From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65])
 by mx.groups.io with SMTP id smtpd.web10.106329.1680625150068196485
 for <devel@edk2.groups.io>;
 Tue, 04 Apr 2023 09:19:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@posteo.de header.s=2017 header.b=iA9+WFa7;
 spf=pass (domain: posteo.de, ip: 185.67.36.65, mailfrom: mhaeuser@posteo.de)
Received: from submission (posteo.de [185.67.36.169]) 
	by mout01.posteo.de (Postfix) with ESMTPS id 5299F2405FC
	for <devel@edk2.groups.io>; Tue,  4 Apr 2023 18:19:08 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
	t=1680625148; bh=pS29MDPUxUKvd+7mZxFzeAQv2HxxFQJe0OUOi/Qe76o=;
	h=Subject:From:Cc:Date:To:From;
	b=iA9+WFa7adCh1c+ZxP0k+EGFMF5BbKPyjhYEViYl1Nb1yMh1CCovbYFGTXU6JIZiJ
	 QiuJzbqZfgnn3EOMwDdrfGnJERGthrsPINodevtHpOjKJI8O7hjQaKK/uuEm7sW1aj
	 cXzFHL79wJHyleCvZOsw37+gwXsvB6nvQYtaGw3m4wDm6tHPZ7etWsoTpZZM76Q830
	 ZvCiz4Q16WN0Nz5cQYFFE34Rbb9dOEQleb6uOZ6zhhmi+48TYtFmxg4XdomnvxHGIM
	 qt4lZIFvp7YaXRBaFwEQsHsh/L58JrsYvwXvksrqZVfz+QxjrcTQnjIJzedxoJUw8Q
	 DY9V52es8hlxA==
Received: from customer (localhost [127.0.0.1])
	by submission (posteo.de) with ESMTPSA id 4PrXyK4myDz9rxF;
	Tue,  4 Apr 2023 18:19:05 +0200 (CEST)
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH v3 0/4] Enable BTI support in memory attributes table
From: =?UTF-8?B?TWFydmluIEjDpHVzZXI=?= <mhaeuser@posteo.de>
In-Reply-To: <20230404154022.2776035-1-ardb@kernel.org>
Cc: devel@edk2.groups.io, Michael Kinney <michael.d.kinney@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>, Jiewen Yao <jiewen.yao@intel.com>,
 Michael Kubacki <Michael.Kubacki@microsoft.com>,
 Sean Brogan <sean.brogan@microsoft.com>,
 Rebecca Cran <quic_rcran@quicinc.com>,
 Leif Lindholm <quic_llindhol@quicinc.com>,
 Sami Mujawar <sami.mujawar@arm.com>, Taylor Beebe <t@taylorbeebe.com>,
 Bob Feng <bob.c.feng@intel.com>,
 Oliver Smith-Denny <osde@linux.microsoft.com>
Date: Tue,  4 Apr 2023 16:19:05 +0000
Message-Id: <09AB600D-DDCC-4FF4-B73B-4647C7E0A95B@posteo.de>
References: <20230404154022.2776035-1-ardb@kernel.org>
To: Ard Biesheuvel <ardb@kernel.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

FWIW, Reviewed-by: Marvin H=C3=A4user <mhaeuser@posteo.de>

An off-topic remark, but I find it ominous that when adding a hack like the D=
llCharacteristicsEx debug entry, the opportunity is not used to turn it into=
 something that can be expanded in the future without introducing yet anothe=
r hack like this (I know 31 more Bits look plenty now, but if an address, of=
fset, or size will be needed=E2=80=A6 ouch).

Best regards,
Marvin

> On 4. Apr 2023, at 17:40, Ard Biesheuvel <ardb@kernel.org> wrote:
> =EF=BB=BFImplement version 2 of the memory attributes table, which now con=
tains a
> flag informing the OS whether or not code regions may be mapped with CFI
> mitigations such as IBT or BTI enabled.
>=20
> This series covers the remaining parts after the AArch64 specific
> changes were merged:
>=20
> - Update the BaseTools to emit the appropriate PE/COFF annotation when a
>  BTI/IBT compatible ELF executable is converted to PE/COFF
> - Take this PE/COFF annotation into account when populating the memory
>  attributes table in the DXE core
>=20
> TODO:
> - X64 changes to make the code IBT compatible and emit the ELF note
> - Figure out how to generate such executables with native PE toolchains
> - Implement BTI/IBT enforcement at boot time - this is something I
>  intend to look into next.
>=20
> Can be tested with the CLANG38 toolchain (both Clang compiler and LLD
> linker, version 3.8 or newer) with the following build options.
>=20
> [BuildOptions]
>  GCC:*_*_AARCH64_PP_FLAGS =3D -mbranch-protection=3Dbti
>  GCC:*_*_AARCH64_CC_FLAGS =3D -mbranch-protection=3Dbti
>  GCC:*_*_AARCH64_DLINK_FLAGS =3D -fuse-ld=3Dlld -Wl,--no-relax,--no-pie,-z=
,bti-report=3Derror
>=20
> Changes since v2:
> - increase DllCharacteristicsEx field to 4 bytes
> - add Oliver's Rb
>=20
> If no comments or objections have been raised by the end of the week, I
> will go ahead and merge this - thanks.
>=20
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael Kubacki <michael.kubacki@microsoft.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Rebecca Cran <quic_rcran@quicinc.com>
> Cc: Leif Lindholm <quic_llindhol@quicinc.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Taylor Beebe <t@taylorbeebe.com>
> Cc: Marvin H=C3=A4user <mhaeuser@posteo.de>
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Oliver Smith-Denny <osde@linux.microsoft.com>
>=20
> Ard Biesheuvel (4):
>  BaseTools/GenFw: Parse IBT/BTI support status from ELF note
>  BaseTools/GenFw: Add DllCharacteristicsEx field to debug data
>  MdePkg/PeCoffLib: Capture DLL characteristics fields in image context
>  MdeModulePkg: Enable forward edge CFI in mem attributes table
>=20
> BaseTools/Source/C/GenFw/Elf64Convert.c               | 104 ++++++++++++++=
+++---
> BaseTools/Source/C/GenFw/GenFw.c                      |   3 +-
> BaseTools/Source/C/GenFw/elf_common.h                 |   9 ++
> BaseTools/Source/C/Include/IndustryStandard/PeImage.h |  13 ++-
> MdeModulePkg/Core/Dxe/DxeMain.h                       |   2 +
> MdeModulePkg/Core/Dxe/Image/Image.c                   |  10 ++
> MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c    |   8 +-
> MdePkg/Include/IndustryStandard/PeImage.h             |  13 ++-
> MdePkg/Include/Library/PeCoffLib.h                    |   6 ++
> MdePkg/Library/BasePeCoffLib/BasePeCoff.c             |  46 ++++++---
> 10 files changed, 186 insertions(+), 28 deletions(-)
>=20
> --=20
> 2.39.2