory protection HOB
Date: Tue, 11 Jul 2023 16:52:48 -0700	[thread overview]
Message-ID: <eb124a188763d9432ae0ae27c70a1683e2dade71.1689101263.git.t@taylorbeebe.com> (raw)
In-Reply-To: <cover.1689101263.git.t@taylorbeebe.com>

From: Taylor Beebe <tabeebe@microsoft.com>

Replace references to the memory protection PCDs with references
to the memory protection HOB.

The X64/DxeLoadFunc.c will check the PcdDxeIplBuildPageTables
PCD to determine if page tables should be built wheras before
they would check both the PcdDxeIplBuildPageTables PCD and the
memory protection settings. If PcdDxeIplBuildPageTables is
FALSE but memory protections are active, ASSERT on X64.

The Ia32/DxeLoadFunc.c was hard-coded to always build the page
tables, and that is unchanged in this patch. However,
this does remove the unused Create4GPageTablesIa32Pae() function
in Ia32/DxeLoadFunc.c.

Signed-off-by: Taylor Beebe <t@taylorbeebe.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
---
 .../UefiPayloadEntry/Ia32/DxeLoadFunc.c       | 149 +-----------------
 UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c |  26 +++
 .../UefiPayloadEntry/UefiPayloadEntry.h       |  15 ++
 .../UefiPayloadEntry/UefiPayloadEntry.inf     |   9 +-
 .../UniversalPayloadEntry.inf                 |   9 +-
 .../UefiPayloadEntry/X64/DxeLoadFunc.c        |  25 ++-
 .../UefiPayloadEntry/X64/VirtualMemory.c      |  78 ++++-----
 .../UefiPayloadEntry/X64/VirtualMemory.h      |  23 +--
 UefiPayloadPkg/UefiPayloadPkg.dsc             |   1 +
 9 files changed, 98 insertions(+), 237 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
index 61a9f01ec9..fa1fa53aea 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
@@ -78,107 +78,6 @@ GLOBAL_REMOVE_IF_UNREFERENCED  IA32_DESCRIPTOR  gLidtDescriptor = {
   0
 };
 
-/**
-  Allocates and fills in the Page Directory and Page Table Entries to
-  establish a 4G page table.
-
-  @param[in] StackBase  Stack base address.
-  @param[in] StackSize  Stack size.
-
-  @return The address of page table.
-
-**/
-UINTN
-Create4GPageTablesIa32Pae (
-  IN EFI_PHYSICAL_ADDRESS  StackBase,
-  IN UINTN                 StackSize
-  )
-{
-  UINT8                           PhysicalAddressBits;
-  EFI_PHYSICAL_ADDRESS            PhysicalAddress;
-  UINTN                           IndexOfPdpEntries;
-  UINTN                           IndexOfPageDirectoryEntries;
-  UINT32                          NumberOfPdpEntriesNeeded;
-  PAGE_MAP_AND_DIRECTORY_POINTER  *PageMap;
-  PAGE_MAP_AND_DIRECTORY_POINTER  *PageDirectoryPointerEntry;
-  PAGE_TABLE_ENTRY                *PageDirectoryEntry;
-  UINTN                           TotalPagesNum;
-  UINTN                           PageAddress;
-  UINT64                          AddressEncMask;
-
-  //
-  // Make sure AddressEncMask is contained to smallest supported address field
-  //
-  AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
-
-  PhysicalAddressBits = 32;
-
-  //
-  // Calculate the table entries needed.
-  //
-  NumberOfPdpEntriesNeeded = (UINT32)LShiftU64 (1, (PhysicalAddressBits - 30));
-
-  TotalPagesNum = NumberOfPdpEntriesNeeded + 1;
-  PageAddress   = (UINTN)AllocatePageTableMemory (TotalPagesNum);
-  ASSERT (PageAddress != 0);
-
-  PageMap      = (VOID *)PageAddress;
-  PageAddress += SIZE_4KB;
-
-  PageDirectoryPointerEntry = PageMap;
-  PhysicalAddress           = 0;
-
-  for (IndexOfPdpEntries = 0; IndexOfPdpEntries < NumberOfPdpEntriesNeeded; IndexOfPdpEntries++, PageDirectoryPointerEntry++) {
-    //
-    // Each Directory Pointer entries points to a page of Page Directory entires.
-    // So allocate space for them and fill them in in the IndexOfPageDirectoryEntries loop.
-    //
-    PageDirectoryEntry = (VOID *)PageAddress;
-    PageAddress       += SIZE_4KB;
-
-    //
-    // Fill in a Page Directory Pointer Entries
-    //
-    PageDirectoryPointerEntry->Uint64       = (UINT64)(UINTN)PageDirectoryEntry | AddressEncMask;
-    PageDirectoryPointerEntry->Bits.Present = 1;
-
-    for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress += SIZE_2MB) {
-      if (  (IsNullDetectionEnabled () && (PhysicalAddress == 0))
-         || (  (PhysicalAddress < StackBase + StackSize)
-            && ((PhysicalAddress + SIZE_2MB) > StackBase)))
-      {
-        //
-        // Need to split this 2M page that covers stack range.
-        //
-        Split2MPageTo4K (PhysicalAddress, (UINT64 *)PageDirectoryEntry, StackBase, StackSize, 0, 0);
-      } else {
-        //
-        // Fill in the Page Directory entries
-        //
-        PageDirectoryEntry->Uint64         = (UINT64)PhysicalAddress | AddressEncMask;
-        PageDirectoryEntry->Bits.ReadWrite = 1;
-        PageDirectoryEntry->Bits.Present   = 1;
-        PageDirectoryEntry->Bits.MustBe1   = 1;
-      }
-    }
-  }
-
-  for ( ; IndexOfPdpEntries < 512; IndexOfPdpEntries++, PageDirectoryPointerEntry++) {
-    ZeroMem (
-      PageDirectoryPointerEntry,
-      sizeof (PAGE_MAP_AND_DIRECTORY_POINTER)
-      );
-  }
-
-  //
-  // Protect the page table by marking the memory used for page table to be
-  // read-only.
-  //
-  EnablePageTableProtection ((UINTN)PageMap, FALSE);
-
-  return (UINTN)PageMap;
-}
-
 /**
   The function will check if IA32 PAE is supported.
 
@@ -207,41 +106,6 @@ IsIa32PaeSupport (
   return Ia32PaeSupport;
 }
 
-/**
-  The function will check if page table should be setup or not.
-
-  @retval TRUE      Page table should be created.
-  @retval FALSE     Page table should not be created.
-
-**/
-BOOLEAN
-ToBuildPageTable (
-  VOID
-  )
-{
-  if (!IsIa32PaeSupport ()) {
-    return FALSE;
-  }
-
-  if (IsNullDetectionEnabled ()) {
-    return TRUE;
-  }
-
-  if (PcdGet8 (PcdHeapGuardPropertyMask) != 0) {
-    return TRUE;
-  }
-
-  if (PcdGetBool (PcdCpuStackGuard)) {
-    return TRUE;
-  }
-
-  if (IsEnableNonExecNeeded ()) {
-    return TRUE;
-  }
-
-  return FALSE;
-}
-
 /**
    Transfers control to DxeCore.
 
@@ -268,12 +132,13 @@ HandOffToDxeCore (
   UINT32                   Index;
   X64_IDT_TABLE            *IdtTableForX64;
 
-  //
-  // Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
-  //
-  if (IsNullDetectionEnabled ()) {
-    ClearFirst4KPage (HobList.Raw);
-    BuildMemoryAllocationHob (0, EFI_PAGES_TO_SIZE (1), EfiBootServicesData);
+  PopulateDxeMemoryProtectionSettings (&mDxeMps);
+
+  if (mDxeMps.NullPointerDetection.Enabled) {
+    ASSERT (CanAllocateNullPage (HobList.Raw));
+    // Clear NULL page and mark it as allocated for NULL detection
+    SetMem (NULL, EFI_PAGE_SIZE, (UINTN)NULL);
+    BuildMemoryAllocationHob ((UINTN)NULL, EFI_PAGES_TO_SIZE (1), EfiBootServicesData);
   }
 
   BaseOfStack = (EFI_PHYSICAL_ADDRESS)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));
diff --git a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
index 898d610951..407afbe404 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
@@ -8,6 +8,8 @@
 
 #include "UefiPayloadEntry.h"
 
+DXE_MEMORY_PROTECTION_SETTINGS  mDxeMps;
+
 /**
   Allocate pages for code.
 
@@ -359,3 +361,27 @@ UniversalLoadDxeCore (
 
   return EFI_SUCCESS;
 }
+
+/**
+  Populates mDxeMps global with the data present in the memory
+  protection HOB entry if it exists.
+
+  @param[in] DxeMps  Pointer to the DXE memory protection settings.
+**/
+VOID
+EFIAPI
+PopulateDxeMemoryProtectionSettings (
+  IN DXE_MEMORY_PROTECTION_SETTINGS  *DxeMps
+  )
+{
+  VOID  *Ptr;
+
+  Ptr = GetFirstGuidHob (&gDxeMemoryProtectionSettingsGuid);
+
+  // Cache the Memory Protection Settings HOB entry
+  if ((Ptr != NULL) && DXE_MPS_IS_STRUCT_VALID (GET_GUID_HOB_DATA (Ptr))) {
+    CopyMem (DxeMps, GET_GUID_HOB_DATA (Ptr), sizeof (DXE_MEMORY_PROTECTION_SETTINGS));
+  } else {
+    ZeroMem (DxeMps, sizeof (DXE_MEMORY_PROTECTION_SETTINGS));
+  }
+}
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
index ad8a9fd22b..56fd767036 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -30,6 +30,7 @@
 #include <Guid/MemoryMapInfoGuid.h>
 #include <Guid/AcpiBoardInfoGuid.h>
 #include <Guid/GraphicsInfoHob.h>
+#include <Guid/DxeMemoryProtectionSettings.h>
 #include <UniversalPayload/SmbiosTable.h>
 #include <UniversalPayload/AcpiTable.h>
 #include <UniversalPayload/UniversalPayload.h>
@@ -51,6 +52,8 @@
 #define E820_PMEM       7
 #define E820_UNDEFINED  8
 
+extern DXE_MEMORY_PROTECTION_SETTINGS  mDxeMps;
+
 /**
   Auto-generated function that calls the library constructors for all of the module's
   dependent libraries.
@@ -216,4 +219,16 @@ BuildHobFromAcpi (
   IN   UINT64  AcpiTableBase
   );
 
+/**
+  Populates mDxeMps global with the data present in the memory
+  protection HOB entry if it exists.
+
+  @param[in] DxeMps  Pointer to the DXE memory protection settings.
+**/
+VOID
+EFIAPI
+PopulateDxeMemoryProtectionSettings (
+  IN DXE_MEMORY_PROTECTION_SETTINGS  *DxeMps
+  );
+
 #endif
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
index e2af8a4b7c..8d5600b6ce 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
@@ -65,6 +65,7 @@
   gUniversalPayloadSmbiosTableGuid
   gUniversalPayloadAcpiTableGuid
   gUniversalPayloadSerialPortInfoGuid
+  gDxeMemoryProtectionSettingsGuid
 
 [FeaturePcd.IA32]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode      ## CONSUMES
@@ -76,9 +77,6 @@
 [Pcd.IA32,Pcd.X64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask               ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                       ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                            ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize                            ## CONSUMES
 
@@ -91,8 +89,3 @@
   gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
   gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData
   gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode
-
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIMES_CONSUMES
-
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
index 5112cdc1e5..e03f25d982 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
@@ -69,6 +69,7 @@
   gUniversalPayloadAcpiTableGuid
   gUniversalPayloadPciRootBridgeInfoGuid
   gUniversalPayloadSmbios3TableGuid
+  gDxeMemoryProtectionSettingsGuid
 
 [FeaturePcd.IA32]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode      ## CONSUMES
@@ -81,17 +82,9 @@
   gUefiPayloadPkgTokenSpaceGuid.PcdPcdDriverFile
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask               ## CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                       ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                            ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize                            ## CONSUMES
 
   gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase
   gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize
   gUefiPayloadPkgTokenSpaceGuid.PcdSystemMemoryUefiRegionSize
-
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIMES_CONSUMES
-
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
index 346e3feb04..53bfa3f8b4 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
@@ -40,12 +40,13 @@ HandOffToDxeCore (
   VOID   *GhcbBase;
   UINTN  GhcbSize;
 
-  //
-  // Clear page 0 and mark it as allocated if NULL pointer detection is enabled.
-  //
-  if (IsNullDetectionEnabled ()) {
-    ClearFirst4KPage (HobList.Raw);
-    BuildMemoryAllocationHob (0, EFI_PAGES_TO_SIZE (1), EfiBootServicesData);
+  PopulateDxeMemoryProtectionSettings (&mDxeMps);
+
+  if (mDxeMps.NullPointerDetection.Enabled) {
+    ASSERT (CanAllocateNullPage (HobList.Raw));
+    // Clear NULL page and mark it as allocated for NULL detection
+    SetMem (NULL, EFI_PAGE_SIZE, (UINTN)NULL);
+    BuildMemoryAllocationHob ((UINTN)NULL, EFI_PAGES_TO_SIZE (1), EfiBootServicesData);
   }
 
   //
@@ -78,17 +79,9 @@ HandOffToDxeCore (
                    (EFI_PHYSICAL_ADDRESS)(UINTN)GhcbBase,
                    GhcbSize
                    );
-  } else {
-    //
-    // Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE
-    // for the DxeIpl and the DxeCore are both X64.
-    //
-    ASSERT (PcdGetBool (PcdSetNxForStack) == FALSE);
-    ASSERT (PcdGetBool (PcdCpuStackGuard) == FALSE);
-  }
-
-  if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
     AsmWriteCr3 (PageTables);
+  } else {
+    ASSERT (!DXE_MPS_IS_MEMORY_PROTECTION_ACTIVE (&mDxeMps));
   }
 
   //
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
index 1899404b24..f01ed175c6 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
@@ -30,37 +30,45 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/PcdLib.h>
 #include <Library/HobLib.h>
 #include <Register/Intel/Cpuid.h>
+#include <Guid/DxeMemoryProtectionSettings.h>
 #include "VirtualMemory.h"
 
+extern DXE_MEMORY_PROTECTION_SETTINGS  mDxeMps;
+
 //
 // Global variable to keep track current available memory used as page table.
 //
 PAGE_TABLE_POOL  *mPageTablePool = NULL;
 
 /**
-  Clear legacy memory located at the first 4K-page, if available.
-
-  This function traverses the whole HOB list to check if memory from 0 to 4095
-  exists and has not been allocated, and then clear it if so.
+  Returns TRUE if the NULL page has not been allocated.
 
   @param HobStart                  The start of HobList passed to DxeCore.
 
+  @retval TRUE                     NULL page is unallocated
+  @retval FALSE                    NULL page cannot be allocated
+
 **/
-VOID
-ClearFirst4KPage (
+BOOLEAN
+CanAllocateNullPage (
   IN  VOID  *HobStart
   )
 {
   EFI_PEI_HOB_POINTERS  RscHob;
   EFI_PEI_HOB_POINTERS  MemHob;
-  BOOLEAN               DoClear;
+  BOOLEAN               CanAllocate;
 
-  RscHob.Raw = HobStart;
-  MemHob.Raw = HobStart;
-  DoClear    = FALSE;
+  if (HobStart == NULL) {
+    ASSERT (HobStart != NULL);
+    return FALSE;
+  }
+
+  RscHob.Raw  = HobStart;
+  MemHob.Raw  = HobStart;
+  CanAllocate = FALSE;
 
   //
-  // Check if page 0 exists and free
+  // Check if page 0 exists and is free
   //
   while ((RscHob.Raw = GetNextHob (
                          EFI_HOB_TYPE_RESOURCE_DESCRIPTOR,
@@ -68,9 +76,9 @@ ClearFirst4KPage (
                          )) != NULL)
   {
     if ((RscHob.ResourceDescriptor->ResourceType == EFI_RESOURCE_SYSTEM_MEMORY) &&
-        (RscHob.ResourceDescriptor->PhysicalStart == 0))
+        (RscHob.ResourceDescriptor->PhysicalStart == (UINTN)NULL))
     {
-      DoClear = TRUE;
+      CanAllocate = TRUE;
       //
       // Make sure memory at 0-4095 has not been allocated.
       //
@@ -79,10 +87,10 @@ ClearFirst4KPage (
                              MemHob.Raw
                              )) != NULL)
       {
-        if (MemHob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress
-            < EFI_PAGE_SIZE)
+        if ((MemHob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress >= (UINTN)NULL) &&
+            (MemHob.MemoryAllocation->AllocDescriptor.MemoryBaseAddress < (UINTN)NULL + EFI_PAGE_SIZE))
         {
-          DoClear = FALSE;
+          CanAllocate = FALSE;
           break;
         }
 
@@ -95,27 +103,7 @@ ClearFirst4KPage (
     RscHob.Raw = GET_NEXT_HOB (RscHob);
   }
 
-  if (DoClear) {
-    DEBUG ((DEBUG_INFO, "Clearing first 4K-page!\r\n"));
-    SetMem (NULL, EFI_PAGE_SIZE, 0);
-  }
-
-  return;
-}
-
-/**
-  Return configure status of NULL pointer detection feature.
-
-  @return TRUE   NULL pointer detection feature is enabled
-  @return FALSE  NULL pointer detection feature is disabled
-
-**/
-BOOLEAN
-IsNullDetectionEnabled (
-  VOID
-  )
-{
-  return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
+  return CanAllocate;
 }
 
 /**
@@ -169,9 +157,7 @@ IsEnableNonExecNeeded (
   // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
   // Features controlled by Following PCDs need this feature to be enabled.
   //
-  return (PcdGetBool (PcdSetNxForStack) ||
-          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
-          PcdGet32 (PcdImageProtectionPolicy) != 0);
+  return TRUE;
 }
 
 /**
@@ -214,7 +200,7 @@ ToSplitPageTable (
   IN UINTN                 GhcbSize
   )
 {
-  if (IsNullDetectionEnabled () && (Address == 0)) {
+  if ((Address == (UINTN)NULL) && mDxeMps.NullPointerDetection.Enabled) {
     return TRUE;
   }
 
@@ -398,17 +384,17 @@ Split2MPageTo4K (
 
     PageTableEntry->Bits.ReadWrite = 1;
 
-    if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
-        (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
+    if ((mDxeMps.NullPointerDetection.Enabled && (PhysicalAddress4K == (UINTN)NULL)) ||
+        (mDxeMps.CpuStackGuardEnabled && (PhysicalAddress4K == StackBase)))
     {
       PageTableEntry->Bits.Present = 0;
     } else {
       PageTableEntry->Bits.Present = 1;
     }
 
-    if (  PcdGetBool (PcdSetNxForStack)
-       && (PhysicalAddress4K >= StackBase)
-       && (PhysicalAddress4K < StackBase + StackSize))
+    if (mDxeMps.StackExecutionProtectionEnabled &&
+        (PhysicalAddress4K >= StackBase) &&
+        (PhysicalAddress4K < StackBase + StackSize))
     {
       //
       // Set Nx bit for stack.
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h
index 616ebe42b0..c27bf68a04 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h
@@ -265,28 +265,17 @@ AsmGetVectorTemplatInfo (
   );
 
 /**
-  Clear legacy memory located at the first 4K-page.
+  Returns TRUE if the NULL page has not been allocated.
 
-  This function traverses the whole HOB list to check if memory from 0 to 4095
-  exists and has not been allocated, and then clear it if so.
+  @param HobStart                  The start of HobList passed to DxeCore.
 
-  @param HobStart         The start of HobList passed to DxeCore.
+  @retval TRUE                     NULL page is unallocated
+  @retval FALSE                    NULL page cannot be allocated
 
 **/
-VOID
-ClearFirst4KPage (
-  IN  VOID  *HobStart
-  );
-
-/**
-  Return configure status of NULL pointer detection feature.
-
-  @return TRUE   NULL pointer detection feature is enabled
-  @return FALSE  NULL pointer detection feature is disabled
-**/
 BOOLEAN
-IsNullDetectionEnabled (
-  VOID
+CanAllocateNullPage (
+  IN  VOID  *HobStart
   );
 
 /**
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 47812048dd..a7282f197b 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -207,6 +207,7 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
   HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf
+  DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf
 
   #
   # UEFI & PI
-- 
2.41.0.windows.2


  parent reply	other threads:[~2023-07-11 23:53 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-11 23:52 [PATCH 00/14] Implement Dynamic Memory Protections Taylor Beebe
2023-07-11 23:52 ` [PATCH 01/14] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-07-11 23:52 ` [PATCH 02/14] MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs Taylor Beebe
2023-07-11 23:52 ` [PATCH 03/14] MdeModulePkg: Add Phase-Specific MemoryProtectionHobLib Implementations Taylor Beebe
2023-07-11 23:52 ` [PATCH 04/14] OvmfPkg: Create the memory protection settings HOB Taylor Beebe
2023-07-11 23:52 ` [PATCH 05/14] ArmVirtPkg: Create " Taylor Beebe
2023-07-11 23:52 ` [PATCH 06/14] ArmPkg: Update to use memory protection HOB Taylor Beebe
2023-07-11 23:52 ` [PATCH 07/14] EmulatorPkg: " Taylor Beebe
2023-07-11 23:52 ` [PATCH 08/14] MdeModulePkg: " Taylor Beebe
2023-07-11 23:52 ` [PATCH 09/14] OvmfPkg: " Taylor Beebe
2023-07-11 23:52 ` [PATCH 10/14] UefiCpuPkg: " Taylor Beebe
2023-07-11 23:52 ` Taylor Beebe [this message]
2023-07-11 23:52 ` [PATCH 12/14] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-07-11 23:52 ` [PATCH 14/14] MdeModulePkg: " Taylor Beebe
2023-07-11 23:52 ` Taylor Beebe
     [not found] ` <1770F551E2E594C0.16575@groups.io>
2023-07-12  0:01   ` [edk2-devel] " Taylor Beebe
2023-07-12 10:05 ` [PATCH 00/14] Implement Dynamic Memory Protections Gerd Hoffmann
2023-07-12 21:54   ` Taylor Beebe
2023-07-17 11:14     ` [edk2-devel] " Gerd Hoffmann
2023-07-17 16:15 ` Pedro Falcato
2023-07-17 16:25   ` Ard Biesheuvel
2023-07-17 16:49     ` Pedro Falcato
2023-07-18  2:45       ` Taylor Beebe
2023-07-18  6:11     ` Ni, Ray

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=eb124a188763d9432ae0ae27c70a1683e2dade71.1689101263.git.t@taylorbeebe.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox