MdeModulePkg/DxeIpl: support more NX related PCDs

BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116

Currently IA32_EFER.NXE is only set against PcdSetNxForStack. This
confuses developers because following two other PCDs also need NXE
to be set, but actually not.

    PcdDxeNxMemoryProtectionPolicy
    PcdImageProtectionPolicy

This patch solves this issue by adding logic to enable IA32_EFER.NXE
if any of those PCDs have anything enabled.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Jian J Wang
2018-09-25 16:49:19 +08:00
parent b888c57a05
commit 5267926134
4 changed files with 76 additions and 34 deletions

View File

@@ -186,37 +186,6 @@ IsIa32PaeSupport (
return Ia32PaeSupport;
}
/**
The function will check if Execute Disable Bit is available.
@retval TRUE Execute Disable Bit is available.
@retval FALSE Execute Disable Bit is not available.
**/
BOOLEAN
IsExecuteDisableBitAvailable (
VOID
)
{
UINT32 RegEax;
UINT32 RegEdx;
BOOLEAN Available;
Available = FALSE;
AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
if (RegEax >= 0x80000001) {
AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
if ((RegEdx & BIT20) != 0) {
//
// Bit 20: Execute Disable Bit available.
//
Available = TRUE;
}
}
return Available;
}
/**
The function will check if page table should be setup or not.
@@ -245,7 +214,7 @@ ToBuildPageTable (
return TRUE;
}
if (PcdGetBool (PcdSetNxForStack) && IsExecuteDisableBitAvailable ()) {
if (IsEnableNonExecNeeded ()) {
return TRUE;
}
@@ -436,7 +405,7 @@ HandOffToDxeCore (
BuildPageTablesIa32Pae = ToBuildPageTable ();
if (BuildPageTablesIa32Pae) {
PageTables = Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE);
if (IsExecuteDisableBitAvailable ()) {
if (IsEnableNonExecNeeded ()) {
EnableExecuteDisableBit();
}
}