From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Subject: [PATCH 5/5] ArmPkg/CpuDxe: switch to read-only page tables at EndOfDxe
Date: Mon, 7 Jan 2019 08:15:04 +0100 [thread overview]
Message-ID: <20190107071504.2431-6-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190107071504.2431-1-ard.biesheuvel@linaro.org>
Register for the EndOfDxe event, and use it to invoke the new
ArmMmuLib code that remaps all page tables as read-only. This
should limit the impact of arbitrary write exploits, since they
can no longer be abused to modify tightened memory permissions.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
ArmPkg/Drivers/CpuDxe/CpuDxe.c | 23 ++++++++++++++++++++
ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 1 +
2 files changed, 24 insertions(+)
diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c
index 5e923d45b715..11f4a2ccf5c8 100644
--- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c
+++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c
@@ -238,6 +238,17 @@ InitializeDma (
CpuArchProtocol->DmaBufferAlignment = ArmCacheWritebackGranule ();
}
+STATIC
+VOID
+EFIAPI
+OnEndOfDxe (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ MapAllPageTablesReadOnly ();
+}
+
EFI_STATUS
CpuDxeInitialize (
IN EFI_HANDLE ImageHandle,
@@ -246,6 +257,7 @@ CpuDxeInitialize (
{
EFI_STATUS Status;
EFI_EVENT IdleLoopEvent;
+ EFI_EVENT EndOfDxeEvent;
InitializeExceptions (&mCpu);
@@ -285,5 +297,16 @@ CpuDxeInitialize (
);
ASSERT_EFI_ERROR (Status);
+
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ OnEndOfDxe,
+ NULL,
+ &gEfiEndOfDxeEventGroupGuid,
+ &EndOfDxeEvent
+ );
+ ASSERT_EFI_ERROR (Status);
+
return Status;
}
diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
index c32d2cb9c7d4..0788a2ab27c0 100644
--- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
@@ -63,6 +63,7 @@
[Guids]
gEfiDebugImageInfoTableGuid
+ gEfiEndOfDxeEventGroupGuid
gArmMpCoreInfoGuid
gIdleLoopEventGuid
gEfiVectorHandoffTableGuid
--
2.20.1
prev parent reply other threads:[~2019-01-07 7:15 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-07 7:14 [PATCH 0/5] memory/MMU hardening for AArch64 Ard Biesheuvel
2019-01-07 7:15 ` [PATCH 1/5] ArmPkg/ArmMmuLib AARCH64: fix out of bounds access Ard Biesheuvel
2019-01-14 12:00 ` Leif Lindholm
2019-01-14 18:48 ` Ard Biesheuvel
2019-01-07 7:15 ` [PATCH 2/5] ArmPkg/ArmMmuLib AARCH64: get rid of needless TLB invalidation Ard Biesheuvel
2019-01-23 15:46 ` Leif Lindholm
2019-01-23 15:55 ` Ard Biesheuvel
2019-01-23 16:12 ` Leif Lindholm
2019-01-23 16:16 ` Ard Biesheuvel
2019-01-23 16:20 ` Leif Lindholm
2019-01-28 12:29 ` Ard Biesheuvel
2019-01-28 18:01 ` Leif Lindholm
2019-01-29 10:32 ` Ard Biesheuvel
2019-01-07 7:15 ` [PATCH 3/5] ArmPkg/ArmMmuLib AARCH64: implement support for EFI_MEMORY_RP permissions Ard Biesheuvel
2019-01-14 14:29 ` Leif Lindholm
2019-01-14 14:59 ` Ard Biesheuvel
2019-01-14 15:06 ` Leif Lindholm
2019-01-07 7:15 ` [PATCH 4/5] ArmPkg/ArmMmuLib AARCH64: add support for read-only page tables Ard Biesheuvel
2019-01-07 7:15 ` Ard Biesheuvel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190107071504.2431-6-ard.biesheuvel@linaro.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox