[edk2-devel] [RFC PATCH v2 5/7] MdePkg/BasePeCoffLib AARCH64: Implement fwd control flow guard detection

Fri, 03 Feb 2023 04:11:20 -0800 

Add the check to infer from the instruction opcode at the image
entrypoint whether or not forward edge control flow guards were emitted
by the compiler at build time. Given that an image entry point is
invoked indirectly by construction, its entrypoint must have such a
guard instruction there if it implements support for forward edge
control flow enforcement such as IBT or BTI.

Signed-off-by: Ard Biesheuvel <a...@kernel.org>
---
 MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c | 103 
++++++++++++++++++++
 MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf        |   5 +-
 2 files changed, 107 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c 
b/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c
new file mode 100644
index 000000000000..d25b11109dbc
--- /dev/null
+++ b/MdePkg/Library/BasePeCoffLib/AArch64/PeCoffLoaderEx.c
@@ -0,0 +1,103 @@
+/** @file
+  AArch64 implementations of architecture/ISA Specific relocation handlers.
+
+  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2023, Google LLC. Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "BasePeCoffLibInternals.h"
+
+/**
+  Performs an architecture/ISA specific relocation fixup.
+
+  @param  Reloc       The pointer to the relocation record.
+  @param  Fixup       The pointer to the address to fix up.
+  @param  FixupData   The pointer to a buffer to log the fixups.
+  @param  Adjust      The offset to adjust the fixup.
+
+  @return Status code.
+
+**/
+RETURN_STATUS
+PeCoffLoaderRelocateImageEx (
+  IN UINT16     *Reloc,
+  IN OUT CHAR8  *Fixup,
+  IN OUT CHAR8  **FixupData,
+  IN UINT64     Adjust
+  )
+{
+  return RETURN_UNSUPPORTED;
+}
+
+/**
+  Returns TRUE if the machine type of PE/COFF image is supported. Supported
+  does not mean the image can be executed it means the PE/COFF loader supports
+  loading and relocating of the image type. It's up to the caller to support
+  the entry point.
+
+  @param  Machine   The machine type from the PE Header.
+
+  @return TRUE if this PE/COFF loader can load the image
+
+**/
+BOOLEAN
+PeCoffLoaderImageFormatSupported (
+  IN  UINT16  Machine
+  )
+{
+  if ((Machine == IMAGE_FILE_MACHINE_I386) || (Machine == 
IMAGE_FILE_MACHINE_X64) ||
+      (Machine == IMAGE_FILE_MACHINE_EBC) || (Machine == 
IMAGE_FILE_MACHINE_ARM64))
+  {
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+  Performs an architecture/ISA specific re-relocation fixup. This is used to
+  re-relocate the image into the EFI virtual space for runtime calls.
+
+  @param  Reloc       The pointer to the relocation record.
+  @param  Fixup       The pointer to the address to fix up.
+  @param  FixupData   The pointer to a buffer to log the fixups.
+  @param  Adjust      The offset to adjust the fixup.
+
+  @return Status code.
+
+**/
+RETURN_STATUS
+PeHotRelocateImageEx (
+  IN UINT16     *Reloc,
+  IN OUT CHAR8  *Fixup,
+  IN OUT CHAR8  **FixupData,
+  IN UINT64     Adjust
+  )
+{
+  return RETURN_UNSUPPORTED;
+}
+
+/**
+  Returns whether the image implements forward control flow guards.
+
+  @param  ImageContext      The context of the image being loaded.
+
+  @return TRUE if the image implements forward control flow guards
+
+**/
+BOOLEAN
+PeCoffLoaderCheckForwardControlFlowGuards (
+  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT  *ImageContext
+  )
+{
+  CONST UINT32  *Opcode;
+
+  Opcode = (UINT32 *)(UINTN)ImageContext->EntryPoint;
+
+  //
+  // Check whether the opcode is BTI C or BTI CJ
+  //
+  return ((*Opcode & 0xffffff7f) == 0xd503245f);
+}
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf 
b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
index 3b8b8eb1917d..8b720bd6e006 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
@@ -39,12 +39,15 @@ [Sources]
   BasePeCoffLibInternals.h
   BasePeCoff.c
 
-[Sources.IA32, Sources.X64, Sources.EBC, Sources.AARCH64]
+[Sources.IA32, Sources.X64, Sources.EBC]
   PeCoffLoaderEx.c
 
 [Sources.ARM]
   Arm/PeCoffLoaderEx.c
 
+[Sources.AARCH64]
+  AArch64/PeCoffLoaderEx.c
+
 [Sources.RISCV64]
   RiscV/PeCoffLoaderEx.c
 
-- 
2.39.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99572): https://edk2.groups.io/g/devel/message/99572
Mute This Topic: https://groups.io/mt/96721189/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to