Re: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute protection in UnsetGuardPage

Fri, 16 Jun 2023 01:17:00 -0700 


Reviewed-by: Jian J Wang <[email protected]>

Regards,
Jian



> -----Original Message-----
> From: [email protected] <[email protected]> On Behalf Of duntan
> Sent: Friday, June 09, 2023 5:16 PM
> To: [email protected]
> Cc: Gao, Liming <[email protected]>; Ni, Ray <[email protected]>;
> Wang, Jian J <[email protected]>; Ard Biesheuvel
> <[email protected]>
> Subject: [edk2-devel] [Patch V6 02/14] MdeModulePkg: Remove other attribute
> protection in UnsetGuardPage
> 
> In UnsetGuardPage(), before SmmReadyToLock, remove NX and RO
> memory attribute protection for guarded page since
> EfiConventionalMemory in SMRAM is RW and executable before
> SmmReadyToLock. If UnsetGuardPage() happens after SmmReadyToLock,
> then apply EFI_MEMORY_XP to the guarded page to make sure
> EfiConventionalMemory in SMRAM is NX since EfiConventionalMemory
> in SMRAM is marked as NX in PiSmmCpuDxe driver when SmmReadyToLock.
> 
> Signed-off-by: Dun Tan <[email protected]>
> Cc: Liming Gao <[email protected]>
> Cc: Ray Ni <[email protected]>
> Cc: Jian J Wang <[email protected]>
> Cc: Ard Biesheuvel <[email protected]>
> ---
>  MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 16 +++++++++++++++-
>  1 file changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> index 8f3bab6fee..25310122ca 100644
> --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c
> @@ -553,9 +553,23 @@ UnsetGuardPage (
>                                           mSmmMemoryAttribute,
>                                           BaseAddress,
>                                           EFI_PAGE_SIZE,
> -                                         EFI_MEMORY_RP
> +                                         
> EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP
>                                           );
>      ASSERT_EFI_ERROR (Status);
> +
> +    if (gST == NULL) {
> +      //
> +      // Make sure EfiConventionalMemory is NX after SmmReadyToLock
> +      //
> +      Status = mSmmMemoryAttribute->SetMemoryAttributes (
> +                                      mSmmMemoryAttribute,
> +                                      BaseAddress,
> +                                      EFI_PAGE_SIZE,
> +                                      EFI_MEMORY_XP
> +                                      );
> +      ASSERT_EFI_ERROR (Status);
> +    }
> +
>      mOnGuarding = FALSE;
>    }
>  }
> --
> 2.31.1.windows.1
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106142): https://edk2.groups.io/g/devel/message/106142
Mute This Topic: https://groups.io/mt/99424820/21656
Group Owner: [email protected]
Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to