From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.16077.1685719091051603987 for ; Fri, 02 Jun 2023 08:18:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nhYol27u; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 97CCE60C40; Fri, 2 Jun 2023 15:18:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 616A0C433A0; Fri, 2 Jun 2023 15:18:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1685719090; bh=dI9oXtm4CjlXfXaass0bE98rxF9abYXMTCQVVgC1KF0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nhYol27uW7NzD92ADxMTTmvYr1dqHlDYRYd9aLSolWXRVJeOyiVHFu/VpBfmmom1P W6ZavafCk3ABRPOHEaJ22Js1GV3zk8I6sx4Ak0ULIjhSUWRlEzkWyDsUW4uw7gOWT5 vw9vyEw9rFbHxerK8yUw62+DpOQND+o8yEt/5xBqbXFcdo87YMJR+1fytwCl92P1Xf yqE9vwswONkBuqQQmoC1jMi8Np4ju22jQwgzdZM7L6UkaeCZhkeKufnD6v1ZECor/e U2vPmoAfoaLWMckBt/OMa1tjpG7FfEkP6DO+i4vRBjlm/iYi42WbjE+5EH8DBNC/C2 6b9ECocAXVO3w== From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Ray Ni , Jiewen Yao , Gerd Hoffmann , Taylor Beebe , Oliver Smith-Denny , Dandan Bi , Dun Tan , Liming Gao , "Kinney, Michael D" , Leif Lindholm , Michael Kubacki Subject: [PATCH v2 3/7] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX Date: Fri, 2 Jun 2023 17:17:35 +0200 Message-Id: <20230602151739.3600820-4-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230602151739.3600820-1-ardb@kernel.org> References: <20230602151739.3600820-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable If the associated PCD is set to TRUE, use the memory attribute PPI to remap the stack non-executable. This provides a generic method for doing so, which will be used by ARM and AArch64 as well once they move to the generic DxeIpl handoff implementation. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 29 ++++++++++++++++++-- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c b/MdeModulePkg/Core/= DxeIplPeim/DxeHandoff.c index a0f85ebea56e6cba..60400da3521a8272 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c @@ -2,12 +2,15 @@ Generic version of arch-specific functionality for DxeLoad.=0D =0D Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) 2023, Google, LLC. All rights reserved.
=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D =0D #include "DxeIpl.h"=0D =0D +#include =0D +=0D /**=0D Transfers control to DxeCore.=0D =0D @@ -25,9 +28,10 @@ HandOffToDxeCore ( IN EFI_PEI_HOB_POINTERS HobList=0D )=0D {=0D - VOID *BaseOfStack;=0D - VOID *TopOfStack;=0D - EFI_STATUS Status;=0D + VOID *BaseOfStack;=0D + VOID *TopOfStack;=0D + EFI_STATUS Status;=0D + EDKII_MEMORY_ATTRIBUTE_PPI *MemoryPpi;=0D =0D //=0D // Allocate 128KB for the Stack=0D @@ -35,6 +39,25 @@ HandOffToDxeCore ( BaseOfStack =3D AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));=0D ASSERT (BaseOfStack !=3D NULL);=0D =0D + if (PcdGetBool (PcdSetNxForStack)) {=0D + Status =3D PeiServicesLocatePpi (=0D + &gEdkiiMemoryAttributePpiGuid,=0D + 0,=0D + NULL,=0D + (VOID **)&MemoryPpi=0D + );=0D + ASSERT_EFI_ERROR (Status);=0D +=0D + Status =3D MemoryPpi->SetPermissions (=0D + MemoryPpi,=0D + (UINTN)BaseOfStack,=0D + STACK_SIZE,=0D + EFI_MEMORY_XP,=0D + EFI_MEMORY_XP=0D + );=0D + ASSERT_EFI_ERROR (Status);=0D + }=0D +=0D //=0D // Compute the top of the stack we were allocated. Pre-allocate a UINTN= =0D // for safety.=0D diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 60c998be6c1bad01..7126a96d8378d1f8 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -91,6 +91,7 @@ [Ppis] gEfiPeiMemoryDiscoveredPpiGuid ## SOMETIMES_CONSUMES=0D gEdkiiPeiBootInCapsuleOnDiskModePpiGuid ## SOMETIMES_CONSUMES=0D gEdkiiPeiCapsuleOnDiskPpiGuid ## SOMETIMES_CONSUMES # Consume= d on firmware update boot path=0D + gEdkiiMemoryAttributePpiGuid ## SOMETIMES_CONSUMES=0D =0D [Guids]=0D ## SOMETIMES_CONSUMES ## Variable:L"MemoryTypeInformation"=0D @@ -117,10 +118,12 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES=0D =0D [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]=0D - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES=0D gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy ## SOMETIM= ES_CONSUMES=0D gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES=0D =0D +[Pcd]=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES=0D +=0D [Depex]=0D gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid=0D =0D --=20 2.39.2