From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A9260821B6 for ; Wed, 1 Mar 2017 11:10:03 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com [10.5.11.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3F4F8C049D5C; Wed, 1 Mar 2017 19:10:04 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-249.phx2.redhat.com [10.3.116.249]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5C5D32D5C0; Wed, 1 Mar 2017 19:10:03 +0000 (UTC) To: Ard Biesheuvel , edk2-devel@ml01.01.org, leif.lindholm@linaro.org References: <1488385903-30267-1-git-send-email-ard.biesheuvel@linaro.org> <1488385903-30267-6-git-send-email-ard.biesheuvel@linaro.org> From: Laszlo Ersek Message-ID: Date: Wed, 1 Mar 2017 20:10:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <1488385903-30267-6-git-send-email-ard.biesheuvel@linaro.org> X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 01 Mar 2017 19:10:04 +0000 (UTC) Subject: Re: [PATCH 5/5] ArmVirtPkg: enable non-executable DXE stack for all platforms X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 19:10:03 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 03/01/17 17:31, Ard Biesheuvel wrote: > Now that ARM has grown support for managing memory permissions in > ArmMmuLib, we can enable the non-executable DXE stack for all virt > platforms. > > Note that this is not [entirely] redundant: the non-executable stack > is configured before DxeCore is invoked. The image and memory protection > features configured during DXE only take affect when the CPU arch > protocol implementation is registered. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel > --- > ArmVirtPkg/ArmVirt.dsc.inc | 5 +++++ > ArmVirtPkg/ArmVirtQemu.dsc | 2 -- > ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 -- > 3 files changed, 5 insertions(+), 4 deletions(-) > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index acfb71d3ff6c..e2d3dcce7945 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -386,6 +386,11 @@ [PcdsFixedAtBuild.common] > # > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 > > + # > + # Enable the non-executable DXE stack. (This gets set up by DxeIpl) > + # > + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > + > [PcdsFixedAtBuild.ARM] > gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 > > diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc > index 615e1fca4877..477dfdcfc764 100644 > --- a/ArmVirtPkg/ArmVirtQemu.dsc > +++ b/ArmVirtPkg/ArmVirtQemu.dsc > @@ -152,8 +152,6 @@ [PcdsFixedAtBuild.common] > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > > [PcdsFixedAtBuild.AARCH64] > - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > - > # KVM limits it IPA space to 40 bits (1 TB), so there is no need to > # support anything bigger, even if the host hardware does > gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 > diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc > index e4902690123c..fd39c2802a85 100644 > --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc > +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc > @@ -163,8 +163,6 @@ [PcdsFixedAtBuild.AARCH64] > # > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > > - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > - > # KVM limits it IPA space to 40 bits (1 TB), so there is no need to > # support anything bigger, even if the host hardware does > gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 > This doesn't just extend PcdSetNxForStack from AARCH64 from ARM, but also from QEMU to Xen. Is that your intent? If so, Reviewed-by: Laszlo Ersek Thanks Laszlo