[edk2-devel] [NOT FOR MERGE v3 5/5] MdeModulePkg/DxeCore: add DEBUG code for memory attribute handling

Mon, 06 Feb 2023 14:21:24 -0800 

NOT FOR MERGE

Add some DEBUG code to double check that the memory attributes have been
modified as expected by the code that manages read-only and/or non-exec
permissions for page allocations and loaded images.
---
 MdeModulePkg/Core/Dxe/DxeMain.inf             |  1 +
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 79 +++++++++++++++++++-
 2 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf 
b/MdeModulePkg/Core/Dxe/DxeMain.inf
index 35d5bf0dee6f..87caff8289ee 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -154,6 +154,7 @@ [Protocols]
   gEfiHiiPackageListProtocolGuid                ## SOMETIMES_PRODUCES

   gEfiSmmBase2ProtocolGuid                      ## SOMETIMES_CONSUMES

   gEdkiiPeCoffImageEmulatorProtocolGuid         ## SOMETIMES_CONSUMES

+  gEfiMemoryAttributeProtocolGuid               ## SOMETIMES_CONSUMES

 

   # Arch Protocols

   gEfiBdsArchProtocolGuid                       ## CONSUMES

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c 
b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index b89ab046fa73..18b5a1d2b69d 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Guid/MemoryAttributesTable.h>

 

 #include <Protocol/FirmwareVolume2.h>

+#include <Protocol/MemoryAttribute.h>

 #include <Protocol/SimpleFileSystem.h>

 

 #include "DxeMain.h"

@@ -66,6 +67,8 @@ extern LIST_ENTRY  mGcdMemorySpaceMap;
 

 STATIC LIST_ENTRY  mProtectedImageRecordList;

 

+EFI_MEMORY_ATTRIBUTE_PROTOCOL  *mMemoryAttribute;

+

 /**

   Sort code section in image record, based upon CodeSegmentBase from low to 
high.

 

@@ -226,6 +229,33 @@ SetUefiImageMemoryAttributes (
 

   ASSERT (gCpu != NULL);

   gCpu->SetMemoryAttributes (gCpu, BaseAddress, Length, FinalAttributes);

+

+  DEBUG_CODE_BEGIN ();

+

+    UINT64                                OldAttributes;

+    EFI_STATUS                            Status;

+

+    if (mMemoryAttribute != NULL) {

+      Status = mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute,

+                                                      BaseAddress,

+                                                      Length,

+                                                      &OldAttributes

+                                                      );

+      ASSERT_EFI_ERROR (Status);

+

+      FinalAttributes &= EFI_MEMORY_ATTRIBUTE_MASK;

+      if (FinalAttributes != OldAttributes) {

+        DEBUG ((DEBUG_WARN,

+                "%a: Expected 0x%llx for new attributes, actual 0x%llx\n",

+                __FUNCTION__,

+                FinalAttributes,

+                OldAttributes

+                ));

+        ASSERT (FALSE);

+      }

+    }

+

+  DEBUG_CODE_END ();

 }

 

 /**

@@ -995,6 +1025,16 @@ MemoryProtectionCpuArchProtocolNotify (
     goto Done;

   }

 

+  DEBUG_CODE_BEGIN ();

+    //

+    // Grab a reference to the EFI memory attributes table if it exists

+    //

+    CoreLocateProtocol (&gEfiMemoryAttributeProtocolGuid,

+                        NULL,

+                        (VOID **)&mMemoryAttribute

+                        );

+  DEBUG_CODE_END ();

+

   //

   // Apply the memory protection policy on non-BScode/RTcode regions.

   //

@@ -1246,8 +1286,9 @@ ApplyMemoryProtectionPolicy (
   IN  UINT64                Length

   )

 {

-  UINT64  OldAttributes;

-  UINT64  NewAttributes;

+  UINT64      OldAttributes;

+  UINT64      NewAttributes;

+  EFI_STATUS  Status;

 

   //

   // The policy configured in PcdDxeNxMemoryProtectionPolicy

@@ -1313,5 +1354,37 @@ ApplyMemoryProtectionPolicy (
     return EFI_SUCCESS;

   }

 

-  return gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);

+  Status = gCpu->SetMemoryAttributes (gCpu, Memory, Length, NewAttributes);

+  if (EFI_ERROR (Status)) {

+    return Status;

+  }

+

+  DEBUG_CODE_BEGIN ();

+

+    //

+    // If available, use the EFI memory attribute protocol to double

+    // check that the entire region has the expected attributes.

+    //

+    if (mMemoryAttribute != NULL) {

+      Status = mMemoryAttribute->GetMemoryAttributes (mMemoryAttribute,

+                                                      Memory,

+                                                      Length,

+                                                      &OldAttributes

+                                                      );

+      ASSERT_EFI_ERROR (Status);

+

+      if (OldAttributes != NewAttributes) {

+        DEBUG ((DEBUG_WARN,

+                "%a: Expected 0x%llx for new attributes, actual 0x%llx\n",

+                __FUNCTION__,

+                NewAttributes,

+                OldAttributes

+                ));

+        ASSERT (FALSE);

+      }

+    }

+

+  DEBUG_CODE_END ();

+

+  return EFI_SUCCESS;

 }

-- 
2.39.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99705): https://edk2.groups.io/g/devel/message/99705
Mute This Topic: https://groups.io/mt/96795082/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to