From nobody Sun May 19 15:58:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99568+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99568+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675426264; cv=none; d=zohomail.com; s=zohoarc; b=G2riZKSWm3l1gxvouV7r4vODRCK91g6Q5NxlW96WQYQS6Jwb0j6Y7eQsvg3BP+pn6WCseChdCeV0qvnu9kjuQfs5YFrOnYnus/RgwEnlT/rJX0Ye2U+CVCR21OLCSjg+SIMzN6029wez/76AidD4DTmilEBSZ2KG973dTSuhKUE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675426264; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=huJmKavj7zPAcSKcV9eKRdnW0dlyhxAKysaC+id7gzk=; b=DWxbwIpfHyLjiVKsMF+OKJdnkmA1eoAGJLjss9dbGRWYX176Ehb/oFoY+SKCwk0N1TZY6XLTN0x7iGc6nMvioz5ofOopBSU4sgfSohoB01CyTeDadm8BloFGZ+Ztok5Q1qvxOUCUQmyhyQYtnpp9mvFBV/pCh5p4/l3a5VqLiE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99568+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426264728435.3037534512897; Fri, 3 Feb 2023 04:11:04 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id tpgeYY1788612xVruVvoXH8X; Fri, 03 Feb 2023 04:11:04 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.9005.1675426263632109785 for ; Fri, 03 Feb 2023 04:11:03 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3E3CE61ED2; Fri, 3 Feb 2023 12:11:03 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4DF14C4339C; Fri, 3 Feb 2023 12:11:00 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 1/7] MdePkg: Update MemoryAttributesTable to v2.10 Date: Fri, 3 Feb 2023 13:10:23 +0100 Message-Id: <20230203121029.2451394-2-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: mt7zq8s6KdGOFEOuUhqXjfVIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426264; bh=ZC7qfNr1IJ6q3Q9QKQhlk+iXw7GEx27XKDl+p1wwAXA=; h=Cc:Date:From:Reply-To:Subject:To; b=jQwcz1/taW0iPtu6aAtDZflHNc2rBWVY7uxYppXb0Lh5bCf6b3VOKJKG06Tdh+vUM8u kWYatMlb/Ep0x2lgZLB7KeDx6YsZjJIJowyT49wO9vqBjGu+KpdDZNKFeiEnj7fQN0V9H 7/JV2PcXYh9mLH7qKMg+KibbEK9mms+W+sw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426265082100006 Content-Type: text/plain; charset="utf-8" UEFI v2.10 introduces a new flag to the memory attributes table to inform the OS whether or not runtime services code regions were emitted by the compiler with guard instructions for forward edge control flow integrity enforcement. So update our definition accordingly. Signed-off-by: Ard Biesheuvel Reviewed-by: Michael D Kinney Acked-by: Michael Kubacki --- MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 2 +- MdePkg/Include/Guid/MemoryAttributesTable.h | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModule= Pkg/Core/Dxe/Misc/MemoryAttributesTable.c index e07921371187..82fa026bceb9 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -182,7 +182,7 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version =3D EFI_MEMORY_ATTRIBUTES_TABLE_V= ERSION; MemoryAttributesTable->NumberOfEntries =3D RuntimeEntryCount; MemoryAttributesTable->DescriptorSize =3D (UINT32)DescriptorSize; - MemoryAttributesTable->Reserved =3D 0; + MemoryAttributesTable->Flags =3D 0; DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n")); DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttrib= utesTable->Version)); DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttrib= utesTable->NumberOfEntries)); diff --git a/MdePkg/Include/Guid/MemoryAttributesTable.h b/MdePkg/Include/G= uid/MemoryAttributesTable.h index 82f83a67b96d..238c14ff92df 100644 --- a/MdePkg/Include/Guid/MemoryAttributesTable.h +++ b/MdePkg/Include/Guid/MemoryAttributesTable.h @@ -17,11 +17,15 @@ typedef struct { UINT32 Version; UINT32 NumberOfEntries; UINT32 DescriptorSize; - UINT32 Reserved; + UINT32 Flags; // EFI_MEMORY_DESCRIPTOR Entry[1]; } EFI_MEMORY_ATTRIBUTES_TABLE; =20 -#define EFI_MEMORY_ATTRIBUTES_TABLE_VERSION 0x00000001 +#define EFI_MEMORY_ATTRIBUTES_TABLE_VERSION 0x00000002 + +#define EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD 0x1 +// BIT0 implies that Runtime code includes the forward control flow guard +// instruction, such as X86 CET-IBT or ARM BTI. =20 extern EFI_GUID gEfiMemoryAttributesTableGuid; =20 --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99568): https://edk2.groups.io/g/devel/message/99568 Mute This Topic: https://groups.io/mt/96721182/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 15:58:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99569+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99569+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675426267; cv=none; d=zohomail.com; s=zohoarc; b=OKMJ253C19klFjz3HX3z3dyaIjn5m9Xa6ofdLW5TeP0yrIosn0ZIjwmY2xsz1sGlU0b+wM2zKhBJEuX3L8Of//WfB0AUVRl3ct3rrkdA056Efo3pOQljSxdcF4LDPL3PjhjIxX02iPVy+bYOiIh7u0YqEm6K2ougO1TUJUuoaVg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675426267; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=cJheVZzyq4/dQ0wDiSp+jVYI20FRPwQbmILxReT/10A=; b=Ckdw86Xq+FguLkl8CcgdAPMRHHXRgRJg12nNd2nbZB8CIryS2sm49lByB8/8OTRmTPvHZZ89m+tqnYTPSHf3S9waGlYV/4Od1Wsl+P36LFlkZDpDB9KCUC0rCy4t0KCX8crD7x/VJsMnheCFRRUxSKFnpUPbDcACwH8u2gbCSiI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99569+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426267304621.4674987565386; Fri, 3 Feb 2023 04:11:07 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id UhGMYY1788612xKAiNQlggRY; Fri, 03 Feb 2023 04:11:07 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.8771.1675426266509438266 for ; Fri, 03 Feb 2023 04:11:06 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0C3C361EE8; Fri, 3 Feb 2023 12:11:06 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1AA44C4339B; Fri, 3 Feb 2023 12:11:02 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 2/7] MdePkg/BasePeCoffLib: Move RISC-V definitions out of generic header Date: Fri, 3 Feb 2023 13:10:24 +0100 Message-Id: <20230203121029.2451394-3-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: rPNLGATQUaOFN7RyT0mHuJVCx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426267; bh=k+mW4d54hrh6BofAiQHuwOeL/wP9D4SzQgx/FtP+HfQ=; h=Cc:Date:From:Reply-To:Subject:To; b=RtA8SmhbzSOeZyljjDVvgF2mdcm0GmAC8xmmxBo57xXLfcdyIuP3CQr1tRRQoYMMwFv 0OF+HQb8Yp36AXGeQNuNAQ9m74qO7usBiYQHWjECHbCjjQcI9EGEFqvLuO9RxzI9X/FL5 ywHIpo+aGuhKI46bWw8ETvEPiOGl5DUI7VM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426269068100001 Content-Type: text/plain; charset="utf-8" Generic headers should only contain arch specific definitions if really needed, which is not the case for the RISC-V based opcode immediate parsing constants, so move them out of BasePeCoffLibInternals.h. Signed-off-by: Ard Biesheuvel --- MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h | 9 --------- MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h b/MdePkg= /Library/BasePeCoffLib/BasePeCoffLibInternals.h index aa86a54850c6..4a43ec236529 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h @@ -17,15 +17,6 @@ #include #include =20 -// -// Macro definitions for RISC-V architecture. -// -#define RV_X(x, s, n) (((x) >> (s)) & ((1<<(n))-1)) -#define RISCV_IMM_BITS 12 -#define RISCV_IMM_REACH (1LL< =20 +// +// Macro definitions for RISC-V architecture. +// +#define RV_X(x, s, n) (((x) >> (s)) & ((1<<(n))-1)) +#define RISCV_IMM_BITS 12 +#define RISCV_IMM_REACH (1LL< (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426274503730.9519896357892; Fri, 3 Feb 2023 04:11:14 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id u78gYY1788612xMMqCscEl6s; Fri, 03 Feb 2023 04:11:14 -0800 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.8774.1675426271823073355 for ; Fri, 03 Feb 2023 04:11:12 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8F6DFB82A72; Fri, 3 Feb 2023 12:11:09 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id DBB4DC433EF; Fri, 3 Feb 2023 12:11:05 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 3/7] MdePkg/BasePeCoffLib: Clean up stale Itanium references in comments Date: Fri, 3 Feb 2023 13:10:25 +0100 Message-Id: <20230203121029.2451394-4-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: BrCoEdmBM7BGVnFhlfSsYLt6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426274; bh=1qKjquWxGon6zdSJtWc7C91OyRMGEqqsSK85zP79ij4=; h=Cc:Date:From:Reply-To:Subject:To; b=iBWa1wPEqU/6kKbAZvmQ++pDX/VxmZjyM74OfTqUNbYd4yrw9x76qkDrW5+ghH/eLvP 7FN40/SEsMyI5ZP6c34B2yPfypg9641obot0bgPTU6rNoccCykiXw5UgMw4CmSRgrTIbe 56tkOnr2KfRI8VZozFAk5vM/9gvms7pHPGw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426275122100004 Content-Type: text/plain; charset="utf-8" The specialized relocation fixup handlers are used by ARM and RISC-V but not by IPF/Itanium anymore, so let's clean up the comments referring to Itanium. No code changes. Signed-off-by: Ard Biesheuvel --- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +- MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h | 8 +++----- MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c | 11 +++++------ 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/Bas= ePeCoffLib/BasePeCoff.c index 97a8aaf8c73d..85ada399e303 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -1901,7 +1901,7 @@ PeCoffLoaderRelocateImageForRuntime ( =20 default: // - // Only Itanium requires ConvertPeImage_Ex + // Perform architecture/ISA specific relocation. // Status =3D PeHotRelocateImageEx (Reloc, Fixup, &FixupData, Adj= ust); if (RETURN_ERROR (Status)) { diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h b/MdePkg= /Library/BasePeCoffLib/BasePeCoffLibInternals.h index 4a43ec236529..a29a6febe98f 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h @@ -18,8 +18,7 @@ #include =20 /** - Performs an Itanium-based specific relocation fixup and is a no-op on ot= her - instruction sets. + Performs an architecture/ISA specific relocation fixup. =20 @param Reloc The pointer to the relocation record. @param Fixup The pointer to the address to fix up. @@ -38,9 +37,8 @@ PeCoffLoaderRelocateImageEx ( ); =20 /** - Performs an Itanium-based specific re-relocation fixup and is a no-op on= other - instruction sets. This is used to re-relocated the image into the EFI vi= rtual - space for runtime calls. + Performs an architecture/ISA specific re-relocation fixup. This is used = to + re-relocate the image into the EFI virtual space for runtime calls. =20 @param Reloc The pointer to the relocation record. @param Fixup The pointer to the address to fix up. diff --git a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c b/MdePkg/Library= /BasePeCoffLib/PeCoffLoaderEx.c index 1a806dd62db6..f7cade4d7d4e 100644 --- a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c +++ b/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c @@ -1,5 +1,6 @@ /** @file - Specific relocation fixups for none Itanium architecture. + NULL implementations of architecture/ISA Specific relocation handlers, + for architectures/ISAs that only use the generic PE/COFF relocation type= s. =20 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -9,8 +10,7 @@ #include "BasePeCoffLibInternals.h" =20 /** - Performs an Itanium-based specific relocation fixup and is a no-op on ot= her - instruction sets. + Performs an architecture/ISA specific relocation fixup. =20 @param Reloc The pointer to the relocation record. @param Fixup The pointer to the address to fix up. @@ -59,9 +59,8 @@ PeCoffLoaderImageFormatSupported ( } =20 /** - Performs an Itanium-based specific re-relocation fixup and is a no-op on= other - instruction sets. This is used to re-relocated the image into the EFI vi= rtual - space for runtime calls. + Performs an architecture/ISA specific re-relocation fixup. This is used = to + re-relocate the image into the EFI virtual space for runtime calls. =20 @param Reloc The pointer to the relocation record. @param Fixup The pointer to the address to fix up. --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99571): https://edk2.groups.io/g/devel/message/99571 Mute This Topic: https://groups.io/mt/96721187/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 15:58:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99570+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99570+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675426272; cv=none; d=zohomail.com; s=zohoarc; b=EFb5zgGZPz96bEx9R9HhfP4RNEVQh7kHFfkU7q8VEt7+n859/F+qwBihM/rDQ8w/pO1tnjPWrsrf5qjARVxow3u2YClRAnzmCHJ3zOqza2pZng9juMFfPBHJUMOI091DF6IUE8UaeNoAfOVu5QeeVVjKoR8/48P+WSIxmKkRULk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675426272; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=VEDh5c9tQRu6vx0c2RJ5XGdd8Ru511FNzvExpZlqEis=; b=eYr3MOxFRAoZvcpAv5U0qfNW1CUVH4cKYwA6zNR2wSLjTAo5u3yxXIOi/FTJch5XrBOUglk7MFlPNg+/jlcAMjkb22ScWp3NF/sxg//OTY1FankpuHPVNEqG0MUwUQrYVua8N4fMBxib/Cw9QCgvPok6jFrOOK7QmqfGdy/enLI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99570+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426272933472.21125502319023; Fri, 3 Feb 2023 04:11:12 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id rBqzYY1788612xa5rjmakcKP; Fri, 03 Feb 2023 04:11:12 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.8775.1675426272139983590 for ; Fri, 03 Feb 2023 04:11:12 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9BB4161F0E; Fri, 3 Feb 2023 12:11:11 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id A7F59C433A1; Fri, 3 Feb 2023 12:11:08 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support Date: Fri, 3 Feb 2023 13:10:26 +0100 Message-Id: <20230203121029.2451394-5-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: cFuQffNFqkl4toWMp4bCynqsx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426272; bh=JvlilYzrEq0JUHTylIQ2wjU6bvBFTxWBLgF/8JSPAws=; h=Cc:Date:From:Reply-To:Subject:To; b=DeTzxFhc0E061rvzVR7E1yrBZpTl6MfbnDqvOUUatkChjX9VPj7gc9ZnLFtD8ba3evz 7D24XGd3YCkfDo9EbXcNngCE4+oMFP4SCOWdKTcOLEF0Jom5HS/e8jWjkzrZFDJ1KpK5G Uh/OmavFDepCqA20bp82cS3EM4lbdoHWPMA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426275108100002 Content-Type: text/plain; charset="utf-8" Add an internal helper that detects whether or not a loaded PE/COFF image was built with support for forward edge control flow guards. The default implementation will return FALSE, architectures can specialize this based on arch specific criteria. Signed-off-by: Ard Biesheuvel --- MdePkg/Include/Library/PeCoffLib.h | 5 +++++ MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c | 16 +++++++++++++= +++ MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 7 +++++-- MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h | 13 +++++++++++++ MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c | 16 +++++++++++++= +++ MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c | 16 +++++++++++++= +++ MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c | 16 +++++++++++++= +++ 7 files changed, 87 insertions(+), 2 deletions(-) diff --git a/MdePkg/Include/Library/PeCoffLib.h b/MdePkg/Include/Library/Pe= CoffLib.h index b45879453785..98988e566001 100644 --- a/MdePkg/Include/Library/PeCoffLib.h +++ b/MdePkg/Include/Library/PeCoffLib.h @@ -182,6 +182,11 @@ typedef struct { /// BOOLEAN IsTeImage; /// + /// Set by PeCoffLoaderGetImageInfo() to TRUE if the image's entrypoint = has + /// a forward control flow guard instruction, such as ENDBR on X86 for I= BT. + /// + BOOLEAN HasForwardControlFlowGuards; + /// /// Set by PeCoffLoaderLoadImage() to the HII resource offset /// if the image contains a custom PE/COFF resource with the type 'HII'. /// Otherwise, the entry remains to be 0. diff --git a/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c b/MdePkg/Lib= rary/BasePeCoffLib/Arm/PeCoffLoaderEx.c index 595377bed661..82d9f548ca54 100644 --- a/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c +++ b/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c @@ -234,3 +234,19 @@ PeHotRelocateImageEx ( =20 return RETURN_SUCCESS; } + +/** + Returns whether the image implements forward control flow guards. + + @param ImageContext The context of the image being loaded. + + @return TRUE if the image implements forward control flow guards + +**/ +BOOLEAN +PeCoffLoaderCheckForwardControlFlowGuards ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/Bas= ePeCoffLib/BasePeCoff.c index 85ada399e303..8886b3d3feff 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c @@ -545,8 +545,9 @@ PeCoffLoaderGetPeHeader ( Retrieves information about a PE/COFF image. =20 Computes the PeCoffHeaderOffset, IsTeImage, ImageType, ImageAddress, Ima= geSize, - DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders= , and - DebugDirectoryEntryRva fields of the ImageContext structure. + DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders, + DebugDirectoryEntryRva and HasForwardControlFlowGuards fields of the + ImageContext structure. If ImageContext is NULL, then return RETURN_INVALID_PARAMETER. If the PE/COFF image accessed through the ImageRead service in the Image= Context structure is not a supported PE/COFF image type, then return RETURN_UNSU= PPORTED. @@ -1429,6 +1430,8 @@ PeCoffLoaderLoadImage ( ); } =20 + ImageContext->HasForwardControlFlowGuards =3D PeCoffLoaderCheckForwardCo= ntrolFlowGuards (ImageContext); + // // Determine the size of the fixup data // diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h b/MdePkg= /Library/BasePeCoffLib/BasePeCoffLibInternals.h index a29a6febe98f..3bf1b7f535fd 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h @@ -119,4 +119,17 @@ PeCoffLoaderImageAddress ( IN UINTN TeStrippedOffset ); =20 +/** + Returns whether the image implements forward control flow guards. + + @param ImageContext The context of the image being loaded. + + @return TRUE if the image implements forward control flow guards + +**/ +BOOLEAN +PeCoffLoaderCheckForwardControlFlowGuards ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext + ); + #endif diff --git a/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c b/MdeP= kg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c index 417096f33493..b3d01f0a4be9 100644 --- a/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c +++ b/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c @@ -135,3 +135,19 @@ PeHotRelocateImageEx ( // To check return PeCoffLoaderRelocateImageEx (Reloc, Fixup, FixupData, Adjust); } + +/** + Returns whether the image implements forward control flow guards. + + @param ImageContext The context of the image being loaded. + + @return TRUE if the image implements forward control flow guards + +**/ +BOOLEAN +PeCoffLoaderCheckForwardControlFlowGuards ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c b/MdePkg/Library= /BasePeCoffLib/PeCoffLoaderEx.c index f7cade4d7d4e..43f346e0aadb 100644 --- a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c +++ b/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c @@ -80,3 +80,19 @@ PeHotRelocateImageEx ( { return RETURN_UNSUPPORTED; } + +/** + Returns whether the image implements forward control flow guards. + + @param ImageContext The context of the image being loaded. + + @return TRUE if the image implements forward control flow guards + +**/ +BOOLEAN +PeCoffLoaderCheckForwardControlFlowGuards ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c b/MdePkg/L= ibrary/BasePeCoffLib/RiscV/PeCoffLoaderEx.c index 71daf7fe4554..88dc9bd9b89e 100644 --- a/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c +++ b/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c @@ -143,3 +143,19 @@ PeHotRelocateImageEx ( { return RETURN_UNSUPPORTED; } + +/** + Returns whether the image implements forward control flow guards. + + @param ImageContext The context of the image being loaded. + + @return TRUE if the image implements forward control flow guards + +**/ +BOOLEAN +PeCoffLoaderCheckForwardControlFlowGuards ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + ) +{ + return FALSE; +} --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99570): https://edk2.groups.io/g/devel/message/99570 Mute This Topic: https://groups.io/mt/96721186/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 15:58:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99572+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99572+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675426277; cv=none; d=zohomail.com; s=zohoarc; b=mgHVGRp3wEsqt2pw2XZ9cTmPWQOGbc2RDsrG82xEfwjQfQAnEbhyTSMQpLKYXYMuRcqKuYWAdTGhhtb7pqeOJFrW3bPO0nxpjswdAKaEWqhjMvyw7mHyfLx1h8wOrtR9d7gxVxH9AOrnCDIZArnMNT9w/WE1EN1mENL0Wx+kayA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675426277; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=mcCzOSXOsQeYCoVNvoL2jSRp2kypZwJoJLUzcJtu5Pc=; b=dCex43lNyx1KaDgnBpA6WSenhd25QIlV7wnbzWL/wpd5IPuOBNcLAz4dmMUJYoM+jWXUTGsGScvEZrKQTJNrI+R5dS5nCiLSvnlcnFiQ0GPn7uEhUAxVLBirBvgQSq68d5mezFxj4wwM61mGrah7oOxXj3k/Q6JXN8RugyjR/HM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99572+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426277739299.76593236406484; Fri, 3 Feb 2023 04:11:17 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id G2HkYY1788612xitvbh0mGNV; Fri, 03 Feb 2023 04:11:17 -0800 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.8778.1675426276577629528 for ; Fri, 03 Feb 2023 04:11:17 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E6FBDB82A8C; Fri, 3 Feb 2023 12:11:14 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A79EC433D2; Fri, 3 Feb 2023 12:11:11 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64: Implement fwd control flow guard detection Date: Fri, 3 Feb 2023 13:10:27 +0100 Message-Id: <20230203121029.2451394-6-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: EnM61zuNwARf3shJyBLjxj7Fx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426277; bh=yLVv0mDJe3NNnwl0mmkmyeQV5ignLOQco5VbR56Z99c=; h=Cc:Date:From:Reply-To:Subject:To; b=H7fa+m566okuP6UYwOVBsPMvmKMVDS1+n77QRhM3ZKJPQJSpl0Awzie6/KngNdpOMVv +gv2NnP3rARZPtEpzUhI9Kdm8GoI0Bw/+yZUXnpMpBoyjrPS/4J+95NuR//NI4mu7TU60 9EX/Bu30Gl6rM7X/S/SJSZb5Yx0zBIq5Rgk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426279145100002 Content-Type: text/plain; charset="utf-8" Add the check to infer from the instruction opcode at the image entrypoint whether or not forward edge control flow guards were emitted by the compiler at build time. Given that an image entry point is invoked indirectly by construction, its entrypoint must have such a guard instruction there if it implements support for forward edge control flow enforcement such as IBT or BTI. Signed-off-by: Ard Biesheuvel --- MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c | 103 ++++++++++++++= ++++++ MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf | 5 +- 2 files changed, 107 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c b/MdePkg= /Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c new file mode 100644 index 000000000000..d25b11109dbc --- /dev/null +++ b/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c @@ -0,0 +1,103 @@ +/** @file + AArch64 implementations of architecture/ISA Specific relocation handlers. + + Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2023, Google LLC. Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "BasePeCoffLibInternals.h" + +/** + Performs an architecture/ISA specific relocation fixup. + + @param Reloc The pointer to the relocation record. + @param Fixup The pointer to the address to fix up. + @param FixupData The pointer to a buffer to log the fixups. + @param Adjust The offset to adjust the fixup. + + @return Status code. + +**/ +RETURN_STATUS +PeCoffLoaderRelocateImageEx ( + IN UINT16 *Reloc, + IN OUT CHAR8 *Fixup, + IN OUT CHAR8 **FixupData, + IN UINT64 Adjust + ) +{ + return RETURN_UNSUPPORTED; +} + +/** + Returns TRUE if the machine type of PE/COFF image is supported. Supported + does not mean the image can be executed it means the PE/COFF loader supp= orts + loading and relocating of the image type. It's up to the caller to suppo= rt + the entry point. + + @param Machine The machine type from the PE Header. + + @return TRUE if this PE/COFF loader can load the image + +**/ +BOOLEAN +PeCoffLoaderImageFormatSupported ( + IN UINT16 Machine + ) +{ + if ((Machine =3D=3D IMAGE_FILE_MACHINE_I386) || (Machine =3D=3D IMAGE_FI= LE_MACHINE_X64) || + (Machine =3D=3D IMAGE_FILE_MACHINE_EBC) || (Machine =3D=3D IMAGE_FIL= E_MACHINE_ARM64)) + { + return TRUE; + } + + return FALSE; +} + +/** + Performs an architecture/ISA specific re-relocation fixup. This is used = to + re-relocate the image into the EFI virtual space for runtime calls. + + @param Reloc The pointer to the relocation record. + @param Fixup The pointer to the address to fix up. + @param FixupData The pointer to a buffer to log the fixups. + @param Adjust The offset to adjust the fixup. + + @return Status code. + +**/ +RETURN_STATUS +PeHotRelocateImageEx ( + IN UINT16 *Reloc, + IN OUT CHAR8 *Fixup, + IN OUT CHAR8 **FixupData, + IN UINT64 Adjust + ) +{ + return RETURN_UNSUPPORTED; +} + +/** + Returns whether the image implements forward control flow guards. + + @param ImageContext The context of the image being loaded. + + @return TRUE if the image implements forward control flow guards + +**/ +BOOLEAN +PeCoffLoaderCheckForwardControlFlowGuards ( + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext + ) +{ + CONST UINT32 *Opcode; + + Opcode =3D (UINT32 *)(UINTN)ImageContext->EntryPoint; + + // + // Check whether the opcode is BTI C or BTI CJ + // + return ((*Opcode & 0xffffff7f) =3D=3D 0xd503245f); +} diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf b/MdePkg/Librar= y/BasePeCoffLib/BasePeCoffLib.inf index 3b8b8eb1917d..8b720bd6e006 100644 --- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf +++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf @@ -39,12 +39,15 @@ [Sources] BasePeCoffLibInternals.h BasePeCoff.c =20 -[Sources.IA32, Sources.X64, Sources.EBC, Sources.AARCH64] +[Sources.IA32, Sources.X64, Sources.EBC] PeCoffLoaderEx.c =20 [Sources.ARM] Arm/PeCoffLoaderEx.c =20 +[Sources.AARCH64] + AArch64/PeCoffLoaderEx.c + [Sources.RISCV64] RiscV/PeCoffLoaderEx.c =20 --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99572): https://edk2.groups.io/g/devel/message/99572 Mute This Topic: https://groups.io/mt/96721189/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 15:58:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99573+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99573+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675426278; cv=none; d=zohomail.com; s=zohoarc; b=FxBrr3UJLXvZIdV7WvmPxKKC+9EiXpClkbTJm+p7vAgKapduwPJHyL1ADxGsKxDtDnvYF5cLE26GicHzOIH6HhNQJs2WOAAPj1EAMWeL/kPuoZJNpNqwr3VS9TBngGX9voeDj6IvxncZ4G+nRocfHt3nUaaKxDxnIf7QHaGeV4c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675426278; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=FgU81FxqxXqyOfDXW4J53goz+KsFmx6T7HwZbvkHCTc=; b=QYonnX3UqvlRDojGWKjd9UBQ54gHFCqKYnoh8yutCK4f3nQF8WQDLs0HFrMCRSADz/DInG25LZKtJ9vttC4Y2TCuD8R8o4JEEqIWD2Rxw64aCPlqPcO9lMWYuG2BnglTUgPPpeSX9+F5xwEISHT5aqRU0VVzOM/wQjhzNf5UGe4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99573+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426278558968.3934576000333; Fri, 3 Feb 2023 04:11:18 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id P7AWYY1788612xV8I2CjoPzc; Fri, 03 Feb 2023 04:11:18 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.9006.1675426277723602966 for ; Fri, 03 Feb 2023 04:11:17 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3929B61F09; Fri, 3 Feb 2023 12:11:17 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 485C4C433EF; Fri, 3 Feb 2023 12:11:14 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 6/7] MdeModulePkg: Enable forward edge CFI in mem attributes table Date: Fri, 3 Feb 2023 13:10:28 +0100 Message-Id: <20230203121029.2451394-7-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: z5sSLJ8a9hHmQlvyAqiMNWAIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426278; bh=c4n2rQ6bDbqD3dB73a0uNN1HD5KiaUfl8N0EIm4tlEA=; h=Cc:Date:From:Reply-To:Subject:To; b=IxXdwopQUFTI040wyQuFgWM9NgyJ51ZI7DVsNNEF0kBhTmJc6EtKY8Q/09P9lFW2eV0 hMCrX87LAoOgcQARoyvOIgPE7k3zIJlXRNA/c+89nk9FJEy2aA8Vz57D9dPR6Ux+1c9fR z25N0Q7CqzRjrNJge3w0jkeVkdsLRpuxB74= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426279156100004 Content-Type: text/plain; charset="utf-8" The memory attributes table has been extended with a flag that indicates whether or not the OS is permitted to map the EFI runtime code regions with strict enforcement for IBT/BTI landing pad instructions. The PE/COFF loader will now keep track of whether loaded images are constructed in the expected manner, so set the new flag if all loaded runtime images were constructed with forward edge control flow guards. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/DxeMain.h | 2 ++ MdeModulePkg/Core/Dxe/Image/Image.c | 9 +++++++++ MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 +++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index 815a6b4bd844..427a5fc78f72 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformat= ion[EfiMaxMemoryType + 1] extern BOOLEAN gDispatcherRunning; extern EFI_RUNTIME_ARCH_PROTOCOL gRuntimeTemplate; =20 +extern BOOLEAN gMemoryAttributesTableForwardCfi; + extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE gLoadModuleAtFixAddress= ConfigurationTable; extern BOOLEAN gLoadFixedAddressCodeMe= moryReady; // diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Im= age/Image.c index 06cc6744b8c6..eac0b859a7f7 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -1398,6 +1398,15 @@ CoreLoadImageCommon ( CoreNewDebugImageInfoEntry (EFI_DEBUG_IMAGE_INFO_TYPE_NORMAL, &Image->= Info, Image->Handle); } =20 + // + // If we loaded a runtime DXE driver, take into account whether or not i= t was built + // with forward edge control flow guards. We can only expose support for= forward edge + // control flow to the OS if all loaded runtime images support it. + // + if (Image->ImageContext.ImageCodeMemoryType =3D=3D EfiRuntimeServicesCod= e) { + gMemoryAttributesTableForwardCfi &=3D Image->ImageContext.HasForwardCo= ntrolFlowGuards; + } + // // Reinstall loaded image protocol to fire any notifications // diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModule= Pkg/Core/Dxe/Misc/MemoryAttributesTable.c index 82fa026bceb9..d6983f830452 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -89,6 +89,7 @@ BOOLEAN mMemoryAttributesTableEnable= =3D TRUE; BOOLEAN mMemoryAttributesTableEndOfDxe =3D FALSE; EFI_MEMORY_ATTRIBUTES_TABLE *mMemoryAttributesTable =3D NULL; BOOLEAN mMemoryAttributesTableReadyToBoot =3D FALSE; +BOOLEAN gMemoryAttributesTableForwardCfi =3D TRUE; =20 /** Install MemoryAttributesTable. @@ -182,11 +183,16 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version =3D EFI_MEMORY_ATTRIBUTES_TABLE_V= ERSION; MemoryAttributesTable->NumberOfEntries =3D RuntimeEntryCount; MemoryAttributesTable->DescriptorSize =3D (UINT32)DescriptorSize; - MemoryAttributesTable->Flags =3D 0; + if (gMemoryAttributesTableForwardCfi) { + MemoryAttributesTable->Flags =3D EFI_MEMORY_ATTRIBUTES_FLAGS_R= T_FORWARD_CONTROL_FLOW_GUARD; + } else { + MemoryAttributesTable->Flags =3D 0; + } DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n")); DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttrib= utesTable->Version)); DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttrib= utesTable->NumberOfEntries)); DEBUG ((DEBUG_VERBOSE, " DescriptorSize - 0x%08x\n", MemoryAttrib= utesTable->DescriptorSize)); + DEBUG ((DEBUG_VERBOSE, " Flags - 0x%08x\n", MemoryAttrib= utesTable->Flags)); MemoryAttributesEntry =3D (EFI_MEMORY_DESCRIPTOR *)(MemoryAttributesTabl= e + 1); MemoryMap =3D MemoryMapStart; for (Index =3D 0; Index < MemoryMapSize/DescriptorSize; Index++) { --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99573): https://edk2.groups.io/g/devel/message/99573 Mute This Topic: https://groups.io/mt/96721190/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 15:58:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+99574+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99574+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1675426281; cv=none; d=zohomail.com; s=zohoarc; b=bXvQSWYGa85kf/cqCug6UtGgliJUD4wJHSpRpo0VRCzrFaUBSyaxBnEfIEK0KZ4mOrtDUGYvi11mI9fbl6MQ5TQIgJcbE80IWxcY4ZlBkNRSWAeh3px5vZvAxGxO821inHyb2nb/e43zfd8x9O4ApCMpmyYlH4W3EGYxZ1ZBWjg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675426281; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=loIiSaFxPGKGL91hQkio45NFyTaL6J7pvdzynetnaAg=; b=mKc5XTG2zo7P9EtvGt5tJD0itjFbQGJ9frAI3W2fmB/Wk42GuWHWEpKmPC92/DzpKDK/89m4gserkUyqiwgVWD1r9nCHSI+MYo47fpuX5o6JOU2TwDQ2ghVKEbrc5VGE/gJ/Ib2s3eaIjWgSQ51a/J/OVt+1aXL+tP96i+8VW6U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+99574+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1675426281399610.4322641713138; Fri, 3 Feb 2023 04:11:21 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id SFc5YY1788612xFAa7yBHtcI; Fri, 03 Feb 2023 04:11:21 -0800 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.9007.1675426280399303353 for ; Fri, 03 Feb 2023 04:11:20 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 00D8F61F0E; Fri, 3 Feb 2023 12:11:20 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15DD3C4339C; Fri, 3 Feb 2023 12:11:16 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [edk2-devel] [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions Date: Fri, 3 Feb 2023 13:10:29 +0100 Message-Id: <20230203121029.2451394-8-ardb@kernel.org> In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 16em0and3PrYme7hod1YDFUqx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1675426281; bh=ljW5vUNX1j3aCcixh8blSi2p6c3OoF6YkpiZVDUyA+E=; h=Cc:Date:From:Reply-To:Subject:To; b=HG88s9jEpHoEa4B9cZVDlwLPZBUTfMojsEaJhDXoM03w7bYFiCkQnRBayqsT8UiiIGL HmywBGchl2ce1YoJGhVKPhAbZvkJFwo7eaC23mXsoDoGt20zSlsCr+6u6xlWX1L0ye2wB l/EC9mBr/SON6oAkNoZd5ISmSaFdVBZ6h+o= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1675426283153100001 Content-Type: text/plain; charset="utf-8" Add a build option RUNTIME_BTI_ENABLE, and wire it up to the command line options passed to the compiler to get it to emit BTI landing pads into all modules. Note that runtime DXE modules may incorporate libraries of type BASE, UEFI_DRIVER or DXE_DRIVER, so the only safe option here is to apply the command line option to all types. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 74d98e6314c4..9cb37f3d46a3 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -10,6 +10,7 @@ =20 [Defines] DEFINE DEBUG_PRINT_ERROR_LEVEL =3D 0x8000004F + DEFINE RUNTIME_BTI_ENABLE =3D FALSE =20 !if $(TARGET) !=3D NOOPT DEFINE FD_SIZE_IN_MB =3D 2 @@ -33,6 +34,11 @@ [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000 GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000 =20 +[BuildOptions] +!if $(RUNTIME_BTI_ENABLE) =3D=3D TRUE + GCC:*_*_AARCH64_CC_FLAGS =3D -mbranch-protection=3Dbti +!endif + [LibraryClasses.common] !if $(TARGET) =3D=3D RELEASE DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#99574): https://edk2.groups.io/g/devel/message/99574 Mute This Topic: https://groups.io/mt/96721191/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-