From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=ruiyu.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C617622135D55 for ; Tue, 6 Mar 2018 19:10:31 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2018 19:16:45 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,434,1515484800"; d="scan'208";a="25828238" Received: from ray-dev.ccr.corp.intel.com (HELO [10.239.9.44]) ([10.239.9.44]) by fmsmga002.fm.intel.com with ESMTP; 06 Mar 2018 19:16:44 -0800 To: Hao Wu , edk2-devel@lists.01.org Cc: Jian J Wang , Star Zeng , Eric Dong , Jiewen Yao References: <20180306133303.14772-1-hao.a.wu@intel.com> From: "Ni, Ruiyu" Message-ID: Date: Wed, 7 Mar 2018 11:16:44 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180306133303.14772-1-hao.a.wu@intel.com> Subject: Re: [PATCH v2 0/2] Resolve feature conflict between NX and Stack guard X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 03:10:32 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 3/6/2018 9:33 PM, Hao Wu wrote: > V2 changes: > > A. Use Hoblib APIs to get the base of stack from Hob. > B. Remove unnecessary local variable used in function > InitializeDxeNxMemoryProtectionPolicy(). > > V1 history: > > If enabled, NX memory protection feature will mark some types of active > memory as NX (non-executable), which includes the first page of the stack. > This will overwrite the attributes of the first page of the stack if the > stack guard feature is also enabled. > > The series will override the attributes setting to the first page of the > stack by adding back the 'EFI_MEMORY_RP' attribute when the stack guard > feature is enabled. > > Cc: Jian J Wang > Cc: Star Zeng > Cc: Eric Dong > Cc: Jiewen Yao > Cc: Ruiyu Ni > > Hao Wu (2): > MdeModulePkg/Core: Refine handling NULL detection in NX setting > MdeModulePkg/Core: Fix feature conflict between NX and Stack guard > > MdeModulePkg/Core/Dxe/DxeMain.inf | 4 +- > MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 74 +++++++++++++++++++++++---- > 2 files changed, 67 insertions(+), 11 deletions(-) > if (MemoryMapEntry->PhysicalStart == 0 && PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0) { ASSERT (MemoryMapEntry->NumberOfPages > 0); // // Add EFI_MEMORY_RP attribute for page 0 if NULL pointer detection is // enabled. // [Ray] 1. I prefer to move the above comments before the "if (...)". SetUefiImageMemoryAttributes ( 0, EFI_PAGES_TO_SIZE (1), EFI_MEMORY_RP | Attributes); } if (StackBase != 0 && (StackBase >= MemoryMapEntry->PhysicalStart && StackBase < MemoryMapEntry->PhysicalStart + LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT)) && PcdGetBool (PcdCpuStackGuard)) { // // Add EFI_MEMORY_RP attribute for the first page of the stack if stack // guard is enabled. // SetUefiImageMemoryAttributes ( StackBase, EFI_PAGES_TO_SIZE (1), EFI_MEMORY_RP | Attributes); [Ray] 2. The StackBase is directly used here. So do we need to check whether it's page aligned? Do we need to check whether the range [StackBase, StackBase + 4KB) is inside the MemoryMapEntry? } -- Thanks, Ray