On Mon, Mar 27, 2023 at 13:00:55 +0200, Ard Biesheuvel wrote:
> Implement version 2 of the memory attributes table, which now contains a
> flag informing the OS whether or not code regions may be mapped with CFI
> mitigations such as IBT or BTI enabled.
>
> This series covers roughly the following parts:
>
> - (AARCH64) Annotate ELF objects generated from asm as BTI compatible
> when BTI codegen is enabled
> - Update the BaseTools to emit the appropriate PE/COFF annotation when a
> BTI/IBT compatible ELF executable is converted to PE/COFF
> - Take this PE/COFF annotation into account when populating the memory
> attributes table in the DXE core
For any patches I haven't explicitly commented on in this set:
Reviewed-by: Leif Lindholm <quic_llind...@quicinc.com>
(but I did comment on patch 17 in the review of patch 15)
/
Leif
> TODO:
> - X64 changes to make the code IBT compatible and emit the ELF note
> - Figure out how to generate such executables with native PE toolchains
> - Implement BTI/IBT enforcement at boot time - this is something I
> intend to look into next.
>
> Can be tested with the CLANG38 toolchain (both Clang compiler and LLD
> linker, version 3.8 or newer) with the following build options.
>
> [BuildOptions]
> GCC:*_*_AARCH64_PP_FLAGS = -mbranch-protection=bti
> GCC:*_*_AARCH64_CC_FLAGS = -mbranch-protection=bti
> GCC:*_*_AARCH64_DLINK_FLAGS = -fuse-ld=lld
> -Wl,--no-relax,--no-pie,-z,bti-report=error
>
> Cc: Michael Kinney <michael.d.kin...@intel.com>
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Michael Kubacki <michael.kuba...@microsoft.com>
> Cc: Sean Brogan <sean.bro...@microsoft.com>
> Cc: Rebecca Cran <quic_rc...@quicinc.com>
> Cc: Leif Lindholm <quic_llind...@quicinc.com>
> Cc: Sami Mujawar <sami.muja...@arm.com>
> Cc: Taylor Beebe <t...@taylorbeebe.com>
> Cc: Marvin H??user <mhaeu...@posteo.de>
> Cc: Bob Feng <bob.c.f...@intel.com>
>
> Ard Biesheuvel (17):
> MdePkg/ProcessorBind AARCH64: Add asm macro to emit GNU BTI note
> MdePkg/BaseCpuLib AARCH64: Make asm files BTI compatible
> MdePkg/BaseIoLibIntrinsic AARCH64: Make asm files BTI compatible
> MdePkg/BaseLib AARCH64: Make LongJump() BTI compatible
> MdePkg/BaseLib AARCH64: Make asm files BTI compatible
> MdePkg/BaseMemoryLibOptDxe AARCH64: Make asm files BTI compatible
> MdePkg/BaseSynchronizationLib AARCH64: Make asm files BTI compatible
> MdePkg/BaseRngLib AARCH64: Make asm files BTI compatible
> ArmPkg: Emit BTI opcodes when BTI codegen is enabled
> ArmPkg/GccLto AARCH64: Add BTI note to LTO helper library
> ArmPkg, BaseTools AARCH64: Add BTI ELF note to .hii objects
> ArmPlatformPkg/PrePeiCore: Make vector table object BTI compatible
> BaseTools/GenFw: Parse IBT/BTI support status from ELF note
> BaseTools/GenFw: Add DllCharacteristicsEx field to debug data
> MdePkg: Update MemoryAttributesTable to v2.10
> MdePkg/PeCoffLib: Capture DLL characteristics fieldis in image context
> MdeModulePkg: Enable forward edge CFI in mem attributes table
>
> ArmPkg/Include/AsmMacroIoLibV8.h | 3 +-
> ArmPkg/Library/ArmExceptionLib/AArch64/ExceptionSupport.S | 3 +-
> ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S | 4 +-
> ArmPkg/Library/GccLto/liblto-aarch64.a | Bin 1016
> -> 1128 bytes
> ArmPkg/Library/GnuNoteBti.bin | Bin 0 ->
> 32 bytes
> ArmPlatformPkg/PrePeiCore/AArch64/Exception.S | 2 +
> ArmVirtPkg/Library/ArmPlatformLibQemu/IdMap.S | 2 +
> BaseTools/Conf/tools_def.template | 4 +-
> BaseTools/Source/C/GenFw/Elf64Convert.c | 104
> +++++++++++++++++---
> BaseTools/Source/C/GenFw/GenFw.c | 3 +-
> BaseTools/Source/C/GenFw/elf_common.h | 9 ++
> BaseTools/Source/C/Include/IndustryStandard/PeImage.h | 13 ++-
> MdeModulePkg/Core/Dxe/DxeMain.h | 2 +
> MdeModulePkg/Core/Dxe/Image/Image.c | 10 ++
> MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 8 +-
> MdePkg/Include/AArch64/ProcessorBind.h | 31 ++++++
> MdePkg/Include/Guid/MemoryAttributesTable.h | 8 +-
> MdePkg/Include/IndustryStandard/PeImage.h | 13 ++-
> MdePkg/Include/Library/PeCoffLib.h | 6 ++
> MdePkg/Library/BaseCpuLib/AArch64/CpuFlushTlb.S | 1 +
> MdePkg/Library/BaseCpuLib/AArch64/CpuSleep.S | 1 +
> MdePkg/Library/BaseIoLibIntrinsic/AArch64/ArmVirtMmio.S | 8 ++
> MdePkg/Library/BaseLib/AArch64/CpuBreakpoint.S | 1 +
> MdePkg/Library/BaseLib/AArch64/DisableInterrupts.S | 1 +
> MdePkg/Library/BaseLib/AArch64/EnableInterrupts.S | 1 +
> MdePkg/Library/BaseLib/AArch64/GetInterruptsState.S | 1 +
> MdePkg/Library/BaseLib/AArch64/MemoryFence.S | 1 +
> MdePkg/Library/BaseLib/AArch64/SetJumpLongJump.S | 5 +-
> MdePkg/Library/BaseLib/AArch64/SpeculationBarrier.S | 1 +
> MdePkg/Library/BaseLib/AArch64/SwitchStack.S | 2 +
> MdePkg/Library/BaseMemoryLibOptDxe/AArch64/CompareGuid.S | 1 +
> MdePkg/Library/BaseMemoryLibOptDxe/AArch64/CompareMem.S | 1 +
> MdePkg/Library/BaseMemoryLibOptDxe/AArch64/CopyMem.S | 1 +
> MdePkg/Library/BaseMemoryLibOptDxe/AArch64/ScanMem.S | 1 +
> MdePkg/Library/BaseMemoryLibOptDxe/AArch64/SetMem.S | 5 +
> MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 46
> ++++++---
> MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S | 3 +-
> MdePkg/Library/BaseRngLib/AArch64/ArmRng.S | 1 +
> MdePkg/Library/BaseSynchronizationLib/AArch64/Synchronization.S | 5 +
> 39 files changed, 270 insertions(+), 42 deletions(-)
> create mode 100644 ArmPkg/Library/GnuNoteBti.bin
>
> --
> 2.39.2
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#102129): https://edk2.groups.io/g/devel/message/102129
Mute This Topic: https://groups.io/mt/97879281/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
