[edk2] [PATCH 5/6] MdeModulePkg/PiSmmCore: remove NX attr for SMM RAM

Jian J Wang posted 6 patches 6 years, 11 months ago
[edk2] [PATCH 5/6] MdeModulePkg/PiSmmCore: remove NX attr for SMM RAM
Posted by Jian J Wang 6 years, 11 months ago
If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory
of EfiReservedMemoryType, the BIOS will hang at a page fault exception
during starting SMM driver.

The root cause is that SMM RAM is type of EfiReservedMemoryType and
marked as non-executable. The fix is simply removing NX attribute for
those memory.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
index a7663ca291..94d671bd74 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
@@ -1550,6 +1550,7 @@ SmmIplEntry (
   EFI_CPU_ARCH_PROTOCOL           *CpuArch;
   EFI_STATUS                      SetAttrStatus;
   EFI_SMRAM_DESCRIPTOR            *SmramRangeSmmDriver;
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR MemDesc;
 
   //
   // Fill in the image handle of the SMM IPL so the SMM Core can use this as the 
@@ -1616,7 +1617,8 @@ SmmIplEntry (
 
     GetSmramCacheRange (mCurrentSmramRange, &mSmramCacheBase, &mSmramCacheSize);
     //
-    // If CPU AP is present, attempt to set SMRAM cacheability to WB
+    // If CPU AP is present, attempt to set SMRAM cacheability to WB and clear
+    // XP if it's set.
     // Note that it is expected that cacheability of SMRAM has been set to WB if CPU AP
     // is not available here.
     //
@@ -1630,7 +1632,19 @@ SmmIplEntry (
                       );
       if (EFI_ERROR (Status)) {
         DEBUG ((DEBUG_WARN, "SMM IPL failed to set SMRAM window to EFI_MEMORY_WB\n"));
-      }  
+      }
+
+      Status = gDS->GetMemorySpaceDescriptor(
+                      mCurrentSmramRange->PhysicalStart,
+                      &MemDesc
+                      );
+      if (!EFI_ERROR (Status) && (MemDesc.Attributes & EFI_MEMORY_XP) != 0) {
+        gDS->SetMemorySpaceAttributes (
+               mCurrentSmramRange->PhysicalStart,
+               mCurrentSmramRange->PhysicalSize,
+               MemDesc.Attributes & (~EFI_MEMORY_XP)
+               );
+      }
     }
     //
     // if Loading module at Fixed Address feature is enabled, save the SMRAM base to Load
-- 
2.15.1.windows.2

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 5/6] MdeModulePkg/PiSmmCore: remove NX attr for SMM RAM
Posted by Zeng, Star 6 years, 11 months ago
Reviewed-by: Star Zeng <star.zeng@intel.com>

-----Original Message-----
From: Wang, Jian J 
Sent: Monday, January 15, 2018 4:55 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Dong, Eric <eric.dong@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH 5/6] MdeModulePkg/PiSmmCore: remove NX attr for SMM RAM

If PcdDxeNxMemoryProtectionPolicy is set to enable protection for memory of EfiReservedMemoryType, the BIOS will hang at a page fault exception during starting SMM driver.

The root cause is that SMM RAM is type of EfiReservedMemoryType and marked as non-executable. The fix is simply removing NX attribute for those memory.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
index a7663ca291..94d671bd74 100644
--- a/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
+++ b/MdeModulePkg/Core/PiSmmCore/PiSmmIpl.c
@@ -1550,6 +1550,7 @@ SmmIplEntry (
   EFI_CPU_ARCH_PROTOCOL           *CpuArch;
   EFI_STATUS                      SetAttrStatus;
   EFI_SMRAM_DESCRIPTOR            *SmramRangeSmmDriver;
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR MemDesc;
 
   //
   // Fill in the image handle of the SMM IPL so the SMM Core can use this as the @@ -1616,7 +1617,8 @@ SmmIplEntry (
 
     GetSmramCacheRange (mCurrentSmramRange, &mSmramCacheBase, &mSmramCacheSize);
     //
-    // If CPU AP is present, attempt to set SMRAM cacheability to WB
+    // If CPU AP is present, attempt to set SMRAM cacheability to WB and clear
+    // XP if it's set.
     // Note that it is expected that cacheability of SMRAM has been set to WB if CPU AP
     // is not available here.
     //
@@ -1630,7 +1632,19 @@ SmmIplEntry (
                       );
       if (EFI_ERROR (Status)) {
         DEBUG ((DEBUG_WARN, "SMM IPL failed to set SMRAM window to EFI_MEMORY_WB\n"));
-      }  
+      }
+
+      Status = gDS->GetMemorySpaceDescriptor(
+                      mCurrentSmramRange->PhysicalStart,
+                      &MemDesc
+                      );
+      if (!EFI_ERROR (Status) && (MemDesc.Attributes & EFI_MEMORY_XP) != 0) {
+        gDS->SetMemorySpaceAttributes (
+               mCurrentSmramRange->PhysicalStart,
+               mCurrentSmramRange->PhysicalSize,
+               MemDesc.Attributes & (~EFI_MEMORY_XP)
+               );
+      }
     }
     //
     // if Loading module at Fixed Address feature is enabled, save the SMRAM base to Load
--
2.15.1.windows.2

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel