public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: "Ard Biesheuvel" <ardb@kernel.org>,
	"Michael Kinney" <michael.d.kinney@intel.com>,
	"Liming Gao" <gaoliming@byosoft.com.cn>,
	"Jiewen Yao" <jiewen.yao@intel.com>,
	"Michael Kubacki" <michael.kubacki@microsoft.com>,
	"Sean Brogan" <sean.brogan@microsoft.com>,
	"Rebecca Cran" <quic_rcran@quicinc.com>,
	"Leif Lindholm" <quic_llindhol@quicinc.com>,
	"Sami Mujawar" <sami.mujawar@arm.com>,
	"Taylor Beebe" <t@taylorbeebe.com>,
	"Marvin Häuser" <mhaeuser@posteo.de>
Subject: [RFC PATCH v2 6/7] MdeModulePkg: Enable forward edge CFI in mem attributes table
Date: Fri,  3 Feb 2023 13:10:28 +0100	[thread overview]
Message-ID: <20230203121029.2451394-7-ardb@kernel.org> (raw)
In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org>

The memory attributes table has been extended with a flag that indicates
whether or not the OS is permitted to map the EFI runtime code regions
with strict enforcement for IBT/BTI landing pad instructions.

The PE/COFF loader will now keep track of whether loaded images are
constructed in the expected manner, so set the new flag if all loaded
runtime images were constructed with forward edge control flow guards.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/Dxe/DxeMain.h                    | 2 ++
 MdeModulePkg/Core/Dxe/Image/Image.c                | 9 +++++++++
 MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 +++++++-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index 815a6b4bd844..427a5fc78f72 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION  gMemoryTypeInformation[EfiMaxMemoryType + 1]
 extern BOOLEAN                    gDispatcherRunning;
 extern EFI_RUNTIME_ARCH_PROTOCOL  gRuntimeTemplate;
 
+extern BOOLEAN                    gMemoryAttributesTableForwardCfi;
+
 extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE  gLoadModuleAtFixAddressConfigurationTable;
 extern BOOLEAN                                     gLoadFixedAddressCodeMemoryReady;
 //
diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
index 06cc6744b8c6..eac0b859a7f7 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -1398,6 +1398,15 @@ CoreLoadImageCommon (
     CoreNewDebugImageInfoEntry (EFI_DEBUG_IMAGE_INFO_TYPE_NORMAL, &Image->Info, Image->Handle);
   }
 
+  //
+  // If we loaded a runtime DXE driver, take into account whether or not it was built
+  // with forward edge control flow guards. We can only expose support for forward edge
+  // control flow to the OS if all loaded runtime images support it.
+  //
+  if (Image->ImageContext.ImageCodeMemoryType == EfiRuntimeServicesCode) {
+    gMemoryAttributesTableForwardCfi &= Image->ImageContext.HasForwardControlFlowGuards;
+  }
+
   //
   // Reinstall loaded image protocol to fire any notifications
   //
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
index 82fa026bceb9..d6983f830452 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
@@ -89,6 +89,7 @@ BOOLEAN                      mMemoryAttributesTableEnable      = TRUE;
 BOOLEAN                      mMemoryAttributesTableEndOfDxe    = FALSE;
 EFI_MEMORY_ATTRIBUTES_TABLE  *mMemoryAttributesTable           = NULL;
 BOOLEAN                      mMemoryAttributesTableReadyToBoot = FALSE;
+BOOLEAN                      gMemoryAttributesTableForwardCfi  = TRUE;
 
 /**
   Install MemoryAttributesTable.
@@ -182,11 +183,16 @@ InstallMemoryAttributesTable (
   MemoryAttributesTable->Version         = EFI_MEMORY_ATTRIBUTES_TABLE_VERSION;
   MemoryAttributesTable->NumberOfEntries = RuntimeEntryCount;
   MemoryAttributesTable->DescriptorSize  = (UINT32)DescriptorSize;
-  MemoryAttributesTable->Flags           = 0;
+  if (gMemoryAttributesTableForwardCfi) {
+    MemoryAttributesTable->Flags         = EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD;
+  } else {
+    MemoryAttributesTable->Flags         = 0;
+  }
   DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));
   DEBUG ((DEBUG_VERBOSE, "  Version              - 0x%08x\n", MemoryAttributesTable->Version));
   DEBUG ((DEBUG_VERBOSE, "  NumberOfEntries      - 0x%08x\n", MemoryAttributesTable->NumberOfEntries));
   DEBUG ((DEBUG_VERBOSE, "  DescriptorSize       - 0x%08x\n", MemoryAttributesTable->DescriptorSize));
+  DEBUG ((DEBUG_VERBOSE, "  Flags                - 0x%08x\n", MemoryAttributesTable->Flags));
   MemoryAttributesEntry = (EFI_MEMORY_DESCRIPTOR *)(MemoryAttributesTable + 1);
   MemoryMap             = MemoryMapStart;
   for (Index = 0; Index < MemoryMapSize/DescriptorSize; Index++) {
-- 
2.39.1


  parent reply	other threads:[~2023-02-03 12:11 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-03 12:10 [RFC PATCH v2 0/7] enable IBT/BTI codegen and reporting to the OS Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 1/7] MdePkg: Update MemoryAttributesTable to v2.10 Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 2/7] MdePkg/BasePeCoffLib: Move RISC-V definitions out of generic header Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 3/7] MdePkg/BasePeCoffLib: Clean up stale Itanium references in comments Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 4/7] MdePkg/BasePeCoffLib: Add generic plumbing to detect IBT/BTI support Ard Biesheuvel
2023-02-03 12:10 ` [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64: Implement fwd control flow guard detection Ard Biesheuvel
2023-02-03 12:10 ` Ard Biesheuvel [this message]
2023-02-03 12:10 ` [RFC PATCH v2 7/7] ArmVirtPkg: Implement BTI for runtime regions Ard Biesheuvel
2023-02-03 12:33   ` [edk2-devel] " Michael Brown
2023-02-03 12:55     ` Ard Biesheuvel
2023-02-03 12:58       ` Michael Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230203121029.2451394-7-ardb@kernel.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox