From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.13287.1685025086076089494
 for <devel@edk2.groups.io>;
 Thu, 25 May 2023 07:31:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=d/igOCT8;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 9B02561489;
	Thu, 25 May 2023 14:31:25 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 802A8C433EF;
	Thu, 25 May 2023 14:31:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1685025085;
	bh=WYBYGFu3/rSpTjMOYvABWW85k5yftaF/wtgzahQzosc=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=d/igOCT8UYnhNMTjN+HY49LOkUw2Zr7F+QQG2XqlDgv1+3OWwFLGBwhwf11aRIjQZ
	 C7rCq+A/KKexTg+ta3CurTW+v0I+ONyTSYFTE5J/2jQdAoFv0uISEOVtlFTgBj2N+H
	 89G4mazh+NuHEP9mcLl6df4D0RiVxHcItyGq74NioNg3NYEf6B4blLPBtHyo+L6z/p
	 FEaqw9uX7ZnTEH6lt8q+QJHHFOCPKEsSk0kTLPj5V5r8BDUjfDELZ5j1CkMO041UO6
	 q184MSRuptXGQZjt9thYhW0SgDoCatc0rZpi5By8p8Rll9M449KpdzR3E5YoXBLGWG
	 WsBzKrG8QyOPA==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Ray Ni <ray.ni@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Oliver Smith-Denny <osd@smith-denny.com>,
	Dandan Bi <dandan.bi@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sunil V L <sunilvl@ventanamicro.com>,
	Andrei Warkentin <andrei.warkentin@intel.com>
Subject: [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX
Date: Thu, 25 May 2023 16:30:40 +0200
Message-Id: <20230525143041.1172989-10-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org>
References: <20230525143041.1172989-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

If the associated PCD is set to TRUE, use the memory attribute PPI to
remap the stack non-executable. This provides a generic method for doing
so, which will be used by ARM and AArch64 as well once they move to the
generic DxeIpl handoff implementation.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 29 ++++++++++++++++++--
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf   |  5 +++-
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/=
DxeIplPeim/DxeHandoff.c
index a0f85ebea56e6cba..22caabb02840ba88 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c
@@ -2,12 +2,15 @@
   Generic version of arch-specific functionality for DxeLoad.=0D
 =0D
 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>=0D
+Copyright (c) 2023, Google, LLC. All rights reserved.<BR>=0D
 SPDX-License-Identifier: BSD-2-Clause-Patent=0D
 =0D
 **/=0D
 =0D
 #include "DxeIpl.h"=0D
 =0D
+#include <Ppi/MemoryAttribute.h>=0D
+=0D
 /**=0D
    Transfers control to DxeCore.=0D
 =0D
@@ -25,9 +28,10 @@ HandOffToDxeCore (
   IN EFI_PEI_HOB_POINTERS  HobList=0D
   )=0D
 {=0D
-  VOID        *BaseOfStack;=0D
-  VOID        *TopOfStack;=0D
-  EFI_STATUS  Status;=0D
+  VOID                        *BaseOfStack;=0D
+  VOID                        *TopOfStack;=0D
+  EFI_STATUS                  Status;=0D
+  EDKII_MEMORY_ATTRIBUTE_PPI  *MemoryPpi;=0D
 =0D
   //=0D
   // Allocate 128KB for the Stack=0D
@@ -35,6 +39,25 @@ HandOffToDxeCore (
   BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));=0D
   ASSERT (BaseOfStack !=3D NULL);=0D
 =0D
+  if (PcdGetBool (PcdSetNxForStack)) {=0D
+    Status =3D PeiServicesLocatePpi (=0D
+               &gEdkiiMemoryAttributePpiGuid,=0D
+               0,=0D
+               NULL,=0D
+               (VOID **)&MemoryPpi=0D
+               );=0D
+    ASSERT_EFI_ERROR (Status);=0D
+=0D
+    Status =3D MemoryPpi->SetPermissions (=0D
+                          MemoryPpi,=0D
+                          (UINTN)BaseOfStack,=0D
+                          STACK_SIZE,=0D
+                          EFI_MEMORY_XP,=0D
+                          0=0D
+                          );=0D
+    ASSERT_EFI_ERROR (Status);=0D
+  }=0D
+=0D
   //=0D
   // Compute the top of the stack we were allocated. Pre-allocate a UINTN=
=0D
   // for safety.=0D
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx=
eIplPeim/DxeIpl.inf
index 60c998be6c1bad01..7126a96d8378d1f8 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -91,6 +91,7 @@ [Ppis]
   gEfiPeiMemoryDiscoveredPpiGuid         ## SOMETIMES_CONSUMES=0D
   gEdkiiPeiBootInCapsuleOnDiskModePpiGuid  ## SOMETIMES_CONSUMES=0D
   gEdkiiPeiCapsuleOnDiskPpiGuid            ## SOMETIMES_CONSUMES # Consume=
d on firmware update boot path=0D
+  gEdkiiMemoryAttributePpiGuid             ## SOMETIMES_CONSUMES=0D
 =0D
 [Guids]=0D
   ## SOMETIMES_CONSUMES ## Variable:L"MemoryTypeInformation"=0D
@@ -117,10 +118,12 @@ [Pcd.IA32,Pcd.X64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize                            ##=
 CONSUMES=0D
 =0D
 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]=0D
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIM=
ES_CONSUMES=0D
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM=
ES_CONSUMES=0D
   gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIM=
ES_CONSUMES=0D
 =0D
+[Pcd]=0D
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIM=
ES_CONSUMES=0D
+=0D
 [Depex]=0D
   gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid=0D
 =0D
--=20
2.39.2