From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.32029.1679914943208577625 for ; Mon, 27 Mar 2023 04:02:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cOlERLe3; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C0824611B2; Mon, 27 Mar 2023 11:02:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AA4CDC433D2; Mon, 27 Mar 2023 11:02:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1679914942; bh=nMXQZ4sU8HyM5c1ZH9JA7S9d2terHM4WgEECJilshog=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cOlERLe3UxG1ps+LfoPog5lV/LeqYw35/J2yZ0RxRB7s9Ij1fcZShAfVmnbEBp6wz YFOkSZ2qUEz8Kp9N+gBp3XyAWdm5O/e+3Qy2E0f0JUk3dbWYC/KIUxxONozJaY6HPR 5NvPEHdoTXQKG3+0HO9/DqPtv3RQRt+Kr9N44I1kPHOg3zMaup8jvGHTbupprNFW7N Vwg22tDHoXiVmJAFHBUDcNVp4Ny1ra8G6A48XnzYS7YDNebcbFAa8a18QkhTTqIddA aPOGL3OMZ+rZ/9rxND+OrAXBlyNFK6vTOtC8WM9FIrSMRCX+J/X7znJX572V3mVeee LUR+H0qyaEPlA== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= , Bob Feng Subject: [PATCH v2 17/17] MdeModulePkg: Enable forward edge CFI in mem attributes table Date: Mon, 27 Mar 2023 13:01:12 +0200 Message-Id: <20230327110112.262503-18-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230327110112.262503-1-ardb@kernel.org> References: <20230327110112.262503-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The memory attributes table has been extended with a flag that indicates whether or not the OS is permitted to map the EFI runtime code regions with strict enforcement for IBT/BTI landing pad instructions. Given that the PE/COFF spec now defines a DllCharacteristicsEx flag that indicates whether or not a loaded image is compatible with this, we can wire this up to the flag in the memory attributes table, and set it if all loaded runtime image are compatible with it. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/DxeMain.h | 2 ++ MdeModulePkg/Core/Dxe/Image/Image.c | 10 ++++++++++ MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 +++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index 815a6b4bd844a452..43daa037be441150 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformat= ion[EfiMaxMemoryType + 1] extern BOOLEAN gDispatcherRunning;=0D extern EFI_RUNTIME_ARCH_PROTOCOL gRuntimeTemplate;=0D =0D +extern BOOLEAN gMemoryAttributesTableForwardCfi;=0D +=0D extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE gLoadModuleAtFixAddress= ConfigurationTable;=0D extern BOOLEAN gLoadFixedAddressCodeMe= moryReady;=0D //=0D diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Im= age/Image.c index 8704ebea9a7c88c0..9dbfb2a1fad22ced 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -1399,6 +1399,16 @@ CoreLoadImageCommon ( CoreNewDebugImageInfoEntry (EFI_DEBUG_IMAGE_INFO_TYPE_NORMAL, &Image->= Info, Image->Handle);=0D }=0D =0D + //=0D + // Check whether we are loading a runtime image that lacks support for=0D + // IBT/BTI landing pads.=0D + //=0D + if ((Image->ImageContext.ImageCodeMemoryType =3D=3D EfiRuntimeServicesCo= de) &&=0D + ((Image->ImageContext.DllCharacteristicsEx & EFI_IMAGE_DLLCHARACTERI= STICS_EX_FORWARD_CFI_COMPAT) =3D=3D 0))=0D + {=0D + gMemoryAttributesTableForwardCfi =3D FALSE;=0D + }=0D +=0D //=0D // Reinstall loaded image protocol to fire any notifications=0D //=0D diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModule= Pkg/Core/Dxe/Misc/MemoryAttributesTable.c index e079213711875f89..fd127ee167e1ac9a 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -89,6 +89,7 @@ BOOLEAN mMemoryAttributesTableEnable= =3D TRUE; BOOLEAN mMemoryAttributesTableEndOfDxe =3D FALSE;= =0D EFI_MEMORY_ATTRIBUTES_TABLE *mMemoryAttributesTable =3D NULL;=0D BOOLEAN mMemoryAttributesTableReadyToBoot =3D FALSE;= =0D +BOOLEAN gMemoryAttributesTableForwardCfi =3D TRUE;=0D =0D /**=0D Install MemoryAttributesTable.=0D @@ -182,7 +183,12 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version =3D EFI_MEMORY_ATTRIBUTES_TABLE_V= ERSION;=0D MemoryAttributesTable->NumberOfEntries =3D RuntimeEntryCount;=0D MemoryAttributesTable->DescriptorSize =3D (UINT32)DescriptorSize;=0D - MemoryAttributesTable->Reserved =3D 0;=0D + if (gMemoryAttributesTableForwardCfi) {=0D + MemoryAttributesTable->Flags =3D EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWAR= D_CONTROL_FLOW_GUARD;=0D + } else {=0D + MemoryAttributesTable->Flags =3D 0;=0D + }=0D +=0D DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));=0D DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttrib= utesTable->Version));=0D DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttrib= utesTable->NumberOfEntries));=0D --=20 2.39.2