[RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: "Ard Biesheuvel" <ardb@kernel.org>,
	"Michael Kinney" <michael.d.kinney@intel.com>,
	"Liming Gao" <gaoliming@byosoft.com.cn>,
	"Jiewen Yao" <jiewen.yao@intel.com>,
	"Michael Kubacki" <michael.kubacki@microsoft.com>,
	"Sean Brogan" <sean.brogan@microsoft.com>,
	"Rebecca Cran" <quic_rcran@quicinc.com>,
	"Leif Lindholm" <quic_llindhol@quicinc.com>,
	"Sami Mujawar" <sami.mujawar@arm.com>,
	"Taylor Beebe" <t@taylorbeebe.com>,
	"Marvin Häuser" <mhaeuser@posteo.de>
Subject: [RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support
Date: Fri,  3 Feb 2023 13:10:26 +0100	[thread overview]
Message-ID: <20230203121029.2451394-5-ardb@kernel.org> (raw)
In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org>

Add an internal helper that detects whether or not a loaded PE/COFF
image was built with support for forward edge control flow guards.

The default implementation will return FALSE, architectures can
specialize this based on arch specific criteria.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdePkg/Include/Library/PeCoffLib.h                      |  5 +++++
 MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c       | 16 ++++++++++++++++
 MdePkg/Library/BasePeCoffLib/BasePeCoff.c               |  7 +++++--
 MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h   | 13 +++++++++++++
 MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c | 16 ++++++++++++++++
 MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c           | 16 ++++++++++++++++
 MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c     | 16 ++++++++++++++++
 7 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Library/PeCoffLib.h b/MdePkg/Include/Library/PeCoffLib.h
index b45879453785..98988e566001 100644
--- a/MdePkg/Include/Library/PeCoffLib.h
+++ b/MdePkg/Include/Library/PeCoffLib.h
@@ -182,6 +182,11 @@ typedef struct {
   ///
   BOOLEAN                     IsTeImage;
   ///
+  /// Set by PeCoffLoaderGetImageInfo() to TRUE if the image's entrypoint has
+  /// a forward control flow guard instruction, such as ENDBR on X86 for IBT.
+  ///
+  BOOLEAN                     HasForwardControlFlowGuards;
+  ///
   /// Set by PeCoffLoaderLoadImage() to the HII resource offset
   /// if the image contains a custom PE/COFF resource with the type 'HII'.
   /// Otherwise, the entry remains to be 0.
diff --git a/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c b/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c
index 595377bed661..82d9f548ca54 100644
--- a/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c
@@ -234,3 +234,19 @@ PeHotRelocateImageEx (
 
   return RETURN_SUCCESS;
 }
+
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,
+  )
+{
+  return FALSE;
+}
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 85ada399e303..8886b3d3feff 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -545,8 +545,9 @@ PeCoffLoaderGetPeHeader (
   Retrieves information about a PE/COFF image.
 
   Computes the PeCoffHeaderOffset, IsTeImage, ImageType, ImageAddress, ImageSize,
-  DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders, and
-  DebugDirectoryEntryRva fields of the ImageContext structure.
+  DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders,
+  DebugDirectoryEntryRva and HasForwardControlFlowGuards fields of the
+  ImageContext structure.
   If ImageContext is NULL, then return RETURN_INVALID_PARAMETER.
   If the PE/COFF image accessed through the ImageRead service in the ImageContext
   structure is not a supported PE/COFF image type, then return RETURN_UNSUPPORTED.
@@ -1429,6 +1430,8 @@ PeCoffLoaderLoadImage (
                                                           );
   }
 
+  ImageContext->HasForwardControlFlowGuards = PeCoffLoaderCheckForwardControlFlowGuards (ImageContext);
+
   //
   // Determine the size of the fixup data
   //
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h b/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h
index a29a6febe98f..3bf1b7f535fd 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h
@@ -119,4 +119,17 @@ PeCoffLoaderImageAddress (
   IN     UINTN                         TeStrippedOffset
   );
 
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext
+  );
+
 #endif
diff --git a/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c b/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c
index 417096f33493..b3d01f0a4be9 100644
--- a/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c
@@ -135,3 +135,19 @@ PeHotRelocateImageEx (
   // To check
   return PeCoffLoaderRelocateImageEx (Reloc, Fixup, FixupData, Adjust);
 }
+
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,
+  )
+{
+  return FALSE;
+}
diff --git a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c b/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c
index f7cade4d7d4e..43f346e0aadb 100644
--- a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c
@@ -80,3 +80,19 @@ PeHotRelocateImageEx (
 {
   return RETURN_UNSUPPORTED;
 }
+
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,
+  )
+{
+  return FALSE;
+}
diff --git a/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c b/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c
index 71daf7fe4554..88dc9bd9b89e 100644
--- a/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c
@@ -143,3 +143,19 @@ PeHotRelocateImageEx (
 {
   return RETURN_UNSUPPORTED;
 }
+
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,
+  )
+{
+  return FALSE;
+}
-- 
2.39.1

next prev parent reply	other threads:[~2023-02-03 12:11 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-03 12:10 [RFC PATCH v2 0/7] enable IBT/BTI codegen and reporting to the OS Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 1/7] MdePkg: Update MemoryAttributesTable to v2.10 Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 2/7] MdePkg/BasePeCoffLib: Move RISC-V definitions out of generic header Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 3/7] MdePkg/BasePeCoffLib: Clean up stale Itanium references in comments Ard Biesheuvel
2023-02-03 12:10 ` Ard Biesheuvel [this message]
2023-02-03 12:10 ` [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64: Implement fwd control flow guard detection Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 6/7] MdeModulePkg: Enable forward edge CFI in mem attributes table Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions Ard Biesheuvel
2023-02-03 12:33   ` [edk2-devel] " Michael Brown
2023-02-03 12:55     ` Ard Biesheuvel
2023-02-03 12:58       ` Michael Brown

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b4587945378 dfblob:98988e56600 dfblob:595377bed66
dfblob:82d9f548ca5 dfblob:85ada399e30 dfblob:8886b3d3fef
dfblob:a29a6febe98 dfblob:3bf1b7f535f dfblob:417096f3349
dfblob:b3d01f0a4be dfblob:f7cade4d7d4 dfblob:43f346e0aad
dfblob:71daf7fe455 dfblob:88dc9bd9b89 )
 OR (
bs:"[RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230203121029.2451394-5-ardb@kernel.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox