From patchwork Wed Mar 1 16:31:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94726 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp1857047obz; Wed, 1 Mar 2017 08:32:06 -0800 (PST) X-Received: by 10.98.73.155 with SMTP id r27mr9814416pfi.52.1488385926064; Wed, 01 Mar 2017 08:32:06 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id l15si5036502pln.91.2017.03.01.08.32.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2017 08:32:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2461D821DB; Wed, 1 Mar 2017 08:32:02 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C9435821D4 for ; Wed, 1 Mar 2017 08:32:00 -0800 (PST) Received: by mail-wm0-x234.google.com with SMTP id v186so114700459wmd.0 for ; Wed, 01 Mar 2017 08:32:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7L3GPok8HXjBuP1QK/rSnJTC3EyBSeRssRffYuMLbvQ=; b=Tbs6Rzp9AgTk0aoUdL3vS4sGxrymPS2Lf6/xP6J7VZVlwromXRswpubF7UORfOHVUS lEzk3XfhE0cksUvZIP4/XWhvEvAuFiFI0ApNDVMPP5+0zi5ebk9mmBnNOXaN2OnryptH +xR31Wom7tte4bSUQz7zyn2mAvaDpaqyVKCBE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7L3GPok8HXjBuP1QK/rSnJTC3EyBSeRssRffYuMLbvQ=; b=LXQA3Os/GpVkXnNbepbspiFlGK7198yV0aT23DBG98cujK/NpXbEBefxRy0l5k9KP/ oDvk0m0NlvgElgrA/1QlaLc10kn17YRhWD58//LO1qzrQSk/IG40hMPKTVFh50cnnfVK TSUpPHwOPnVscyFfs3wHR3foNOydqArmlHVRZz34QCRHFGMThFJWK9yu1XEzqtYgK9cg gRwZdsl4pKBkYIJISDqOQeK/fDdRGwVBusGzcpAKvY9I6cJgCgI9E1eQHPFBiZBsMhJX Hl6czFCewz2EuSwvEM0rHkHnRWLLSPzvfQodSKvuFwTHhfSzP57fHJxJ5Y7HwJWkIaO3 Oz+Q== X-Gm-Message-State: AMke39mge3pXSFfmqerIr1DlbR4CYFwzU+fZP/6gS4WcV7t5ndnnvCHaRipH099IrXSvwqAB X-Received: by 10.28.133.203 with SMTP id h194mr4149838wmd.122.1488385919333; Wed, 01 Mar 2017 08:31:59 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id 11sm7275292wrb.10.2017.03.01.08.31.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 08:31:58 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Date: Wed, 1 Mar 2017 16:31:43 +0000 Message-Id: <1488385903-30267-6-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488385903-30267-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488385903-30267-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 5/5] ArmVirtPkg: enable non-executable DXE stack for all platforms X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Now that ARM has grown support for managing memory permissions in ArmMmuLib, we can enable the non-executable DXE stack for all virt platforms. Note that this is not [entirely] redundant: the non-executable stack is configured before DxeCore is invoked. The image and memory protection features configured during DXE only take affect when the CPU arch protocol implementation is registered. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 5 +++++ ArmVirtPkg/ArmVirtQemu.dsc | 2 -- ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 -- 3 files changed, 5 insertions(+), 4 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: Laszlo Ersek diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index acfb71d3ff6c..e2d3dcce7945 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -386,6 +386,11 @@ [PcdsFixedAtBuild.common] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 + # + # Enable the non-executable DXE stack. (This gets set up by DxeIpl) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [PcdsFixedAtBuild.ARM] gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 615e1fca4877..477dfdcfc764 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -152,8 +152,6 @@ [PcdsFixedAtBuild.common] gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 [PcdsFixedAtBuild.AARCH64] - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE - # KVM limits it IPA space to 40 bits (1 TB), so there is no need to # support anything bigger, even if the host hardware does gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc index e4902690123c..fd39c2802a85 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -163,8 +163,6 @@ [PcdsFixedAtBuild.AARCH64] # gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE - # KVM limits it IPA space to 40 bits (1 TB), so there is no need to # support anything bigger, even if the host hardware does gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40