NULL Pointer Protection in EDK II

Zero address is considered as an invalid address in most programs. However, in x86 systems, the zero address is valid address in legacy BIOS because the 16bit interrupt vector table (IVT) is at address zero. In current UEFI firmware, zero address is always mapped.

We can do some enhancement here. Once the 16bit legacy support is dropped in UEFI firmware, it is possible to mark the first 4K page at address zero to be invalid for X86 system. Then, we can catch the zero address reference if a program does not check memory allocation successful or not.

Since Compatible Support Module(CSM) or legacy boot needs to be disabled for OS compliance when using UEFI Secure Boot, few systems are seen in the market requiring this memory to be mapped at zero.

We define a gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask(https://github.com/tianocore/edk2/blob/master/MdeModulePkg/MdeModulePkg.dec). If the BIT0 of PcdNullPointerDetectionPropertyMask is set, the https://github.com/tianocore/edk2/tree/master/MdeModulePkg/Core/DxeIplPeim clears the PRESENT bit of the address zero page. As such, a Page Fault exception will be generated if some program access to address zero. The BIT1 of PcdNullPointerDetectionPropertyMask controls the NULL pointer detection in System Management Mode (SMM) environment, it is referred by https://github.com/tianocore/edk2/tree/master/UefiCpuPkg/PiSmmCpuDxeSmm. The BIT7 ofPcdNullPointerDetectionPropertyMask disables NULL pointer detection just after EndOfDxe. This is a workaround for those unsolvable NULL access issues in OptionROM, boot loader, etc. It can also help to avoid unnecessary exception caused by legacy memory (0-4095) access after EndOfDxe, such as Windows 7* boot on QEMU*. BIT7 is checked by https://github.com/tianocore/edk2/tree/master/MdeModulePkg/Core/Dxe.