From nobody Wed Feb 5 18:50:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101132+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101132+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727931; cv=none; d=zohomail.com; s=zohoarc; b=lR2WrOJ+Kspu8tngzPvCru/uZZrIWF6e5oV9dzRJrcUnyALvf7CTEvilfSicHNs/xWBr4WFe9k4h4EVdVCJOi2KIcObdU7ul7Ly4FGnxaDF6Hiab6W7MZan3peqxEaKQ91/mioMtGE8K0yQkuRVGXSuS8d/HimW9T3PfJNiIOaA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727931; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=YmIMUwMjnqcB0HgbH05Xp79eK6qIj9/BvFSE9UBahls=; b=RUYCvJbo+Mh639dFC2dh+QlQRuLqT2EfMmBQEyrFmXfQSXWlaSbKyYZBR0PIjPt2ZaN+NmA9vdK9YhYFsOdDYz6yf6r1sQWy2n7d0POkeNTPn0Vl1mVrGqOx7tPfWS0uhp1RMSiCJN7hC0hPhJNBo4iNmVzCCsn9cjXpB5sJQcM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101132+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727931691911.5102234648052; Mon, 13 Mar 2023 10:18:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XdHUYY1788612x13Rev10OxA; Mon, 13 Mar 2023 10:18:51 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.26508.1678727930370857584 for ; Mon, 13 Mar 2023 10:18:50 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id CE04AB811B3; Mon, 13 Mar 2023 17:18:48 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6423CC433A0; Mon, 13 Mar 2023 17:18:45 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 28/38] ArmVirtPkg/ArmVirtQemu: Enable hardware enforced W^X memory permissions Date: Mon, 13 Mar 2023 18:17:04 +0100 Message-Id: <20230313171714.3866151-29-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 430zVxmSCdZaUosnh6kUv5QPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727931; bh=123Mq8GE+1djZusyPCHc+tezngycZl0rttXXFcqy4rU=; h=Cc:Date:From:Reply-To:Subject:To; b=fX3kyC/xh+vezSLIlukIGsIu0bmwC9nU9qgoj452/2Ssi0Y546nw5xZDS5Bp7XvA4J5 O0u7oMxz+bbZvuT9E4ybNt3WhvPBU0Hkmu0kC9tFOk2PIpxWBgdcMXM2chatXyqVSjTJd SOK+HjNX8dC1LlxyudlGCcMM3mvBaCKrIEU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727932360100005 Content-Type: text/plain; charset="utf-8" Enable the WXN system control bit straight out of reset when running in EL1 with the initial ID map from flash. This setting will be inherited by the page table code after it sets up the permanent boot time page tables, resulting in all memory mappings that are not explicitly mapped as read-only to be non-executable. Note that this requires runtime drivers to be built with position independent codegen, to ensure that all absolute symbol references are moved into a separate section in the binary. Otherwise, unmapping the pages that are subject to relocation fixups at runtime (during the invocation of SetVirtualAddressMap()) could result in code mappings losing their executable permissions. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 1 + ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 5b18184be263..928dd6330edb 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -31,6 +31,7 @@ [BuildOptions.common.EDKII.DXE_CORE,BuildOptions.common.E= DKII.DXE_DRIVER,BuildOp =20 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + GCC:*_*_AARCH64_CC_FLAGS =3D -fpie GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000 =20 [LibraryClasses.common] diff --git a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelpe= r.S b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S index 5ac7c732f6ec..51c089a45ffc 100644 --- a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S +++ b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S @@ -38,7 +38,7 @@ .set SCTLR_EL1_ITD, 0x1 << 7 .set SCTLR_EL1_RES1, (0x1 << 11) | (0x1 << 20) | (0x1 << 22) | (0= x1 << 28) | (0x1 << 29) .set sctlrval, SCTLR_ELx_M | SCTLR_ELx_C | SCTLR_ELx_SA | SCTLR_EL1_IT= D | SCTLR_EL1_SED - .set sctlrval, sctlrval | SCTLR_ELx_I | SCTLR_EL1_SPAN | SCTLR_EL1_RES1 + .set sctlrval, sctlrval | SCTLR_ELx_I | SCTLR_EL1_SPAN | SCTLR_EL1_RES= 1 | SCTLR_EL1_WXN =20 =20 ASM_FUNC(ArmPlatformPeiBootAction) --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101132): https://edk2.groups.io/g/devel/message/101132 Mute This Topic: https://groups.io/mt/97586039/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-