diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2023-02-02 19:03:34 +0100 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-04-07 13:18:38 +0000 |
| commit | 6405cd03048c1850d5047bf66fefa04189a05c94 (patch) | |
| tree | cb562feafc3f96ddf0c0a939e3aa4df3acd5c2a2 /MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | |
| parent | d6457b3090fea2e26f94e8419f77455945bc4c41 (diff) | |
| download | edk2-6405cd03048c1850d5047bf66fefa04189a05c94.tar.gz edk2-6405cd03048c1850d5047bf66fefa04189a05c94.tar.bz2 edk2-6405cd03048c1850d5047bf66fefa04189a05c94.zip | |
MdeModulePkg: Enable forward edge CFI in mem attributes table
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4405
The memory attributes table has been extended with a flag that indicates
whether or not the OS is permitted to map the EFI runtime code regions
with strict enforcement for IBT/BTI landing pad instructions.
Given that the PE/COFF spec now defines a DllCharacteristicsEx flag that
indicates whether or not a loaded image is compatible with this, we can
wire this up to the flag in the memory attributes table, and set it if
all loaded runtime image are compatible with it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Diffstat (limited to 'MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c')
| -rw-r--r-- | MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c index 82fa026bce..fd127ee167 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -89,6 +89,7 @@ BOOLEAN mMemoryAttributesTableEnable = TRUE; BOOLEAN mMemoryAttributesTableEndOfDxe = FALSE;
EFI_MEMORY_ATTRIBUTES_TABLE *mMemoryAttributesTable = NULL;
BOOLEAN mMemoryAttributesTableReadyToBoot = FALSE;
+BOOLEAN gMemoryAttributesTableForwardCfi = TRUE;
/**
Install MemoryAttributesTable.
@@ -182,7 +183,12 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version = EFI_MEMORY_ATTRIBUTES_TABLE_VERSION;
MemoryAttributesTable->NumberOfEntries = RuntimeEntryCount;
MemoryAttributesTable->DescriptorSize = (UINT32)DescriptorSize;
- MemoryAttributesTable->Flags = 0;
+ if (gMemoryAttributesTableForwardCfi) {
+ MemoryAttributesTable->Flags = EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD;
+ } else {
+ MemoryAttributesTable->Flags = 0;
+ }
+
DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));
DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttributesTable->Version));
DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttributesTable->NumberOfEntries));
|