MdeModulePkg/Core: fix feature conflict between NX and NULL detection

[mirror_edk2.git] / MdeModulePkg / Core / Dxe / Misc / MemoryProtection.c

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index e1e611ab7919408c5f44757da3d69fcfb49e6a03..a4705bc7ce343f002fb933829e9cecfaa3ec7987 100644 (file)
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -831,8 +831,11 @@ InitializeDxeNxMemoryProtectionPolicy (
   } while (Status == EFI_BUFFER_TOO_SMALL);\r
   ASSERT_EFI_ERROR (Status);\r
 \r
-  DEBUG((DEBUG_ERROR, "%a: applying strict permissions to active memory regions\n",\r
-    __FUNCTION__));\r
+  DEBUG ((\r
+    DEBUG_INFO,\r
+    "%a: applying strict permissions to active memory regions\n",\r
+    __FUNCTION__\r
+    ));\r
 \r
   MergeMemoryMapForProtectionPolicy (MemoryMap, &MemoryMapSize, DescriptorSize);\r
 \r
@@ -842,10 +845,24 @@ InitializeDxeNxMemoryProtectionPolicy (
 \r
     Attributes = GetPermissionAttributeForMemoryType (MemoryMapEntry->Type);\r
     if (Attributes != 0) {\r
-      SetUefiImageMemoryAttributes (\r
-        MemoryMapEntry->PhysicalStart,\r
-        LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT),\r
-        Attributes);\r
+      if (MemoryMapEntry->PhysicalStart == 0 &&\r
+          PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0) {\r
+\r
+        ASSERT (MemoryMapEntry->NumberOfPages > 0);\r
+        //\r
+        // Skip page 0 if NULL pointer detection is enabled to avoid attributes\r
+        // overwritten.\r
+        //\r
+        SetUefiImageMemoryAttributes (\r
+          MemoryMapEntry->PhysicalStart + EFI_PAGE_SIZE,\r
+          LShiftU64 (MemoryMapEntry->NumberOfPages - 1, EFI_PAGE_SHIFT),\r
+          Attributes);\r
+      } else {\r
+        SetUefiImageMemoryAttributes (\r
+          MemoryMapEntry->PhysicalStart,\r
+          LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT),\r
+          Attributes);\r
+      }\r
     }\r
     MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize);\r
   }\r
@@ -856,9 +873,11 @@ InitializeDxeNxMemoryProtectionPolicy (
   // accessible, but have not been added to the UEFI memory map (yet).\r
   //\r
   if (GetPermissionAttributeForMemoryType (EfiConventionalMemory) != 0) {\r
-    DEBUG((DEBUG_ERROR,\r
+    DEBUG ((\r
+      DEBUG_INFO,\r
       "%a: applying strict permissions to inactive memory regions\n",\r
-      __FUNCTION__));\r
+      __FUNCTION__\r
+      ));\r
 \r
     CoreAcquireGcdMemoryLock ();\r
 \r
@@ -1065,15 +1084,12 @@ CoreInitializeMemoryProtection (
   // - code regions should have no EFI_MEMORY_XP attribute\r
   // - EfiConventionalMemory and EfiBootServicesData should use the\r
   //   same attribute\r
-  // - heap guard should not be enabled for the same type of memory
   //\r
   ASSERT ((GetPermissionAttributeForMemoryType (EfiBootServicesCode) & EFI_MEMORY_XP) == 0);\r
   ASSERT ((GetPermissionAttributeForMemoryType (EfiRuntimeServicesCode) & EFI_MEMORY_XP) == 0);\r
   ASSERT ((GetPermissionAttributeForMemoryType (EfiLoaderCode) & EFI_MEMORY_XP) == 0);\r
   ASSERT (GetPermissionAttributeForMemoryType (EfiBootServicesData) ==\r
           GetPermissionAttributeForMemoryType (EfiConventionalMemory));\r
-  ASSERT ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & PcdGet64 (PcdHeapGuardPoolType)) == 0);
-  ASSERT ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & PcdGet64 (PcdHeapGuardPageType)) == 0);
 \r
   if (mImageProtectionPolicy != 0 || PcdGet64 (PcdDxeNxMemoryProtectionPolicy) != 0) {\r
     Status = CoreCreateEvent (\r