Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page

Fri, 09 Jun 2023 02:11:15 -0700 

Hi Ard,
Thanks for your question. This patch does cause a difference that NX 
protections maybe removed for some EfiConventionalMemory in SMRAM after 
SmmReadyToLock.

Before SmmReadyToLock, EfiConventionalMemory in SMRAM is always RW and 
executable.
When SmmReadyToLock, SetMemMapAttributes() in PiSmmCpuDxe driver applies 
EFI_MEMORY_XP  for EfiConventionalMemory in SMRAM.
With this patch, after SmmReadyToLock, if AllocatePage() and FreePage() is 
called and HeapGuard is enabled for smm, the guarded page(when ungarded) is 
marked as executable.

To solve this issue, I'll add code to apply EFI_MEMORY_XP to the guarded page 
to be freed in UnsetGuardPage() if it happens after SmmReadyToLock. Will send 
the V6 patch.

Thanks,
Dun

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
Sent: Thursday, June 8, 2023 8:18 PM
To: devel@edk2.groups.io; Tan, Dun <dun....@intel.com>
Cc: Gao, Liming <gaolim...@byosoft.com.cn>; Ni, Ray <ray...@intel.com>; Wang, 
Jian J <jian.j.w...@intel.com>
Subject: Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX 
protection when unset guard page

On Thu, 8 Jun 2023 at 04:28, duntan <dun....@intel.com> wrote:
>
> Remove RO and NX protection when unset guard page.
> When UnsetGuardPage(), remove all the memory attribute protection for 
> guarded page.
>

Why is it acceptable to remove NX protections here?


> Signed-off-by: Dun Tan <dun....@intel.com>
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> Cc: Ray Ni <ray...@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> ---
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c 
> b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> index 8f3bab6fee..7daeeccf13 100644
> --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> @@ -553,7 +553,7 @@ UnsetGuardPage (
>                                           mSmmMemoryAttribute,
>                                           BaseAddress,
>                                           EFI_PAGE_SIZE,
> -                                         EFI_MEMORY_RP
> +                                         
> + EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
>                                           );
>      ASSERT_EFI_ERROR (Status);
>      mOnGuarding = FALSE;
> --
> 2.31.1.windows.1
>
>
>
> 
>
>







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105967): https://edk2.groups.io/g/devel/message/105967
Mute This Topic: https://groups.io/mt/99399226/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to