From patchwork Tue May  3 12:45:54 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 67065
Delivered-To: patch@linaro.org
Received: by 10.140.92.199 with SMTP id b65csp572040qge;
 Tue, 3 May 2016 05:46:07 -0700 (PDT)
X-Received: by 10.66.253.194 with SMTP id ac2mr3063398pad.55.1462279567631; 
 Tue, 03 May 2016 05:46:07 -0700 (PDT)
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1])
 by mx.google.com with ESMTPS id
 e66si4246511pfb.236.2016.05.03.05.46.07
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 03 May 2016 05:46:07 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender) client-ip=2001:19d0:306:5::1; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE dis=NONE) header.from=linaro.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id EAB671A1F90;
 Tue,  3 May 2016 05:46:06 -0700 (PDT)
X-Original-To: edk2-devel@lists.01.org
Delivered-To: edk2-devel@lists.01.org
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com
 [IPv6:2a00:1450:400c:c09::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 6D75A1A1F04
 for <edk2-devel@lists.01.org>; Tue,  3 May 2016 05:46:05 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id e201so144893410wme.0
 for <edk2-devel@lists.01.org>; Tue, 03 May 2016 05:46:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=cKaV3p4rKycFOA6cK6w1YWYpZltAyCRLAzWNA7DjhIM=;
 b=LivAtiewhAu6G5mj6A4IpHdfb2rZB5AF1JtIghtggxh4RIDs8sXk3UjL1htYnWbSFw
 p4zyl5sZRMl80FTwjfNyqIRZRg0ppO1UrIR+nLksHmFW8JIFL+LF8t2RM/WdfwGD0IHs
 qRi0lOTRsA5/GGnHAzuhwiMnT1WHm9Q2tGbUo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=cKaV3p4rKycFOA6cK6w1YWYpZltAyCRLAzWNA7DjhIM=;
 b=Qm/JrZDZ57O4ieFGsDV22e3TXRDI4G2S2YpaB2hQ+LtGCCAsqRHD2n0u3ZdR8aHmhq
 LWu2P4bq7BJjUjQLcgCVTJ0yoT1BsvnY6jiUmnY91MSiL3SmNrdomM8R0GIaDAKPUPYE
 wtccmSGUSjDKxJk8c5kzGyNKSAQKDx7sWR9Mv/UupzGvpkpFBZsiJTE098sMdIVcy1cG
 SS2M9hdSsmmzKmtvFgJ/eTpn8/dT/mCeVgQHKeNyNUz7zdD0nKzxy3WmpPtaWouKfRjF
 fHS7Z2e4m2eVN+trJFnXiNcn7KFxV9NPoK0pAmM3v/lnZ3OiRjo1wvNJHPz5F8plTSmU
 gvCg==
X-Gm-Message-State: AOPr4FWEdZe1WvD1pKoUYOeNqR4IYGDYdcpaPTZK75ooU2A1TVuyMHWbN694JUa5tHjVx8q4
X-Received: by 10.28.156.86 with SMTP id f83mr23235426wme.45.1462279564147; 
 Tue, 03 May 2016 05:46:04 -0700 (PDT)
Received: from localhost.localdomain ([195.55.142.58])
 by smtp.gmail.com with ESMTPSA id
 ib1sm3668096wjb.48.2016.05.03.05.46.02
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 03 May 2016 05:46:03 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com,
 ryan.harkin@linaro.org
Date: Tue,  3 May 2016 14:45:54 +0200
Message-Id: <1462279554-24821-3-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1462279554-24821-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1462279554-24821-1-git-send-email-ard.biesheuvel@linaro.org>
Subject: [edk2] [RFC PATCH 2/2] ArmVirtQemu: restrict RWX mappings
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>, Charles.Garcia-Tobin@arm.com
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

This reduces the amount of memory mapped as both writable and executable
to the absolute minimum, by mapping all of memory non-executable by
default, and using PermissionsPeCoffExtraActionLib to only map those
regions executable that require it for execution. If possible, these
regions are remapped read-only at the same time, but in some cases
(runtime drivers, TE images, images with < 4 KB section alignment) we
cannot avoid having to map the entire PE/COFF image RWX.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 ArmVirtPkg/ArmVirtQemu.dsc                                           | 9 ++++++++-
 ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c | 3 +++
 2 files changed, 11 insertions(+), 1 deletion(-)

-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 34323bf83d64..fbddd7fac7b5 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -82,6 +82,9 @@ [BuildOptions]
   GCC:*_*_ARM_PLATFORM_FLAGS == -mcpu=cortex-a15 -I$(WORKSPACE)/ArmVirtPkg/Include
   *_*_AARCH64_PLATFORM_FLAGS == -I$(WORKSPACE)/ArmVirtPkg/Include
 
+[BuildOptions.common.EDKII.DXE_CORE,BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER]
+  GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000
+
 
 ################################################################################
 #
@@ -243,7 +246,10 @@ [Components.common]
   # PEI Phase modules
   #
   ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-  MdeModulePkg/Core/Pei/PeiMain.inf
+  MdeModulePkg/Core/Pei/PeiMain.inf {
+    <LibraryClasses>
+      PeCoffExtraActionLib|ArmPkg/Library/PermissionsPeCoffExtraActionLib/PermissionsPeCoffExtraActionLib.inf
+  }
   MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
     <LibraryClasses>
       PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -265,6 +271,7 @@ [Components.common]
   MdeModulePkg/Core/Dxe/DxeMain.inf {
     <LibraryClasses>
       NULL|MdeModulePkg/Library/DxeCrc32GuidedSectionExtractLib/DxeCrc32GuidedSectionExtractLib.inf
+      PeCoffExtraActionLib|ArmPkg/Library/PermissionsPeCoffExtraActionLib/PermissionsPeCoffExtraActionLib.inf
   }
   MdeModulePkg/Universal/PCD/Dxe/Pcd.inf {
     <LibraryClasses>
diff --git a/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c b/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c
index f6c69152848e..c5899aa2ac3c 100644
--- a/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c
+++ b/ArmVirtPkg/Library/ArmVirtMemoryInitPeiLib/ArmVirtMemoryInitPeiLib.c
@@ -111,6 +111,9 @@ MemoryPeim (
   // Build Memory Allocation Hob
   InitMmu ();
 
+  ArmSetMemoryRegionNoExec ((EFI_PHYSICAL_ADDRESS)PcdGet64 (PcdSystemMemoryBase),
+                            PcdGet64 (PcdSystemMemorySize));
+
   if (FeaturePcdGet (PcdPrePiProduceMemoryTypeInformationHob)) {
     // Optional feature that helps prevent EFI memory map fragmentation.
     BuildMemoryTypeInformationHob ();