[edk2] [PATCH v2 3/4] MdeModulePkg/DxeIplPeim: implement non-exec stack for ARM/AARCH64

[Ard Biesheuvel]

Mark the DXE stack region as non-executable right before handing
off to the DXE core, by invoking the appropriate ArmLib function.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
 MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c | 7 +++++++
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf        | 8 ++++++++
 2 files changed, 15 insertions(+)

diff --git a/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c 
b/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c
index df2dc70b1732..d6581a312541 100644
--- a/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c
@@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER 
EXPRESS OR IMPLIED.
 
 #include "DxeIpl.h"
 
+#include <Library/ArmLib.h>
+
 /**
    Transfers control to DxeCore.
 
@@ -43,6 +45,11 @@ HandOffToDxeCore (
   BaseOfStack = AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));
   ASSERT (BaseOfStack != NULL);
 
+  if (PcdGetBool (PcdSetNxForStack)) {
+    Status = ArmSetMemoryRegionNoExec ((UINTN)BaseOfStack, STACK_SIZE);
+    ASSERT_EFI_ERROR (Status);
+  }
+
   //
   // Compute the top of the stack we were allocated. Pre-allocate a UINTN
   // for safety.
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf 
b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 66c58b1d0f07..04ad928c9f84 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -61,6 +61,9 @@ [Packages]
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
 
+[Packages.ARM, Packages.AARCH64]
+  ArmPkg/ArmPkg.dec
+
 [LibraryClasses]
   PcdLib
   MemoryAllocationLib
@@ -76,6 +79,9 @@ [LibraryClasses]
   DebugAgentLib
   PeiServicesTablePointerLib
 
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+  ArmLib
+
 [Ppis]
   gEfiDxeIplPpiGuid                 ## PRODUCES
   gEfiPeiDecompressPpiGuid          ## PRODUCES
@@ -104,6 +110,8 @@ [FeaturePcd]
 
 [Pcd.IA32,Pcd.X64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## 
SOMETIMES_CONSUMES
+
+[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## 
SOMETIMES_CONSUMES
 
 [Depex]
-- 
1.9.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel