From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 619BC821B6 for ; Wed, 1 Mar 2017 11:10:45 -0800 (PST) Received: by mail-io0-x236.google.com with SMTP id l7so37941197ioe.3 for ; Wed, 01 Mar 2017 11:10:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jLCt77LsOHjme6q6KpaG21yBvOrChBUvfFHeq50OPSY=; b=agt5L0VGPKW1MF5Q0p5nVEv3fbXkaeZFcY6VBMcK5r2kuGv8f2f270av/kYriIs8B/ BFpzMJQbwMjbk/N0m/aroOu9jlR9ZWJcqG8wcLDlWWFQHdTPS8yNFnDq2JF3+xVu7Ovc 8QLHyvzY2laajWgkoVxt/f5GlJrHRtYe1mPR0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jLCt77LsOHjme6q6KpaG21yBvOrChBUvfFHeq50OPSY=; b=DMcXFU2WEjJcguvWmZYYpUQ4yUP31zV5MjlcZGC2q4IdTfi0JVsIoiZWYObN2klb1+ 74f7g4bEck1kghWTG1yz0wJouCku6cpjXp4PCqvGhz0SEHCWRIghWi7HGaE6hQenyEI3 s1qCMLBcp/sjiXwJpfG0W1BYaiL1bKBMZ1yGkFXb9wY87ZD1PS4q74Kbke6JPdAPdyr1 DJBti4jA1Fwc7lTgaf5qHMDduBvhivBKJuPal7ffPKFVlUdGcDXM32xxIOnzYjlD69XV M7+02mZujxjODmkmR6kl+sysZHI8BULMJXMnvzeleZhIQpE/zy0GYeUnZypXXLHNqG4J 5G7A== X-Gm-Message-State: AMke39mRuuGVJNQ1tWZOnkjqWQvvS+AN48s1AEx2xnr0nui1rXvALJya2Pdgyk82edNzKJbQJaT4CxywgukcjYAA X-Received: by 10.107.168.21 with SMTP id r21mr9740837ioe.45.1488395444690; Wed, 01 Mar 2017 11:10:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.10.27 with HTTP; Wed, 1 Mar 2017 11:10:44 -0800 (PST) In-Reply-To: References: <1488385903-30267-1-git-send-email-ard.biesheuvel@linaro.org> <1488385903-30267-6-git-send-email-ard.biesheuvel@linaro.org> From: Ard Biesheuvel Date: Wed, 1 Mar 2017 19:10:44 +0000 Message-ID: To: Laszlo Ersek Cc: "edk2-devel@lists.01.org" , Leif Lindholm Subject: Re: [PATCH 5/5] ArmVirtPkg: enable non-executable DXE stack for all platforms X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 19:10:45 -0000 Content-Type: text/plain; charset=UTF-8 On 1 March 2017 at 19:10, Laszlo Ersek wrote: > On 03/01/17 17:31, Ard Biesheuvel wrote: >> Now that ARM has grown support for managing memory permissions in >> ArmMmuLib, we can enable the non-executable DXE stack for all virt >> platforms. >> >> Note that this is not [entirely] redundant: the non-executable stack >> is configured before DxeCore is invoked. The image and memory protection >> features configured during DXE only take affect when the CPU arch >> protocol implementation is registered. >> >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Ard Biesheuvel >> --- >> ArmVirtPkg/ArmVirt.dsc.inc | 5 +++++ >> ArmVirtPkg/ArmVirtQemu.dsc | 2 -- >> ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 -- >> 3 files changed, 5 insertions(+), 4 deletions(-) >> >> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc >> index acfb71d3ff6c..e2d3dcce7945 100644 >> --- a/ArmVirtPkg/ArmVirt.dsc.inc >> +++ b/ArmVirtPkg/ArmVirt.dsc.inc >> @@ -386,6 +386,11 @@ [PcdsFixedAtBuild.common] >> # >> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 >> >> + # >> + # Enable the non-executable DXE stack. (This gets set up by DxeIpl) >> + # >> + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE >> + >> [PcdsFixedAtBuild.ARM] >> gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 >> >> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc >> index 615e1fca4877..477dfdcfc764 100644 >> --- a/ArmVirtPkg/ArmVirtQemu.dsc >> +++ b/ArmVirtPkg/ArmVirtQemu.dsc >> @@ -152,8 +152,6 @@ [PcdsFixedAtBuild.common] >> gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 >> >> [PcdsFixedAtBuild.AARCH64] >> - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE >> - >> # KVM limits it IPA space to 40 bits (1 TB), so there is no need to >> # support anything bigger, even if the host hardware does >> gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 >> diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc >> index e4902690123c..fd39c2802a85 100644 >> --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc >> +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc >> @@ -163,8 +163,6 @@ [PcdsFixedAtBuild.AARCH64] >> # >> gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 >> >> - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE >> - >> # KVM limits it IPA space to 40 bits (1 TB), so there is no need to >> # support anything bigger, even if the host hardware does >> gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 >> > > This doesn't just extend PcdSetNxForStack from AARCH64 from ARM, but > also from QEMU to Xen. Is that your intent? If so, > > Reviewed-by: Laszlo Ersek > Yes, it is, but I will mention that in the commit log Thanks, Ard.