Hi Ard, Thanks for your question. This patch does cause a difference that NX protections maybe removed for some EfiConventionalMemory in SMRAM after SmmReadyToLock.
Before SmmReadyToLock, EfiConventionalMemory in SMRAM is always RW and executable. When SmmReadyToLock, SetMemMapAttributes() in PiSmmCpuDxe driver applies EFI_MEMORY_XP for EfiConventionalMemory in SMRAM. With this patch, after SmmReadyToLock, if AllocatePage() and FreePage() is called and HeapGuard is enabled for smm, the guarded page(when ungarded) is marked as executable. To solve this issue, I'll add code to apply EFI_MEMORY_XP to the guarded page to be freed in UnsetGuardPage() if it happens after SmmReadyToLock. Will send the V6 patch. Thanks, Dun -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Ard Biesheuvel Sent: Thursday, June 8, 2023 8:18 PM To: [email protected]; Tan, Dun <[email protected]> Cc: Gao, Liming <[email protected]>; Ni, Ray <[email protected]>; Wang, Jian J <[email protected]> Subject: Re: [edk2-devel] [Patch V5 02/14] MdeModulePkg: Remove RO and NX protection when unset guard page On Thu, 8 Jun 2023 at 04:28, duntan <[email protected]> wrote: > > Remove RO and NX protection when unset guard page. > When UnsetGuardPage(), remove all the memory attribute protection for > guarded page. > Why is it acceptable to remove NX protections here? > Signed-off-by: Dun Tan <[email protected]> > Cc: Liming Gao <[email protected]> > Cc: Ray Ni <[email protected]> > Cc: Jian J Wang <[email protected]> > --- > MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > index 8f3bab6fee..7daeeccf13 100644 > --- a/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > +++ b/MdeModulePkg/Core/PiSmmCore/HeapGuard.c > @@ -553,7 +553,7 @@ UnsetGuardPage ( > mSmmMemoryAttribute, > BaseAddress, > EFI_PAGE_SIZE, > - EFI_MEMORY_RP > + > + EFI_MEMORY_RP|EFI_MEMORY_RO|EFI_MEMORY_XP > ); > ASSERT_EFI_ERROR (Status); > mOnGuarding = FALSE; > -- > 2.31.1.windows.1 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105967): https://edk2.groups.io/g/devel/message/105967 Mute This Topic: https://groups.io/mt/99399226/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
