From nobody Mon Feb 9 09:22:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105652+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105652+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1685719092; cv=none; d=zohomail.com; s=zohoarc; b=eqt+a7oA1+DdZGqNqykfhByDqMc3D7oT6FTRHLh4X6cdiOdPTMtKoXb4MyWMOaN6EubhJj/AuzOkgYmMfGFAzleEc+/EqB2DfBQ7MFXdpc4w2Awobjucs0OmIBZXe6X5bkGVcIxJMKUDerJXBI5U7XgwCwCX3y8FADoijYng9ns= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1685719092; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=MAeHvXTNqNRClUPWAFBu26+P21C7z0sWwrZmo67IF4U=; b=Dn4r5KFs9Bsn+mRZA3KtfayWGzzQrg+SwQp9j+sX9c95sT1joh911LdqYGXh9fRMVxhIlRdY1HKNup2+ElujNVldP+8chJmqPb3Gbm2T8qzPIyqK7IR4tJNNgSslROgkwpAbPxcZsZXT0+JS8fOoKSnhKeksEaXPdxlKcgmRAFg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105652+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1685719092387723.4843664516422; Fri, 2 Jun 2023 08:18:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vGMXYY1788612xoz7IWCEOsZ; Fri, 02 Jun 2023 08:18:11 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.16077.1685719091051603987 for ; Fri, 02 Jun 2023 08:18:11 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 97CCE60C40; Fri, 2 Jun 2023 15:18:10 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 616A0C433A0; Fri, 2 Jun 2023 15:18:07 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Dun Tan , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Michael Kubacki Subject: [edk2-devel] [PATCH v2 3/7] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX Date: Fri, 2 Jun 2023 17:17:35 +0200 Message-Id: <20230602151739.3600820-4-ardb@kernel.org> In-Reply-To: <20230602151739.3600820-1-ardb@kernel.org> References: <20230602151739.3600820-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 23X6F2aJaYqPHuzu15I8SZjFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1685719091; bh=BR3f0Tr8p+bvWcu0G2DHezkNSFYXkbhIFKE8osOywxQ=; h=Cc:Date:From:Reply-To:Subject:To; b=kexMqn0XTwztDEyyDCmW9ZSHZaPYS4hz/VzUewIlvy9B2/cId03uriC0XFQuMvZd11+ nNRZRo4ivtcJWfh4S+lbE7GmsB4pDmST0sozWSUkRk8IabSVOsI6f4UVBlFLNjbHpavvK O8m9wEnjxsyKLyhMBLCtRRwsN2NPYa+HjSM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1685719094586100003 Content-Type: text/plain; charset="utf-8" If the associated PCD is set to TRUE, use the memory attribute PPI to remap the stack non-executable. This provides a generic method for doing so, which will be used by ARM and AArch64 as well once they move to the generic DxeIpl handoff implementation. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 29 ++++++++++++++++++-- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/= DxeIplPeim/DxeHandoff.c index a0f85ebea56e6cba..60400da3521a8272 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c @@ -2,12 +2,15 @@ Generic version of arch-specific functionality for DxeLoad. =20 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2023, Google, LLC. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #include "DxeIpl.h" =20 +#include + /** Transfers control to DxeCore. =20 @@ -25,9 +28,10 @@ HandOffToDxeCore ( IN EFI_PEI_HOB_POINTERS HobList ) { - VOID *BaseOfStack; - VOID *TopOfStack; - EFI_STATUS Status; + VOID *BaseOfStack; + VOID *TopOfStack; + EFI_STATUS Status; + EDKII_MEMORY_ATTRIBUTE_PPI *MemoryPpi; =20 // // Allocate 128KB for the Stack @@ -35,6 +39,25 @@ HandOffToDxeCore ( BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE)); ASSERT (BaseOfStack !=3D NULL); =20 + if (PcdGetBool (PcdSetNxForStack)) { + Status =3D PeiServicesLocatePpi ( + &gEdkiiMemoryAttributePpiGuid, + 0, + NULL, + (VOID **)&MemoryPpi + ); + ASSERT_EFI_ERROR (Status); + + Status =3D MemoryPpi->SetPermissions ( + MemoryPpi, + (UINTN)BaseOfStack, + STACK_SIZE, + EFI_MEMORY_XP, + EFI_MEMORY_XP + ); + ASSERT_EFI_ERROR (Status); + } + // // Compute the top of the stack we were allocated. Pre-allocate a UINTN // for safety. diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 60c998be6c1bad01..7126a96d8378d1f8 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -91,6 +91,7 @@ [Ppis] gEfiPeiMemoryDiscoveredPpiGuid ## SOMETIMES_CONSUMES gEdkiiPeiBootInCapsuleOnDiskModePpiGuid ## SOMETIMES_CONSUMES gEdkiiPeiCapsuleOnDiskPpiGuid ## SOMETIMES_CONSUMES # Consume= d on firmware update boot path + gEdkiiMemoryAttributePpiGuid ## SOMETIMES_CONSUMES =20 [Guids] ## SOMETIMES_CONSUMES ## Variable:L"MemoryTypeInformation" @@ -117,10 +118,12 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES + [Depex] gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid =20 --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105652): https://edk2.groups.io/g/devel/message/105652 Mute This Topic: https://groups.io/mt/99288482/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-