From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com
 [IPv6:2a00:1450:400c:c09::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C9435821D4
 for <edk2-devel@lists.01.org>; Wed,  1 Mar 2017 08:32:00 -0800 (PST)
Received: by mail-wm0-x234.google.com with SMTP id v186so114700459wmd.0
 for <edk2-devel@lists.01.org>; Wed, 01 Mar 2017 08:32:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=7L3GPok8HXjBuP1QK/rSnJTC3EyBSeRssRffYuMLbvQ=;
 b=Tbs6Rzp9AgTk0aoUdL3vS4sGxrymPS2Lf6/xP6J7VZVlwromXRswpubF7UORfOHVUS
 lEzk3XfhE0cksUvZIP4/XWhvEvAuFiFI0ApNDVMPP5+0zi5ebk9mmBnNOXaN2OnryptH
 +xR31Wom7tte4bSUQz7zyn2mAvaDpaqyVKCBE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=7L3GPok8HXjBuP1QK/rSnJTC3EyBSeRssRffYuMLbvQ=;
 b=LXQA3Os/GpVkXnNbepbspiFlGK7198yV0aT23DBG98cujK/NpXbEBefxRy0l5k9KP/
 oDvk0m0NlvgElgrA/1QlaLc10kn17YRhWD58//LO1qzrQSk/IG40hMPKTVFh50cnnfVK
 TSUpPHwOPnVscyFfs3wHR3foNOydqArmlHVRZz34QCRHFGMThFJWK9yu1XEzqtYgK9cg
 gRwZdsl4pKBkYIJISDqOQeK/fDdRGwVBusGzcpAKvY9I6cJgCgI9E1eQHPFBiZBsMhJX
 Hl6czFCewz2EuSwvEM0rHkHnRWLLSPzvfQodSKvuFwTHhfSzP57fHJxJ5Y7HwJWkIaO3
 Oz+Q==
X-Gm-Message-State: AMke39mge3pXSFfmqerIr1DlbR4CYFwzU+fZP/6gS4WcV7t5ndnnvCHaRipH099IrXSvwqAB
X-Received: by 10.28.133.203 with SMTP id h194mr4149838wmd.122.1488385919333; 
 Wed, 01 Mar 2017 08:31:59 -0800 (PST)
Received: from localhost.localdomain ([105.147.1.203])
 by smtp.gmail.com with ESMTPSA id 11sm7275292wrb.10.2017.03.01.08.31.57
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Wed, 01 Mar 2017 08:31:58 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org,
	leif.lindholm@linaro.org,
	lersek@redhat.com
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed,  1 Mar 2017 16:31:43 +0000
Message-Id: <1488385903-30267-6-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1488385903-30267-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1488385903-30267-1-git-send-email-ard.biesheuvel@linaro.org>
Subject: [PATCH 5/5] ArmVirtPkg: enable non-executable DXE stack for all platforms
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Mar 2017 16:32:01 -0000

Now that ARM has grown support for managing memory permissions in
ArmMmuLib, we can enable the non-executable DXE stack for all virt
platforms.

Note that this is not [entirely] redundant: the non-executable stack
is configured before DxeCore is invoked. The image and memory protection
features configured during DXE only take affect when the CPU arch
protocol implementation is registered.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 ArmVirtPkg/ArmVirt.dsc.inc       | 5 +++++
 ArmVirtPkg/ArmVirtQemu.dsc       | 2 --
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 --
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index acfb71d3ff6c..e2d3dcce7945 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -386,6 +386,11 @@ [PcdsFixedAtBuild.common]
   #
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
 
+  #
+  # Enable the non-executable DXE stack. (This gets set up by DxeIpl)
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
+
 [PcdsFixedAtBuild.ARM]
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
 
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 615e1fca4877..477dfdcfc764 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -152,8 +152,6 @@ [PcdsFixedAtBuild.common]
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
 
 [PcdsFixedAtBuild.AARCH64]
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
-
   # KVM limits it IPA space to 40 bits (1 TB), so there is no need to
   # support anything bigger, even if the host hardware does
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index e4902690123c..fd39c2802a85 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -163,8 +163,6 @@ [PcdsFixedAtBuild.AARCH64]
   #
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
 
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
-
   # KVM limits it IPA space to 40 bits (1 TB), so there is no need to
   # support anything bigger, even if the host hardware does
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
-- 
2.7.4