From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.9006.1675426277723602966 for ; Fri, 03 Feb 2023 04:11:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ekBuC2JE; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3929B61F09; Fri, 3 Feb 2023 12:11:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 485C4C433EF; Fri, 3 Feb 2023 12:11:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1675426276; bh=ePFycDD8hDIALuti20l88dy2T2r8mNCcpZ0ozkdSqgI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ekBuC2JEfEH6thI7FAu39hbeE8YPcCtPoNIRKfO3juwCVjluxVw+CaP57ZHdyT9CI uXVcHvWjjT0k7QZ+nYve9yzxeYVR2q4qd/3IMoeSc3lnMtFxzgY/E5ovhHGloqqmRD PThu8yMoACnWmbpK8EbEGAZ7dM6KDOyzWJmKz+aSy3bMFzu4Au2ZE8iurl0vr2vDHc tew5RZ7JV+iqMHQzwl9p4SCpHxFtcR6f3cLIezQqBB7LivpqV4t5UWWoywivAzyroR S56kX6V1vFOLoYG8zaa4iIbVO0CUh3xVbqo8vh0EedLtFwgLSZGyIELTpxLCjL7fUe Y3OfwRyz7puaQ== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= Subject: [RFC PATCH v2 6/7] MdeModulePkg: Enable forward edge CFI in mem attributes table Date: Fri, 3 Feb 2023 13:10:28 +0100 Message-Id: <20230203121029.2451394-7-ardb@kernel.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230203121029.2451394-1-ardb@kernel.org> References: <20230203121029.2451394-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The memory attributes table has been extended with a flag that indicates whether or not the OS is permitted to map the EFI runtime code regions with strict enforcement for IBT/BTI landing pad instructions. The PE/COFF loader will now keep track of whether loaded images are constructed in the expected manner, so set the new flag if all loaded runtime images were constructed with forward edge control flow guards. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/DxeMain.h | 2 ++ MdeModulePkg/Core/Dxe/Image/Image.c | 9 +++++++++ MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 +++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index 815a6b4bd844..427a5fc78f72 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformat= ion[EfiMaxMemoryType + 1] extern BOOLEAN gDispatcherRunning;=0D extern EFI_RUNTIME_ARCH_PROTOCOL gRuntimeTemplate;=0D =0D +extern BOOLEAN gMemoryAttributesTableForwardCfi;=0D +=0D extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE gLoadModuleAtFixAddress= ConfigurationTable;=0D extern BOOLEAN gLoadFixedAddressCodeMe= moryReady;=0D //=0D diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Im= age/Image.c index 06cc6744b8c6..eac0b859a7f7 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -1398,6 +1398,15 @@ CoreLoadImageCommon ( CoreNewDebugImageInfoEntry (EFI_DEBUG_IMAGE_INFO_TYPE_NORMAL, &Image->= Info, Image->Handle);=0D }=0D =0D + //=0D + // If we loaded a runtime DXE driver, take into account whether or not i= t was built=0D + // with forward edge control flow guards. We can only expose support for= forward edge=0D + // control flow to the OS if all loaded runtime images support it.=0D + //=0D + if (Image->ImageContext.ImageCodeMemoryType =3D=3D EfiRuntimeServicesCod= e) {=0D + gMemoryAttributesTableForwardCfi &=3D Image->ImageContext.HasForwardCo= ntrolFlowGuards;=0D + }=0D +=0D //=0D // Reinstall loaded image protocol to fire any notifications=0D //=0D diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModule= Pkg/Core/Dxe/Misc/MemoryAttributesTable.c index 82fa026bceb9..d6983f830452 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -89,6 +89,7 @@ BOOLEAN mMemoryAttributesTableEnable= =3D TRUE; BOOLEAN mMemoryAttributesTableEndOfDxe =3D FALSE;= =0D EFI_MEMORY_ATTRIBUTES_TABLE *mMemoryAttributesTable =3D NULL;=0D BOOLEAN mMemoryAttributesTableReadyToBoot =3D FALSE;= =0D +BOOLEAN gMemoryAttributesTableForwardCfi =3D TRUE;=0D =0D /**=0D Install MemoryAttributesTable.=0D @@ -182,11 +183,16 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version =3D EFI_MEMORY_ATTRIBUTES_TABLE_V= ERSION;=0D MemoryAttributesTable->NumberOfEntries =3D RuntimeEntryCount;=0D MemoryAttributesTable->DescriptorSize =3D (UINT32)DescriptorSize;=0D - MemoryAttributesTable->Flags =3D 0;=0D + if (gMemoryAttributesTableForwardCfi) {=0D + MemoryAttributesTable->Flags =3D EFI_MEMORY_ATTRIBUTES_FLAGS_R= T_FORWARD_CONTROL_FLOW_GUARD;=0D + } else {=0D + MemoryAttributesTable->Flags =3D 0;=0D + }=0D DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));=0D DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttrib= utesTable->Version));=0D DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttrib= utesTable->NumberOfEntries));=0D DEBUG ((DEBUG_VERBOSE, " DescriptorSize - 0x%08x\n", MemoryAttrib= utesTable->DescriptorSize));=0D + DEBUG ((DEBUG_VERBOSE, " Flags - 0x%08x\n", MemoryAttrib= utesTable->Flags));=0D MemoryAttributesEntry =3D (EFI_MEMORY_DESCRIPTOR *)(MemoryAttributesTabl= e + 1);=0D MemoryMap =3D MemoryMapStart;=0D for (Index =3D 0; Index < MemoryMapSize/DescriptorSize; Index++) {=0D --=20 2.39.1