From nobody Mon Sep 16 19:46:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105309+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105309+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685025087; cv=none; d=zohomail.com; s=zohoarc; b=GoSVQMaXcF+MhLnYw1kx8TPp+/NfCQJmyFlz2XRzP++5bfxOUaRelh34zg+OcziQp6fqjCy5w1fmNZsASefrXvbOU8z77USc22OfihreuQbqGeFGy2mD1IjYi9ghfPOnX4aloQ/WYWpXu5lGMD1TeBhl+T1O5czesUR3TuRoNtE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685025087; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KVR+Dze/z2KzRjoYricb6/vW9ka60dzh9rdGDnFrpuo=; b=Iv97AikOYcmt96z0MfFNqsQ8EtK0BnkqL/lmhEmJpwP1MExtZeCAo11n17WrEzQNHSSbDbxQDOsUykZ4vho/yHHZkc5dRsZcdM5TZPdL/H47V9ABOKb4ipQKQ1D2HWtn2Z0+7kEclmssmxkpgavi4/s0qtn2btAcCj7fMYb4UPY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105309+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685025087014878.9724256059196; Thu, 25 May 2023 07:31:27 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id JSEIYY1788612xsoyPyaoaSC; Thu, 25 May 2023 07:31:26 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.13287.1685025086076089494 for ; Thu, 25 May 2023 07:31:26 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9B02561489; Thu, 25 May 2023 14:31:25 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 802A8C433EF; Thu, 25 May 2023 14:31:22 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX Date: Thu, 25 May 2023 16:30:40 +0200 Message-Id: <20230525143041.1172989-10-ardb@kernel.org> In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org> References: <20230525143041.1172989-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 1gFpiHQMBFwxRfrH7isTtc5cx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685025086; bh=YLtSY9DmL/ntmG/tyK9FbLc37CmYBtHQs7H6snmCfdg=; h=Cc:Date:From:Reply-To:Subject:To; b=axK0/FD0dM/J59VHmfWLpfzD+okytfOezbExWZRDWxEvQPW5DpYp+dyYaenY7jd7FgN KtU3/8e8SwrI0thVJSNEayRXfUHsaWBq63/5lNAht7WJN1J8LQJF/+IlpcK4098WacDXZ 8p8Q7dQ5BD0y8G0cVBSuqVhXt4E3dFOmnlo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685025088652100007 Content-Type: text/plain; charset="utf-8" If the associated PCD is set to TRUE, use the memory attribute PPI to remap the stack non-executable. This provides a generic method for doing so, which will be used by ARM and AArch64 as well once they move to the generic DxeIpl handoff implementation. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 29 ++++++++++++++++++-- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/= DxeIplPeim/DxeHandoff.c index a0f85ebea56e6cba..22caabb02840ba88 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c @@ -2,12 +2,15 @@ Generic version of arch-specific functionality for DxeLoad. =20 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2023, Google, LLC. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #include "DxeIpl.h" =20 +#include + /** Transfers control to DxeCore. =20 @@ -25,9 +28,10 @@ HandOffToDxeCore ( IN EFI_PEI_HOB_POINTERS HobList ) { - VOID *BaseOfStack; - VOID *TopOfStack; - EFI_STATUS Status; + VOID *BaseOfStack; + VOID *TopOfStack; + EFI_STATUS Status; + EDKII_MEMORY_ATTRIBUTE_PPI *MemoryPpi; =20 // // Allocate 128KB for the Stack @@ -35,6 +39,25 @@ HandOffToDxeCore ( BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); ASSERT (BaseOfStack !=3D NULL); =20 + if (PcdGetBool (PcdSetNxForStack)) { + Status =3D PeiServicesLocatePpi ( + &gEdkiiMemoryAttributePpiGuid, + 0, + NULL, + (VOID **)&MemoryPpi + ); + ASSERT_EFI_ERROR (Status); + + Status =3D MemoryPpi->SetPermissions ( + MemoryPpi, + (UINTN)BaseOfStack, + STACK_SIZE, + EFI_MEMORY_XP, + 0 + ); + ASSERT_EFI_ERROR (Status); + } + // // Compute the top of the stack we were allocated. Pre-allocate a UINTN // for safety. diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 60c998be6c1bad01..7126a96d8378d1f8 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -91,6 +91,7 @@ [Ppis] gEfiPeiMemoryDiscoveredPpiGuid ## SOMETIMES_CONSUMES gEdkiiPeiBootInCapsuleOnDiskModePpiGuid ## SOMETIMES_CONSUMES gEdkiiPeiCapsuleOnDiskPpiGuid ## SOMETIMES_CONSUMES # Consume= d on firmware update boot path + gEdkiiMemoryAttributePpiGuid ## SOMETIMES_CONSUMES =20 [Guids] ## SOMETIMES_CONSUMES ## Variable:L"MemoryTypeInformation" @@ -117,10 +118,12 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES + [Depex] gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105309): https://edk2.groups.io/g/devel/message/105309 Mute This Topic: https://groups.io/mt/99131196/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-