[edk2-devel] [PATCH v4 13/28] UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib

Taylor Beebe Tue, 19 Sep 2023 17:58:17 -0700

Update the DXE handoff logic in UefiPayloadPkg to use
SetMemoryProtectionsLib to fetch the platform memory protection
settings and reference them when creating the page tables.


Because the protection profile is equivalent to the PCD settings
even when the platform does not explicitly set a profile, this
updated does not cause a torn state.

Signed-off-by: Taylor Beebe <taylor.d.be...@gmail.com>
Cc: Guo Dong <guo.d...@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james...@intel.com>
Cc: Gua Guo <gua....@intel.com>
---
 UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c        | 11 +++++++++--
 UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c             |  2 ++
 UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c         |  8 ++++++--
 UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c       | 15 +++++++++------
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h        |  1 +
 UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf      |  9 +--------
 UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf |  9 +--------
 UefiPayloadPkg/UefiPayloadPkg.dsc                         | 12 ++++++++++++
 8 files changed, 41 insertions(+), 26 deletions(-)

diff --git a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c 
b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
index 61a9f01ec9e7..4ede962e6544 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c
@@ -78,6 +78,8 @@ GLOBAL_REMOVE_IF_UNREFERENCED  IA32_DESCRIPTOR  
gLidtDescriptor = {
   0
 };
 
+extern MEMORY_PROTECTION_SETTINGS  mMps;
+
 /**
   Allocates and fills in the Page Directory and Page Table Entries to
   establish a 4G page table.
@@ -227,11 +229,14 @@ ToBuildPageTable (
     return TRUE;
   }
 
-  if (PcdGet8 (PcdHeapGuardPropertyMask) != 0) {
+  if (mMps.Dxe.HeapGuard.PageGuardEnabled ||
+      mMps.Dxe.HeapGuard.PageGuardEnabled ||
+      mMps.Dxe.HeapGuard.FreedMemoryGuardEnabled)
+  {
     return TRUE;
   }
 
-  if (PcdGetBool (PcdCpuStackGuard)) {
+  if (mMps.Dxe.CpuStackGuardEnabled) {
     return TRUE;
   }
 
@@ -268,6 +273,8 @@ HandOffToDxeCore (
   UINT32                   Index;
   X64_IDT_TABLE            *IdtTableForX64;
 
+  GetCurrentMemoryProtectionSettings (&mMps);
+
   //
   // Clear page 0 and mark it as allocated if NULL pointer detection is 
enabled.
   //
diff --git a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c 
b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
index 898d610951fa..a4074346c059 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c
@@ -8,6 +8,8 @@
 
 #include "UefiPayloadEntry.h"
 
+MEMORY_PROTECTION_SETTINGS  mMps = { 0 };
+
 /**
   Allocate pages for code.
 
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c 
b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
index 346e3feb0459..002ae6e5ab97 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c
@@ -17,6 +17,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include "UefiPayloadEntry.h"
 #define STACK_SIZE  0x20000
 
+extern MEMORY_PROTECTION_SETTINGS  mMps;
+
 /**
    Transfers control to DxeCore.
 
@@ -40,6 +42,8 @@ HandOffToDxeCore (
   VOID   *GhcbBase;
   UINTN  GhcbSize;
 
+  GetCurrentMemoryProtectionSettings (&mMps);
+
   //
   // Clear page 0 and mark it as allocated if NULL pointer detection is 
enabled.
   //
@@ -83,8 +87,8 @@ HandOffToDxeCore (
     // Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE
     // for the DxeIpl and the DxeCore are both X64.
     //
-    ASSERT (PcdGetBool (PcdSetNxForStack) == FALSE);
-    ASSERT (PcdGetBool (PcdCpuStackGuard) == FALSE);
+    ASSERT (!mMps.Dxe.StackExecutionProtectionEnabled);
+    ASSERT (!mMps.Dxe.CpuStackGuardEnabled);
   }
 
   if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c 
b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
index 1899404b244c..6a986c82cc4b 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
+++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c
@@ -27,11 +27,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/MemoryAllocationLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
 #include <Library/PcdLib.h>
 #include <Library/HobLib.h>
 #include <Register/Intel/Cpuid.h>
 #include "VirtualMemory.h"
 
+extern MEMORY_PROTECTION_SETTINGS  mMps;
+
 //
 // Global variable to keep track current available memory used as page table.
 //
@@ -115,7 +118,7 @@ IsNullDetectionEnabled (
   VOID
   )
 {
-  return ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0);
+  return mMps.Dxe.NullPointerDetection.Enabled;
 }
 
 /**
@@ -169,9 +172,9 @@ IsEnableNonExecNeeded (
   // XD flag (BIT63) in page table entry is only valid if IA32_EFER.NXE is set.
   // Features controlled by Following PCDs need this feature to be enabled.
   //
-  return (PcdGetBool (PcdSetNxForStack) ||
-          PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0 ||
-          PcdGet32 (PcdImageProtectionPolicy) != 0);
+  return (mMps.Dxe.StackExecutionProtectionEnabled ||
+          !IsZeroBuffer (&mMps.Dxe.ExecutionProtection.EnabledForType, 
MPS_MEMORY_TYPE_BUFFER_SIZE) ||
+          (mMps.Dxe.ImageProtection.ProtectImageFromFv || 
mMps.Dxe.ImageProtection.ProtectImageFromUnknown));
 }
 
 /**
@@ -399,14 +402,14 @@ Split2MPageTo4K (
     PageTableEntry->Bits.ReadWrite = 1;
 
     if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
-        (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
+        (mMps.Dxe.CpuStackGuardEnabled && (PhysicalAddress4K == StackBase)))
     {
       PageTableEntry->Bits.Present = 0;
     } else {
       PageTableEntry->Bits.Present = 1;
     }
 
-    if (  PcdGetBool (PcdSetNxForStack)
+    if (  mMps.Dxe.StackExecutionProtectionEnabled
        && (PhysicalAddress4K >= StackBase)
        && (PhysicalAddress4K < StackBase + StackSize))
     {
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h 
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
index ad8a9fd22b66..c966f3583c77 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h
@@ -13,6 +13,7 @@
 
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/DebugLib.h>
 #include <Library/PeCoffLib.h>
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf 
b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
index e2af8a4b7c1b..589dd9d3a99c 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf
@@ -55,6 +55,7 @@ [LibraryClasses]
   PeCoffLib
   PlatformSupportLib
   CpuLib
+  SetMemoryProtectionsLib
 
 [Guids]
   gEfiMemoryTypeInformationGuid
@@ -76,9 +77,6 @@ [FeaturePcd.X64]
 [Pcd.IA32,Pcd.X64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ## 
SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## 
CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## 
CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask               ## 
CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                       ## 
CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                            ## 
CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize                            ## 
CONSUMES
 
@@ -91,8 +89,3 @@ [Pcd.IA32,Pcd.X64]
   gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType
   gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData
   gUefiPayloadPkgTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode
-
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## 
SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## 
SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## 
SOMETIMES_CONSUMES
-
diff --git a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf 
b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
index 5112cdc1e5df..3e99011e0ac6 100644
--- a/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
+++ b/UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
   HobLib
   PeCoffLib
   CpuLib
+  SetMemoryProtectionsLib
 
 [Guids]
   gEfiMemoryTypeInformationGuid
@@ -81,17 +82,9 @@ [Pcd.IA32,Pcd.X64]
   gUefiPayloadPkgTokenSpaceGuid.PcdPcdDriverFile
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ## 
SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ## 
CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## 
CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask               ## 
CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                       ## 
CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase                            ## 
CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize                            ## 
CONSUMES
 
   gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemBase
   gUefiPayloadPkgTokenSpaceGuid.PcdPayloadFdMemSize
   gUefiPayloadPkgTokenSpaceGuid.PcdSystemMemoryUefiRegionSize
-
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## 
SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## 
SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## 
SOMETIMES_CONSUMES
-
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc 
b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 47812048ddcf..b00d75ba08db 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -312,6 +312,18 @@ [LibraryClasses]
   CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
   
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
 
+#
+# Memory Protection Libraries
+#
+[LibraryClasses.common]
+  
SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
+
+[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER]
+  
GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
+
+[LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, 
LibraryClasses.common.UEFI_APPLICATION, LibraryClasses.common.UEFI_DRIVER]
+  
GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
+
 [LibraryClasses.common]
 !if $(BOOTSPLASH_IMAGE)
   SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108875): https://edk2.groups.io/g/devel/message/108875
Mute This Topic: https://groups.io/mt/101469951/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v4 13/28] UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib

Reply via email to