X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdeModulePkg%2FCore%2FDxe%2FMisc%2FMemoryProtection.c;h=a4705bc7ce343f002fb933829e9cecfaa3ec7987;hp=0fa89e4437f09c54b17db3b4e5c0221dbe0b2f69;hb=9b17c6511d50db493c49324aaf81c50c3676a111;hpb=a7181d952fcd0b03c423cef99b6e8bf93d9cb1f1

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index 0fa89e4437..a4705bc7ce 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -831,8 +831,11 @@ InitializeDxeNxMemoryProtectionPolicy (
   } while (Status == EFI_BUFFER_TOO_SMALL);
   ASSERT_EFI_ERROR (Status);
 
-  DEBUG((DEBUG_ERROR, "%a: applying strict permissions to active memory regions\n",
-    __FUNCTION__));
+  DEBUG ((
+    DEBUG_INFO,
+    "%a: applying strict permissions to active memory regions\n",
+    __FUNCTION__
+    ));
 
   MergeMemoryMapForProtectionPolicy (MemoryMap, &MemoryMapSize, DescriptorSize);
 
@@ -842,10 +845,24 @@ InitializeDxeNxMemoryProtectionPolicy (
 
     Attributes = GetPermissionAttributeForMemoryType (MemoryMapEntry->Type);
     if (Attributes != 0) {
-      SetUefiImageMemoryAttributes (
-        MemoryMapEntry->PhysicalStart,
-        LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT),
-        Attributes);
+      if (MemoryMapEntry->PhysicalStart == 0 &&
+          PcdGet8 (PcdNullPointerDetectionPropertyMask) != 0) {
+
+        ASSERT (MemoryMapEntry->NumberOfPages > 0);
+        //
+        // Skip page 0 if NULL pointer detection is enabled to avoid attributes
+        // overwritten.
+        //
+        SetUefiImageMemoryAttributes (
+          MemoryMapEntry->PhysicalStart + EFI_PAGE_SIZE,
+          LShiftU64 (MemoryMapEntry->NumberOfPages - 1, EFI_PAGE_SHIFT),
+          Attributes);
+      } else {
+        SetUefiImageMemoryAttributes (
+          MemoryMapEntry->PhysicalStart,
+          LShiftU64 (MemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT),
+          Attributes);
+      }
     }
     MemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize);
   }
@@ -856,9 +873,11 @@ InitializeDxeNxMemoryProtectionPolicy (
   // accessible, but have not been added to the UEFI memory map (yet).
   //
   if (GetPermissionAttributeForMemoryType (EfiConventionalMemory) != 0) {
-    DEBUG((DEBUG_ERROR,
+    DEBUG ((
+      DEBUG_INFO,
       "%a: applying strict permissions to inactive memory regions\n",
-      __FUNCTION__));
+      __FUNCTION__
+      ));
 
     CoreAcquireGcdMemoryLock ();