From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.6159.1591777078941542949 for ; Wed, 10 Jun 2020 01:17:59 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ard.biesheuvel@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9C90931B; Wed, 10 Jun 2020 01:17:58 -0700 (PDT) Received: from localhost.localdomain (unknown [10.37.8.184]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 116533F6CF; Wed, 10 Jun 2020 01:17:56 -0700 (PDT) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael D Kinney , Liming Gao , Jiewen Yao , Sami Mujawar , Ilias Apalodimas Subject: [PATCH 5/5] StandaloneMmPkg/StandaloneMmCoreEntryPoint: relocate StMM core on the fly Date: Wed, 10 Jun 2020 10:17:40 +0200 Message-Id: <20200610081740.54581-6-ard.biesheuvel@arm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200610081740.54581-1-ard.biesheuvel@arm.com> References: <20200610081740.54581-1-ard.biesheuvel@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Apply PE/COFF fixups when starting up the standalone MM core, so that it can execute at any address regardless of the link time address. Note that this requires the PE/COFF image to be emitted with its relocation section preserved. Special care is taken to ensure that TE images are dealt with correctly as well. Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Include/Library/AArch64/StandaloneMmCoreEntryPoint.h = | 2 ++ StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.= c | 11 +++++++--- StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/StandaloneMmCor= eEntryPoint.c | 22 ++++++++++++++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/StandaloneMmPkg/Include/Library/AArch64/StandaloneMmCoreEntryP= oint.h b/StandaloneMmPkg/Include/Library/AArch64/StandaloneMmCoreEntryPoint= .h index 494bcf3dc28f..a3420699e6f1 100644 --- a/StandaloneMmPkg/Include/Library/AArch64/StandaloneMmCoreEntryPoint.h +++ b/StandaloneMmPkg/Include/Library/AArch64/StandaloneMmCoreEntryPoint.h @@ -82,6 +82,7 @@ EFI_STATUS EFIAPI=0D UpdateMmFoundationPeCoffPermissions (=0D IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,=0D + IN EFI_PHYSICAL_ADDRESS ImageBase,=0D IN UINT32 SectionHeaderOffset,=0D IN CONST UINT16 NumberOfSections,=0D IN REGION_PERMISSION_UPDATE_FUNC TextUpdater,=0D @@ -107,6 +108,7 @@ EFIAPI GetStandaloneMmCorePeCoffSections (=0D IN VOID *TeData,=0D IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,=0D + OUT EFI_PHYSICAL_ADDRESS *ImageBase,=0D IN OUT UINT32 *SectionHeaderOffset,=0D IN OUT UINT16 *NumberOfSections=0D );=0D diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Set= Permissions.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/= SetPermissions.c index 00f49c9d0558..bf9650d54629 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermiss= ions.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermiss= ions.c @@ -29,6 +29,7 @@ EFI_STATUS EFIAPI=0D UpdateMmFoundationPeCoffPermissions (=0D IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,=0D + IN EFI_PHYSICAL_ADDRESS ImageBase,=0D IN UINT32 SectionHeaderOffset,=0D IN CONST UINT16 NumberOfSections,=0D IN REGION_PERMISSION_UPDATE_FUNC TextUpdater,=0D @@ -87,7 +88,7 @@ UpdateMmFoundationPeCoffPermissions ( // if it is a writeable section then mark it appropriately as well.=0D //=0D if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) =3D=3D= 0) {=0D - Base =3D ImageContext->ImageAddress + SectionHeader.VirtualAddress;= =0D + Base =3D ImageBase + SectionHeader.VirtualAddress;=0D =0D TextUpdater (Base, SectionHeader.Misc.VirtualSize);=0D =0D @@ -153,6 +154,7 @@ STATIC EFI_STATUS=0D GetPeCoffSectionInformation (=0D IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,=0D + OUT EFI_PHYSICAL_ADDRESS *ImageBase,=0D OUT UINT32 *SectionHeaderOffset,=0D OUT UINT16 *NumberOfSections=0D )=0D @@ -212,6 +214,7 @@ GetPeCoffSectionInformation ( return Status;=0D }=0D =0D + *ImageBase =3D ImageContext->ImageAddress;=0D if (!ImageContext->IsTeImage) {=0D ASSERT (Hdr.Pe32->Signature =3D=3D EFI_IMAGE_NT_SIGNATURE);=0D =0D @@ -232,7 +235,7 @@ GetPeCoffSectionInformation ( } else {=0D *SectionHeaderOffset =3D (UINTN)(sizeof (EFI_TE_IMAGE_HEADER));=0D *NumberOfSections =3D Hdr.Te->NumberOfSections;=0D - ImageContext->ImageAddress -=3D (UINT32)Hdr.Te->StrippedSize - sizeof = (EFI_TE_IMAGE_HEADER);=0D + *ImageBase -=3D (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HE= ADER);=0D }=0D return RETURN_SUCCESS;=0D }=0D @@ -242,6 +245,7 @@ EFIAPI GetStandaloneMmCorePeCoffSections (=0D IN VOID *TeData,=0D IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,=0D + OUT EFI_PHYSICAL_ADDRESS *ImageBase,=0D IN OUT UINT32 *SectionHeaderOffset,=0D IN OUT UINT16 *NumberOfSections=0D )=0D @@ -255,7 +259,8 @@ GetStandaloneMmCorePeCoffSections ( =0D DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData));=0D =0D - Status =3D GetPeCoffSectionInformation (ImageContext, SectionHeaderOffse= t, NumberOfSections);=0D + Status =3D GetPeCoffSectionInformation (ImageContext, ImageBase,=0D + SectionHeaderOffset, NumberOfSections);=0D if (EFI_ERROR (Status)) {=0D DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Sect= ion information - %r\n", Status));=0D return Status;=0D diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Sta= ndaloneMmCoreEntryPoint.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPo= int/AArch64/StandaloneMmCoreEntryPoint.c index 20723385113f..9cecfa667b90 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Standalone= MmCoreEntryPoint.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Standalone= MmCoreEntryPoint.c @@ -225,6 +225,7 @@ _ModuleEntryPoint ( VOID *HobStart;=0D VOID *TeData;=0D UINTN TeDataSize;=0D + EFI_PHYSICAL_ADDRESS ImageBase;=0D =0D // Get Secure Partition Manager Version Information=0D Status =3D GetSpmVersion ();=0D @@ -253,6 +254,7 @@ _ModuleEntryPoint ( Status =3D GetStandaloneMmCorePeCoffSections (=0D TeData,=0D &ImageContext,=0D + &ImageBase,=0D &SectionHeaderOffset,=0D &NumberOfSections=0D );=0D @@ -261,10 +263,21 @@ _ModuleEntryPoint ( goto finish;=0D }=0D =0D + //=0D + // ImageBase may deviate from ImageContext.ImageAddress if we are dealin= g=0D + // with a TE image, in which case the latter points to the actual offset= =0D + // of the image, whereas ImageBase refers to the address where the image= =0D + // would start if the stripped PE headers were still in place. In either= =0D + // case, we need to fix up ImageBase so it refers to the actual current= =0D + // load address.=0D + //=0D + ImageBase +=3D (UINTN)TeData - ImageContext.ImageAddress;=0D +=0D // Update the memory access permissions of individual sections in the=0D // Standalone MM core module=0D Status =3D UpdateMmFoundationPeCoffPermissions (=0D &ImageContext,=0D + ImageBase,=0D SectionHeaderOffset,=0D NumberOfSections,=0D ArmSetMemoryRegionNoExec,=0D @@ -276,6 +289,15 @@ _ModuleEntryPoint ( goto finish;=0D }=0D =0D + if (ImageContext.ImageAddress !=3D (UINTN)TeData) {=0D + ImageContext.ImageAddress =3D (UINTN)TeData;=0D + ArmSetMemoryRegionNoExec (ImageBase, SIZE_4KB);=0D + ArmClearMemoryRegionReadOnly (ImageBase, SIZE_4KB);=0D +=0D + Status =3D PeCoffLoaderRelocateImage (&ImageContext);=0D + ASSERT_EFI_ERROR (Status);=0D + }=0D +=0D //=0D // Create Hoblist based upon boot information passed by privileged softw= are=0D //=0D --=20 2.26.2