From nobody Sun Feb  8 17:48:00 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+99572+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99572+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1675426277; cv=none;
	d=zohomail.com; s=zohoarc;
	b=mgHVGRp3wEsqt2pw2XZ9cTmPWQOGbc2RDsrG82xEfwjQfQAnEbhyTSMQpLKYXYMuRcqKuYWAdTGhhtb7pqeOJFrW3bPO0nxpjswdAKaEWqhjMvyw7mHyfLx1h8wOrtR9d7gxVxH9AOrnCDIZArnMNT9w/WE1EN1mENL0Wx+kayA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1675426277;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=mcCzOSXOsQeYCoVNvoL2jSRp2kypZwJoJLUzcJtu5Pc=;
	b=dCex43lNyx1KaDgnBpA6WSenhd25QIlV7wnbzWL/wpd5IPuOBNcLAz4dmMUJYoM+jWXUTGsGScvEZrKQTJNrI+R5dS5nCiLSvnlcnFiQ0GPn7uEhUAxVLBirBvgQSq68d5mezFxj4wwM61mGrah7oOxXj3k/Q6JXN8RugyjR/HM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+99572+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1675426277739299.76593236406484;
 Fri, 3 Feb 2023 04:11:17 -0800 (PST)
Return-Path: <bounce+27952+99572+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id G2HkYY1788612xitvbh0mGNV;
 Fri, 03 Feb 2023 04:11:17 -0800
X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web10.8778.1675426276577629528
 for <devel@edk2.groups.io>;
 Fri, 03 Feb 2023 04:11:17 -0800
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id E6FBDB82A8C;
	Fri,  3 Feb 2023 12:11:14 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A79EC433D2;
	Fri,  3 Feb 2023 12:11:11 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	=?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>
Subject: [edk2-devel] [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64:
 Implement fwd control flow guard detection
Date: Fri,  3 Feb 2023 13:10:27 +0100
Message-Id: <20230203121029.2451394-6-ardb@kernel.org>
In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org>
References: <20230203121029.2451394-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: EnM61zuNwARf3shJyBLjxj7Fx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1675426277;
 bh=yLVv0mDJe3NNnwl0mmkmyeQV5ignLOQco5VbR56Z99c=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=H7fa+m566okuP6UYwOVBsPMvmKMVDS1+n77QRhM3ZKJPQJSpl0Awzie6/KngNdpOMVv
 +gv2NnP3rARZPtEpzUhI9Kdm8GoI0Bw/+yZUXnpMpBoyjrPS/4J+95NuR//NI4mu7TU60
 9EX/Bu30Gl6rM7X/S/SJSZb5Yx0zBIq5Rgk=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1675426279145100002
Content-Type: text/plain; charset="utf-8"

Add the check to infer from the instruction opcode at the image
entrypoint whether or not forward edge control flow guards were emitted
by the compiler at build time. Given that an image entry point is
invoked indirectly by construction, its entrypoint must have such a
guard instruction there if it implements support for forward edge
control flow enforcement such as IBT or BTI.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c | 103 ++++++++++++++=
++++++
 MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf        |   5 +-
 2 files changed, 107 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c b/MdePkg=
/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c
new file mode 100644
index 000000000000..d25b11109dbc
--- /dev/null
+++ b/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c
@@ -0,0 +1,103 @@
+/** @file
+  AArch64 implementations of architecture/ISA Specific relocation handlers.
+
+  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2023, Google LLC. Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "BasePeCoffLibInternals.h"
+
+/**
+  Performs an architecture/ISA specific relocation fixup.
+
+  @param  Reloc       The pointer to the relocation record.
+  @param  Fixup       The pointer to the address to fix up.
+  @param  FixupData   The pointer to a buffer to log the fixups.
+  @param  Adjust      The offset to adjust the fixup.
+
+  @return Status code.
+
+**/
+RETURN_STATUS
+PeCoffLoaderRelocateImageEx (
+  IN UINT16     *Reloc,
+  IN OUT CHAR8  *Fixup,
+  IN OUT CHAR8  **FixupData,
+  IN UINT64     Adjust
+  )
+{
+  return RETURN_UNSUPPORTED;
+}
+
+/**
+  Returns TRUE if the machine type of PE/COFF image is supported. Supported
+  does not mean the image can be executed it means the PE/COFF loader supp=
orts
+  loading and relocating of the image type. It's up to the caller to suppo=
rt
+  the entry point.
+
+  @param  Machine   The machine type from the PE Header.
+
+  @return TRUE if this PE/COFF loader can load the image
+
+**/
+BOOLEAN
+PeCoffLoaderImageFormatSupported (
+  IN  UINT16  Machine
+  )
+{
+  if ((Machine =3D=3D IMAGE_FILE_MACHINE_I386) || (Machine =3D=3D IMAGE_FI=
LE_MACHINE_X64) ||
+      (Machine =3D=3D IMAGE_FILE_MACHINE_EBC) || (Machine =3D=3D IMAGE_FIL=
E_MACHINE_ARM64))
+  {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+  Performs an architecture/ISA specific re-relocation fixup. This is used =
to
+  re-relocate the image into the EFI virtual space for runtime calls.
+
+  @param  Reloc       The pointer to the relocation record.
+  @param  Fixup       The pointer to the address to fix up.
+  @param  FixupData   The pointer to a buffer to log the fixups.
+  @param  Adjust      The offset to adjust the fixup.
+
+  @return Status code.
+
+**/
+RETURN_STATUS
+PeHotRelocateImageEx (
+  IN UINT16     *Reloc,
+  IN OUT CHAR8  *Fixup,
+  IN OUT CHAR8  **FixupData,
+  IN UINT64     Adjust
+  )
+{
+  return RETURN_UNSUPPORTED;
+}
+
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext
+  )
+{
+  CONST UINT32  *Opcode;
+
+  Opcode =3D (UINT32 *)(UINTN)ImageContext->EntryPoint;
+
+  //
+  // Check whether the opcode is BTI C or BTI CJ
+  //
+  return ((*Opcode & 0xffffff7f) =3D=3D 0xd503245f);
+}
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf b/MdePkg/Librar=
y/BasePeCoffLib/BasePeCoffLib.inf
index 3b8b8eb1917d..8b720bd6e006 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
@@ -39,12 +39,15 @@ [Sources]
   BasePeCoffLibInternals.h
   BasePeCoff.c
=20
-[Sources.IA32, Sources.X64, Sources.EBC, Sources.AARCH64]
+[Sources.IA32, Sources.X64, Sources.EBC]
   PeCoffLoaderEx.c
=20
 [Sources.ARM]
   Arm/PeCoffLoaderEx.c
=20
+[Sources.AARCH64]
+  AArch64/PeCoffLoaderEx.c
+
 [Sources.RISCV64]
   RiscV/PeCoffLoaderEx.c
=20
--=20
2.39.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99572): https://edk2.groups.io/g/devel/message/99572
Mute This Topic: https://groups.io/mt/96721189/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-