In UnsetGuardPage(), before SmmReadyToLock, remove NX and RO memory attribute protection for guarded page since EfiConventionalMemory in SMRAM is RW and executable before SmmReadyToLock. If UnsetGuardPage() happens after SmmReadyToLock, then apply EFI_MEMORY_XP to the guarded page to make sure EfiConventionalMemory in SMRAM is NX since EfiConventionalMemory in SMRAM is marked as NX in PiSmmCpuDxe driver when SmmReadyToLock.
Signed-off-by: Dun Tan <dun....@intel.com> Cc: Liming Gao <gaolim...@byosoft.com.cn> Cc: Ray Ni <ray...@intel.com> Cc: Jian J Wang <jian.j.w...@intel.com> Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> --- MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c index 8f3bab6fee..25310122ca 100644 --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c @@ -553,9 +553,23 @@ UnsetGuardPage ( mSmmMemoryAttribute, BaseAddress, EFI_PAGE_SIZE, - EFI_MEMORY_RP + EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP ); ASSERT_EFI_ERROR (Status); + + if (gST == NULL) { + // + // Make sure EfiConventionalMemory is NX after SmmReadyToLock + // + Status = mSmmMemoryAttribute->SetMemoryAttributes ( + mSmmMemoryAttribute, + BaseAddress, + EFI_PAGE_SIZE, + EFI_MEMORY_XP + ); + ASSERT_EFI_ERROR (Status); + } + mOnGuarding = FALSE; } } -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105970): https://edk2.groups.io/g/devel/message/105970 Mute This Topic: https://groups.io/mt/99424820/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-