From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:4864:20::542; helo=mail-ed1-x542.google.com;
 envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com
 [IPv6:2a00:1450:4864:20::542])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 60C952194D387
 for <edk2-devel@lists.01.org>; Sun,  6 Jan 2019 23:15:28 -0800 (PST)
Received: by mail-ed1-x542.google.com with SMTP id f9so36890295eds.10
 for <edk2-devel@lists.01.org>; Sun, 06 Jan 2019 23:15:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=mMSizBQgJm5evq3u4Ra4FSAjA0GrPHQj0NpjOvQGfrA=;
 b=WtqX0v+Yby9YN8/6LwwvFWm13F3MWWIhf1Ra4BihSgVcnGG23YEbiNiQ6H7DapM4OP
 NBfb59gEeHEvDSoW3n6t4pp6xPwxHEZCEv2JCZh9hlq4Ri3zrlGw0pEceVqnzsDQr5+j
 UXuispsZtGEVexYfnHN+XxT37bljrhAskr4oo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=mMSizBQgJm5evq3u4Ra4FSAjA0GrPHQj0NpjOvQGfrA=;
 b=a5er6apHFX7v5pvtCizJgAkOTvRM1GUnT/5h6DP2cR+gi7WU/VhiHGqsY7R6heduxf
 G+VffvzlXnRjJf3RHIvwylz1QxSpl2dmpOc4q8wln9V7q6VHAlVyVKStKcj5Ba2T02rP
 GAyj+0v7qeSILo1+eBIcZpQDaVAxEC+VkrRkIjLLxwKUTgSXzxO8CouI73cQnkuvv3cO
 3kpz8XbHdAjuVC9vU9WvTnbnPH6Ras6gFcFCXKQU3dNk1tJCV3OBOlcwfLqa9UX0VeBG
 jc55fANS/SxmjJsXEpPwdlFT3Vp4CWii5cygEJppzPrA6m4lUb5USNGgqXJahpc0kkXU
 snaA==
X-Gm-Message-State: AA+aEWZmRMaPz/b+xfwBVGk6UJnzrSp+kgUnH13p0y0OZMHcDPEbmvCU
 baq7/fvs9in6zvBf9VY3jxRTnAkEp2zcqg==
X-Google-Smtp-Source: AFSGD/Vq/xDZbR5frdLskeK0LghK/dAnRZYYnOk9GNht4QFua9ModBwLm0vH7rtSxvjUMAjVyLO3rQ==
X-Received: by 2002:a17:906:1e57:: with SMTP id
 i23-v6mr47315901ejj.146.1546845326672; 
 Sun, 06 Jan 2019 23:15:26 -0800 (PST)
Received: from chuckie.home ([2a01:cb1d:112:6f00:58f2:776e:9e23:a7ca])
 by smtp.gmail.com with ESMTPSA id t9sm30263693edd.25.2019.01.06.23.15.25
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 06 Jan 2019 23:15:25 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Date: Mon,  7 Jan 2019 08:15:04 +0100
Message-Id: <20190107071504.2431-6-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190107071504.2431-1-ard.biesheuvel@linaro.org>
References: <20190107071504.2431-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Subject: [PATCH 5/5] ArmPkg/CpuDxe: switch to read-only page tables at EndOfDxe
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jan 2019 07:15:28 -0000
Content-Transfer-Encoding: 8bit

Register for the EndOfDxe event, and use it to invoke the new
ArmMmuLib code that remaps all page tables as read-only. This
should limit the impact of arbitrary write exploits, since they
can no longer be abused to modify tightened memory permissions.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 ArmPkg/Drivers/CpuDxe/CpuDxe.c   | 23 ++++++++++++++++++++
 ArmPkg/Drivers/CpuDxe/CpuDxe.inf |  1 +
 2 files changed, 24 insertions(+)

diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c
index 5e923d45b715..11f4a2ccf5c8 100644
--- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c
+++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c
@@ -238,6 +238,17 @@ InitializeDma (
   CpuArchProtocol->DmaBufferAlignment = ArmCacheWritebackGranule ();
 }
 
+STATIC
+VOID
+EFIAPI
+OnEndOfDxe (
+  IN EFI_EVENT                Event,
+  IN VOID                     *Context
+  )
+{
+  MapAllPageTablesReadOnly ();
+}
+
 EFI_STATUS
 CpuDxeInitialize (
   IN EFI_HANDLE         ImageHandle,
@@ -246,6 +257,7 @@ CpuDxeInitialize (
 {
   EFI_STATUS  Status;
   EFI_EVENT    IdleLoopEvent;
+  EFI_EVENT    EndOfDxeEvent;
 
   InitializeExceptions (&mCpu);
 
@@ -285,5 +297,16 @@ CpuDxeInitialize (
                   );
   ASSERT_EFI_ERROR (Status);
 
+
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_CALLBACK,
+                  OnEndOfDxe,
+                  NULL,
+                  &gEfiEndOfDxeEventGroupGuid,
+                  &EndOfDxeEvent
+                  );
+  ASSERT_EFI_ERROR (Status);
+
   return Status;
 }
diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
index c32d2cb9c7d4..0788a2ab27c0 100644
--- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
+++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
@@ -63,6 +63,7 @@
 
 [Guids]
   gEfiDebugImageInfoTableGuid
+  gEfiEndOfDxeEventGroupGuid
   gArmMpCoreInfoGuid
   gIdleLoopEventGuid
   gEfiVectorHandoffTableGuid
-- 
2.20.1