From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2BB38820A5 for ; Mon, 27 Feb 2017 06:38:29 -0800 (PST) Received: by mail-wr0-x235.google.com with SMTP id g10so53549404wrg.2 for ; Mon, 27 Feb 2017 06:38:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EtMGbFVrAb6DR9eX+hKfKKfagTwxW/AmwizB1EgFfFs=; b=YaR7VUQK7CoB+7M5ICa8o0VBxh0eF1mfSLFkCWbheixJEM9b380c/eoC8rG14Rcg2f HhRzzp05UNCtDL3PpEsoFFvmvGVez2/7Z5g57HV2RpzoYzB+z5ha9KjoOMEyKzQapULH +0PYDZedPUAx4dXLZhOJWaqFnE51WI+7HjOBw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EtMGbFVrAb6DR9eX+hKfKKfagTwxW/AmwizB1EgFfFs=; b=LPPW82LuI2cARWE6WyTw332uuAn+R0MUD8r11q/o1Ogum5MGOQPCc6crD8HUVHU2h9 743xrM0l70UXe3I+kg0dypyxY0L3Gjd79o85Td5VRDmhb0V+5GgsDek4kCej6cevr96m 6bRP48YCtgmU5FmPvQXZZOfPr0wDwERP5I7NAur4x3iiW1Ve8ZC4VP+XwReCSdipXCw2 LgDQcyZAeooP7m0QcnwPlI/i+tYEfTLrbX8bIN48U6HNBjRECOVIx4t6H+sLx/7hYKE8 JVSMA3vlKljRGaAw17QJGvuYIpGWBC71y2cjEyiEeNRtuMMmLN73rLDU9qSm5phc6N2q mfCQ== X-Gm-Message-State: AMke39nV/nNRQ9SaQbFQpMmvY1uC/3hyoh5VA+/SR4OXS5IbCqnKGkH4S5sH6bH+2ESY3MqE X-Received: by 10.223.154.149 with SMTP id a21mr9110033wrc.145.1488206307698; Mon, 27 Feb 2017 06:38:27 -0800 (PST) Received: from localhost.localdomain ([105.149.201.216]) by smtp.gmail.com with ESMTPSA id z134sm14475167wmc.20.2017.02.27.06.38.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 27 Feb 2017 06:38:26 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, afish@apple.com, leif.lindholm@linaro.org, michael.d.kinney@intel.com, liming.gao@intel.com, jiewen.yao@intel.com Cc: lersek@redhat.com, feng.tian@intel.com, star.zeng@intel.com, Ard Biesheuvel Date: Mon, 27 Feb 2017 14:38:07 +0000 Message-Id: <1488206291-25768-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488206291-25768-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488206291-25768-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [PATCH v4 3/7] MdeModulePkg/EbcDxe: use EfiBootServicesCode memory for thunks X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 14:38:29 -0000 The EBC driver emits thunks for native to EBC calls, which are short instructions sequences that bridge the gap between the native execution environment and the EBC virtual machine. Since these thunks are allocated using MemoryAllocationLib::AllocatePool(), they are emitted into EfiBootServicesData regions, which does not reflect the nature of these thunks accurately, and interferes with strict memory protection policies that map data regions non-executable. So instead, create a new helper EbcAllocatePoolForThunk() that invokes the AllocatePool() boot services directly to allocate EfiBootServicesCode pool memory explicitly, and wire up this helper for the various architecture specific thunk generation routines. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Jiewen Yao --- MdeModulePkg/Universal/EbcDxe/AArch64/EbcSupport.c | 2 +- MdeModulePkg/Universal/EbcDxe/EbcInt.c | 23 ++++++++++++++++++++ MdeModulePkg/Universal/EbcDxe/EbcInt.h | 14 ++++++++++++ MdeModulePkg/Universal/EbcDxe/Ia32/EbcSupport.c | 2 +- MdeModulePkg/Universal/EbcDxe/Ipf/EbcSupport.c | 2 +- MdeModulePkg/Universal/EbcDxe/X64/EbcSupport.c | 2 +- 6 files changed, 41 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Universal/EbcDxe/AArch64/EbcSupport.c b/MdeModulePkg/Universal/EbcDxe/AArch64/EbcSupport.c index ade47c4d0622..7c13ce12a38b 100644 --- a/MdeModulePkg/Universal/EbcDxe/AArch64/EbcSupport.c +++ b/MdeModulePkg/Universal/EbcDxe/AArch64/EbcSupport.c @@ -383,7 +383,7 @@ EbcCreateThunks ( return EFI_INVALID_PARAMETER; } - InstructionBuffer = AllocatePool (sizeof (EBC_INSTRUCTION_BUFFER)); + InstructionBuffer = EbcAllocatePoolForThunk (sizeof (EBC_INSTRUCTION_BUFFER)); if (InstructionBuffer == NULL) { return EFI_OUT_OF_RESOURCES; } diff --git a/MdeModulePkg/Universal/EbcDxe/EbcInt.c b/MdeModulePkg/Universal/EbcDxe/EbcInt.c index 6fd2aaf5af27..727ba8bcae44 100644 --- a/MdeModulePkg/Universal/EbcDxe/EbcInt.c +++ b/MdeModulePkg/Universal/EbcDxe/EbcInt.c @@ -1410,3 +1410,26 @@ EbcVmTestUnsupported ( return EFI_UNSUPPORTED; } +/** + Allocates a buffer of type EfiBootServicesCode. + + @param AllocationSize The number of bytes to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +EFIAPI +EbcAllocatePoolForThunk ( + IN UINTN AllocationSize + ) +{ + VOID *Buffer; + EFI_STATUS Status; + + Status = gBS->AllocatePool (EfiBootServicesCode, AllocationSize, &Buffer); + if (EFI_ERROR (Status)) { + return NULL; + } + return Buffer; +} diff --git a/MdeModulePkg/Universal/EbcDxe/EbcInt.h b/MdeModulePkg/Universal/EbcDxe/EbcInt.h index 75017a23e75e..8aa7a4abbd63 100644 --- a/MdeModulePkg/Universal/EbcDxe/EbcInt.h +++ b/MdeModulePkg/Universal/EbcDxe/EbcInt.h @@ -246,4 +246,18 @@ typedef struct { CR(a, EBC_PROTOCOL_PRIVATE_DATA, EbcProtocol, EBC_PROTOCOL_PRIVATE_DATA_SIGNATURE) +/** + Allocates a buffer of type EfiBootServicesCode. + + @param AllocationSize The number of bytes to allocate. + + @return A pointer to the allocated buffer or NULL if allocation fails. + +**/ +VOID * +EFIAPI +EbcAllocatePoolForThunk ( + IN UINTN AllocationSize + ); + #endif // #ifndef _EBC_INT_H_ diff --git a/MdeModulePkg/Universal/EbcDxe/Ia32/EbcSupport.c b/MdeModulePkg/Universal/EbcDxe/Ia32/EbcSupport.c index 8e660b93ad64..a825846f89c3 100644 --- a/MdeModulePkg/Universal/EbcDxe/Ia32/EbcSupport.c +++ b/MdeModulePkg/Universal/EbcDxe/Ia32/EbcSupport.c @@ -484,7 +484,7 @@ EbcCreateThunks ( ThunkSize = sizeof(mInstructionBufferTemplate); - Ptr = AllocatePool (sizeof(mInstructionBufferTemplate)); + Ptr = EbcAllocatePoolForThunk (sizeof(mInstructionBufferTemplate)); if (Ptr == NULL) { return EFI_OUT_OF_RESOURCES; diff --git a/MdeModulePkg/Universal/EbcDxe/Ipf/EbcSupport.c b/MdeModulePkg/Universal/EbcDxe/Ipf/EbcSupport.c index 95837cb67865..f99348f181a9 100644 --- a/MdeModulePkg/Universal/EbcDxe/Ipf/EbcSupport.c +++ b/MdeModulePkg/Universal/EbcDxe/Ipf/EbcSupport.c @@ -403,7 +403,7 @@ EbcCreateThunks ( // Size = EBC_THUNK_SIZE + EBC_THUNK_ALIGNMENT - 1; ThunkSize = Size; - Ptr = AllocatePool (Size); + Ptr = EbcAllocatePoolForThunk (Size); if (Ptr == NULL) { return EFI_OUT_OF_RESOURCES; diff --git a/MdeModulePkg/Universal/EbcDxe/X64/EbcSupport.c b/MdeModulePkg/Universal/EbcDxe/X64/EbcSupport.c index 4325e2e52710..33a174917b69 100644 --- a/MdeModulePkg/Universal/EbcDxe/X64/EbcSupport.c +++ b/MdeModulePkg/Universal/EbcDxe/X64/EbcSupport.c @@ -441,7 +441,7 @@ EbcCreateThunks ( ThunkSize = sizeof(mInstructionBufferTemplate); - Ptr = AllocatePool (sizeof(mInstructionBufferTemplate)); + Ptr = EbcAllocatePoolForThunk (sizeof(mInstructionBufferTemplate)); if (Ptr == NULL) { return EFI_OUT_OF_RESOURCES; -- 2.7.4