From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.105361.1680622846596069386 for ; Tue, 04 Apr 2023 08:40:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gRd9A8mI; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2BA7F634F5; Tue, 4 Apr 2023 15:40:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DCA0AC433A0; Tue, 4 Apr 2023 15:40:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680622845; bh=R3XmuZ3JqtKliOTaY/RDBdSJcyNjR6JTIA8ARQATxlE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gRd9A8mIEOvxEaT6XTZiWKimcCk8yFEYT5b7s2TAg0Bsw7layLFTtnBb8BfJb/7cM tMPm+11E4T3Me1zOzT3UD1myi43aUB/yzC9hsYzWNCR5qgkqTu9Cq3bSM9mUrHjonS hDAYmbDSDuidLIchK9XbX48x4ldus5Qdc17/iVkWT9e+tetfbVsQ5pJqF2PAq5NXCF X5LHhMzluDEfnG/UBl1mxU/HuwQMrvwPD0Noeo4aA0OHYIu/kyxMIVV9cazmzOK9el LBxHjMU1OdLA3SJC68oOZOp15rfSGV6Mu1+/g92oH1wYU4H/WJVfX24txSVs9rFG9T mbSxU6s3hxIvA== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , =?UTF-8?q?Marvin=20H=C3=A4user?= , Bob Feng , Oliver Smith-Denny Subject: [PATCH v3 4/4] MdeModulePkg: Enable forward edge CFI in mem attributes table Date: Tue, 4 Apr 2023 17:40:22 +0200 Message-Id: <20230404154022.2776035-5-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230404154022.2776035-1-ardb@kernel.org> References: <20230404154022.2776035-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable The memory attributes table has been extended with a flag that indicates whether or not the OS is permitted to map the EFI runtime code regions with strict enforcement for IBT/BTI landing pad instructions. Given that the PE/COFF spec now defines a DllCharacteristicsEx flag that indicates whether or not a loaded image is compatible with this, we can wire this up to the flag in the memory attributes table, and set it if all loaded runtime image are compatible with it. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm Reviewed-by: Oliver Smith-Denny --- MdeModulePkg/Core/Dxe/DxeMain.h | 2 ++ MdeModulePkg/Core/Dxe/Image/Image.c | 10 ++++++++++ MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 +++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index 815a6b4bd844a452..43daa037be441150 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformat= ion[EfiMaxMemoryType + 1] extern BOOLEAN gDispatcherRunning;=0D extern EFI_RUNTIME_ARCH_PROTOCOL gRuntimeTemplate;=0D =0D +extern BOOLEAN gMemoryAttributesTableForwardCfi;=0D +=0D extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE gLoadModuleAtFixAddress= ConfigurationTable;=0D extern BOOLEAN gLoadFixedAddressCodeMe= moryReady;=0D //=0D diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Im= age/Image.c index 8704ebea9a7c88c0..9dbfb2a1fad22ced 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -1399,6 +1399,16 @@ CoreLoadImageCommon ( CoreNewDebugImageInfoEntry (EFI_DEBUG_IMAGE_INFO_TYPE_NORMAL, &Image->= Info, Image->Handle);=0D }=0D =0D + //=0D + // Check whether we are loading a runtime image that lacks support for=0D + // IBT/BTI landing pads.=0D + //=0D + if ((Image->ImageContext.ImageCodeMemoryType =3D=3D EfiRuntimeServicesCo= de) &&=0D + ((Image->ImageContext.DllCharacteristicsEx & EFI_IMAGE_DLLCHARACTERI= STICS_EX_FORWARD_CFI_COMPAT) =3D=3D 0))=0D + {=0D + gMemoryAttributesTableForwardCfi =3D FALSE;=0D + }=0D +=0D //=0D // Reinstall loaded image protocol to fire any notifications=0D //=0D diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModule= Pkg/Core/Dxe/Misc/MemoryAttributesTable.c index 82fa026bceb990e5..fd127ee167e1ac9a 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -89,6 +89,7 @@ BOOLEAN mMemoryAttributesTableEnable= =3D TRUE; BOOLEAN mMemoryAttributesTableEndOfDxe =3D FALSE;= =0D EFI_MEMORY_ATTRIBUTES_TABLE *mMemoryAttributesTable =3D NULL;=0D BOOLEAN mMemoryAttributesTableReadyToBoot =3D FALSE;= =0D +BOOLEAN gMemoryAttributesTableForwardCfi =3D TRUE;=0D =0D /**=0D Install MemoryAttributesTable.=0D @@ -182,7 +183,12 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version =3D EFI_MEMORY_ATTRIBUTES_TABLE_V= ERSION;=0D MemoryAttributesTable->NumberOfEntries =3D RuntimeEntryCount;=0D MemoryAttributesTable->DescriptorSize =3D (UINT32)DescriptorSize;=0D - MemoryAttributesTable->Flags =3D 0;=0D + if (gMemoryAttributesTableForwardCfi) {=0D + MemoryAttributesTable->Flags =3D EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWAR= D_CONTROL_FLOW_GUARD;=0D + } else {=0D + MemoryAttributesTable->Flags =3D 0;=0D + }=0D +=0D DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));=0D DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttrib= utesTable->Version));=0D DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttrib= utesTable->NumberOfEntries));=0D --=20 2.39.2