From patchwork Mon Jan 7 07:15:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 154875 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp3192788ljp; Sun, 6 Jan 2019 23:15:39 -0800 (PST) X-Google-Smtp-Source: ALg8bN7E9zjhLVL3DlJCR++7HE+veRMWmFA7zsAYCxao3kCMweAT2QSw0QHK9GqKpDuc8trH1Cuz X-Received: by 2002:a63:2507:: with SMTP id l7mr27747246pgl.22.1546845339101; Sun, 06 Jan 2019 23:15:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546845339; cv=none; d=google.com; s=arc-20160816; b=c80VzURLbF5kKbr2YN7D6ZDca9hvuqri8QqfaAiVmaEfTRJ++F2BpPRVbQwXjsOr2W I8uKLGEWnMLR4TlCNT1v3MgOQB4Bptq5jwJcVeW83HK6ga4+6dTpO8aNBvq06RYWWPEy xq1gFbp0cCt2GsOAvAOffDr87McLZ2fN9p89MPD8ptdRCWSB+H/it/4hkpGR7UWeMXS2 N2t5d+OhKjeh/ZXF0R/yBNJe5iuVR9sRWKYcgJI1/uk6XfpU3dfGYHpd5If8qHkIazFQ E9qx3qM/NWiv/TGyl8f9/pmXEIyn+Ft9uCVbGQf55Psrvr7rEEFfHTPlCXB0RMiFjaOu up1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=EzD/UCXX3XG1CiV76BarTU+QEASmHPCeOBLo6Fup3s8=; b=BNQ+qIh7Wp15hd2p2KUuxR6fUE79IxR37XdL4CJXRdnlDL3NzvStiequZxIdkttg/5 B9aDwNn7c489uGwT2aDOJ0qkxZ8JbTwRiym3Y/FOjqnvHL9Kva/6Ae2stxFHlH5TW5yz cBYGbP5gRb2s7YyF0fAIhyJHUI86RinusuLmdt/JTKhhy2hOku+nvIL4ChXGDemmW3r8 Uo963muEftYB9onlxD/Lj/KKVSiAHGztqJoI3sGSH5VLLVJNboXSdKkHUvA7jymJz0sM hP7iTtOqnc5ewXRB7xJdM7MmrMmWD+6cE0//+bHhDkVKkqqRLwMf93TjXDL2fFTvF+t7 a8eA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=WtqX0v+Y; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id 38si1077836pgx.460.2019.01.06.23.15.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Jan 2019 23:15:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=WtqX0v+Y; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 7A707211B113B; Sun, 6 Jan 2019 23:15:30 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::542; helo=mail-ed1-x542.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-ed1-x542.google.com (mail-ed1-x542.google.com [IPv6:2a00:1450:4864:20::542]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 60C952194D387 for ; Sun, 6 Jan 2019 23:15:28 -0800 (PST) Received: by mail-ed1-x542.google.com with SMTP id f9so36890295eds.10 for ; Sun, 06 Jan 2019 23:15:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mMSizBQgJm5evq3u4Ra4FSAjA0GrPHQj0NpjOvQGfrA=; b=WtqX0v+Yby9YN8/6LwwvFWm13F3MWWIhf1Ra4BihSgVcnGG23YEbiNiQ6H7DapM4OP NBfb59gEeHEvDSoW3n6t4pp6xPwxHEZCEv2JCZh9hlq4Ri3zrlGw0pEceVqnzsDQr5+j UXuispsZtGEVexYfnHN+XxT37bljrhAskr4oo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mMSizBQgJm5evq3u4Ra4FSAjA0GrPHQj0NpjOvQGfrA=; b=a5er6apHFX7v5pvtCizJgAkOTvRM1GUnT/5h6DP2cR+gi7WU/VhiHGqsY7R6heduxf G+VffvzlXnRjJf3RHIvwylz1QxSpl2dmpOc4q8wln9V7q6VHAlVyVKStKcj5Ba2T02rP GAyj+0v7qeSILo1+eBIcZpQDaVAxEC+VkrRkIjLLxwKUTgSXzxO8CouI73cQnkuvv3cO 3kpz8XbHdAjuVC9vU9WvTnbnPH6Ras6gFcFCXKQU3dNk1tJCV3OBOlcwfLqa9UX0VeBG jc55fANS/SxmjJsXEpPwdlFT3Vp4CWii5cygEJppzPrA6m4lUb5USNGgqXJahpc0kkXU snaA== X-Gm-Message-State: AA+aEWZmRMaPz/b+xfwBVGk6UJnzrSp+kgUnH13p0y0OZMHcDPEbmvCU baq7/fvs9in6zvBf9VY3jxRTnAkEp2zcqg== X-Received: by 2002:a17:906:1e57:: with SMTP id i23-v6mr47315901ejj.146.1546845326672; Sun, 06 Jan 2019 23:15:26 -0800 (PST) Received: from chuckie.home ([2a01:cb1d:112:6f00:58f2:776e:9e23:a7ca]) by smtp.gmail.com with ESMTPSA id t9sm30263693edd.25.2019.01.06.23.15.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Jan 2019 23:15:25 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Mon, 7 Jan 2019 08:15:04 +0100 Message-Id: <20190107071504.2431-6-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190107071504.2431-1-ard.biesheuvel@linaro.org> References: <20190107071504.2431-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Subject: [edk2] [PATCH 5/5] ArmPkg/CpuDxe: switch to read-only page tables at EndOfDxe X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Register for the EndOfDxe event, and use it to invoke the new ArmMmuLib code that remaps all page tables as read-only. This should limit the impact of arbitrary write exploits, since they can no longer be abused to modify tightened memory permissions. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 23 ++++++++++++++++++++ ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 1 + 2 files changed, 24 insertions(+) -- 2.20.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c index 5e923d45b715..11f4a2ccf5c8 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c @@ -238,6 +238,17 @@ InitializeDma ( CpuArchProtocol->DmaBufferAlignment = ArmCacheWritebackGranule (); } +STATIC +VOID +EFIAPI +OnEndOfDxe ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + MapAllPageTablesReadOnly (); +} + EFI_STATUS CpuDxeInitialize ( IN EFI_HANDLE ImageHandle, @@ -246,6 +257,7 @@ CpuDxeInitialize ( { EFI_STATUS Status; EFI_EVENT IdleLoopEvent; + EFI_EVENT EndOfDxeEvent; InitializeExceptions (&mCpu); @@ -285,5 +297,16 @@ CpuDxeInitialize ( ); ASSERT_EFI_ERROR (Status); + + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + OnEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + ASSERT_EFI_ERROR (Status); + return Status; } diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf index c32d2cb9c7d4..0788a2ab27c0 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf @@ -63,6 +63,7 @@ [Guids] gEfiDebugImageInfoTableGuid + gEfiEndOfDxeEventGroupGuid gArmMpCoreInfoGuid gIdleLoopEventGuid gEfiVectorHandoffTableGuid