From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.8775.1675426272139983590
 for <devel@edk2.groups.io>;
 Fri, 03 Feb 2023 04:11:12 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oNn6puph;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 9BB4161F0E;
	Fri,  3 Feb 2023 12:11:11 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id A7F59C433A1;
	Fri,  3 Feb 2023 12:11:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1675426271;
	bh=G4FrXWyEwJMdXOHI2OLnBEJUxRGuAiBISH2+gTknles=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=oNn6puphOCSqpVtA8cxx7Fz/hhx5x1rtXvQ7rdsCp3Xe3akmoiaNyH9jMKxw0ZtPE
	 OvuuELCKRSpDDaTqXEy5rlkPVFQHSj5W+czh0wDZtw7nmsujQOkh1X0U9vNsSjVhGq
	 ncX++mzsLlIPq4MojygZBQgAYkbED+e9HSDovUCD2+O5jI3Dnn9bgianUQmJ2+SrlO
	 BARCAQ1rRUhmmNLVgEPT0Jr3n0DmqvRukhXqDlTLN/okoMMZ3eqIuE7YKOnGh3fq//
	 xPc4KG8v47ANS14O/INj7ZFsAAY2wujcBP1C9g8esPt8fPP2I6BPvZslRBsb0R/TFq
	 Fl3nwD0oifE3A==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	=?UTF-8?q?Marvin=20H=C3=A4user?= <mhaeuser@posteo.de>
Subject: [RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support
Date: Fri,  3 Feb 2023 13:10:26 +0100
Message-Id: <20230203121029.2451394-5-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org>
References: <20230203121029.2451394-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Add an internal helper that detects whether or not a loaded PE/COFF
image was built with support for forward edge control flow guards.

The default implementation will return FALSE, architectures can
specialize this based on arch specific criteria.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdePkg/Include/Library/PeCoffLib.h                      |  5 +++++
 MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c       | 16 +++++++++++++=
+++
 MdePkg/Library/BasePeCoffLib/BasePeCoff.c               |  7 +++++--
 MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h   | 13 +++++++++++++
 MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c | 16 +++++++++++++=
+++
 MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c           | 16 +++++++++++++=
+++
 MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c     | 16 +++++++++++++=
+++
 7 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/MdePkg/Include/Library/PeCoffLib.h b/MdePkg/Include/Library/Pe=
CoffLib.h
index b45879453785..98988e566001 100644
--- a/MdePkg/Include/Library/PeCoffLib.h
+++ b/MdePkg/Include/Library/PeCoffLib.h
@@ -182,6 +182,11 @@ typedef struct {
   ///=0D
   BOOLEAN                     IsTeImage;=0D
   ///=0D
+  /// Set by PeCoffLoaderGetImageInfo() to TRUE if the image's entrypoint =
has=0D
+  /// a forward control flow guard instruction, such as ENDBR on X86 for I=
BT.=0D
+  ///=0D
+  BOOLEAN                     HasForwardControlFlowGuards;=0D
+  ///=0D
   /// Set by PeCoffLoaderLoadImage() to the HII resource offset=0D
   /// if the image contains a custom PE/COFF resource with the type 'HII'.=
=0D
   /// Otherwise, the entry remains to be 0.=0D
diff --git a/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c b/MdePkg/Lib=
rary/BasePeCoffLib/Arm/PeCoffLoaderEx.c
index 595377bed661..82d9f548ca54 100644
--- a/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/Arm/PeCoffLoaderEx.c
@@ -234,3 +234,19 @@ PeHotRelocateImageEx (
 =0D
   return RETURN_SUCCESS;=0D
 }=0D
+=0D
+/**=0D
+  Returns whether the image implements forward control flow guards.=0D
+=0D
+  @param  ImageContext      The context of the image being loaded.=0D
+=0D
+  @return TRUE if the image implements forward control flow guards=0D
+=0D
+**/=0D
+BOOLEAN=0D
+PeCoffLoaderCheckForwardControlFlowGuards (=0D
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,=0D
+  )=0D
+{=0D
+  return FALSE;=0D
+}=0D
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/Bas=
ePeCoffLib/BasePeCoff.c
index 85ada399e303..8886b3d3feff 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -545,8 +545,9 @@ PeCoffLoaderGetPeHeader (
   Retrieves information about a PE/COFF image.=0D
 =0D
   Computes the PeCoffHeaderOffset, IsTeImage, ImageType, ImageAddress, Ima=
geSize,=0D
-  DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders=
, and=0D
-  DebugDirectoryEntryRva fields of the ImageContext structure.=0D
+  DestinationAddress, RelocationsStripped, SectionAlignment, SizeOfHeaders=
,=0D
+  DebugDirectoryEntryRva and HasForwardControlFlowGuards fields of the=0D
+  ImageContext structure.=0D
   If ImageContext is NULL, then return RETURN_INVALID_PARAMETER.=0D
   If the PE/COFF image accessed through the ImageRead service in the Image=
Context=0D
   structure is not a supported PE/COFF image type, then return RETURN_UNSU=
PPORTED.=0D
@@ -1429,6 +1430,8 @@ PeCoffLoaderLoadImage (
                                                           );=0D
   }=0D
 =0D
+  ImageContext->HasForwardControlFlowGuards =3D PeCoffLoaderCheckForwardCo=
ntrolFlowGuards (ImageContext);=0D
+=0D
   //=0D
   // Determine the size of the fixup data=0D
   //=0D
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h b/MdePkg=
/Library/BasePeCoffLib/BasePeCoffLibInternals.h
index a29a6febe98f..3bf1b7f535fd 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLibInternals.h
@@ -119,4 +119,17 @@ PeCoffLoaderImageAddress (
   IN     UINTN                         TeStrippedOffset=0D
   );=0D
 =0D
+/**=0D
+  Returns whether the image implements forward control flow guards.=0D
+=0D
+  @param  ImageContext      The context of the image being loaded.=0D
+=0D
+  @return TRUE if the image implements forward control flow guards=0D
+=0D
+**/=0D
+BOOLEAN=0D
+PeCoffLoaderCheckForwardControlFlowGuards (=0D
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext=0D
+  );=0D
+=0D
 #endif=0D
diff --git a/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c b/MdeP=
kg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c
index 417096f33493..b3d01f0a4be9 100644
--- a/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/LoongArch/PeCoffLoaderEx.c
@@ -135,3 +135,19 @@ PeHotRelocateImageEx (
   // To check=0D
   return PeCoffLoaderRelocateImageEx (Reloc, Fixup, FixupData, Adjust);=0D
 }=0D
+=0D
+/**=0D
+  Returns whether the image implements forward control flow guards.=0D
+=0D
+  @param  ImageContext      The context of the image being loaded.=0D
+=0D
+  @return TRUE if the image implements forward control flow guards=0D
+=0D
+**/=0D
+BOOLEAN=0D
+PeCoffLoaderCheckForwardControlFlowGuards (=0D
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,=0D
+  )=0D
+{=0D
+  return FALSE;=0D
+}=0D
diff --git a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c b/MdePkg/Library=
/BasePeCoffLib/PeCoffLoaderEx.c
index f7cade4d7d4e..43f346e0aadb 100644
--- a/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/PeCoffLoaderEx.c
@@ -80,3 +80,19 @@ PeHotRelocateImageEx (
 {=0D
   return RETURN_UNSUPPORTED;=0D
 }=0D
+=0D
+/**=0D
+  Returns whether the image implements forward control flow guards.=0D
+=0D
+  @param  ImageContext      The context of the image being loaded.=0D
+=0D
+  @return TRUE if the image implements forward control flow guards=0D
+=0D
+**/=0D
+BOOLEAN=0D
+PeCoffLoaderCheckForwardControlFlowGuards (=0D
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,=0D
+  )=0D
+{=0D
+  return FALSE;=0D
+}=0D
diff --git a/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c b/MdePkg/L=
ibrary/BasePeCoffLib/RiscV/PeCoffLoaderEx.c
index 71daf7fe4554..88dc9bd9b89e 100644
--- a/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c
+++ b/MdePkg/Library/BasePeCoffLib/RiscV/PeCoffLoaderEx.c
@@ -143,3 +143,19 @@ PeHotRelocateImageEx (
 {=0D
   return RETURN_UNSUPPORTED;=0D
 }=0D
+=0D
+/**=0D
+  Returns whether the image implements forward control flow guards.=0D
+=0D
+  @param  ImageContext      The context of the image being loaded.=0D
+=0D
+  @return TRUE if the image implements forward control flow guards=0D
+=0D
+**/=0D
+BOOLEAN=0D
+PeCoffLoaderCheckForwardControlFlowGuards (=0D
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext,=0D
+  )=0D
+{=0D
+  return FALSE;=0D
+}=0D
--=20
2.39.1