TL;DR - allow DXE drivers to execute in place from the decompressed FV
loaded into memory by DxeIpl so we can apply strict permissions before
dispatching DXE core.
Currently, executable images loaded from firmware volumes are copied at
least three times: once in the firmware volume driver, once in the DXE
core load image code, and finally when the PE sections are populated in
memory based on the section descriptions in the file.
At least two of these copies serve little purpose, given that most
drivers are typically dispatched from a memory-mapped firmware volume
that is loaded into DRAM by DxeIpl from a compressed image in the boot
FV, and so we can take a short-cut in the DXE image loader so that the
PE/COFF library that performs the load uses the image in the memory
mapped FV as its source directly. This is implemented by the first 6
patches (where the first 3 are just cleanups)
With this logic in place, we can go one step further, and actually
dispatch the image in place (similar to how XIP PEIMs are dispatched),
without over moving it out of the decompressed firmware volume. This
requires the image to be aligned sufficiently inside the FV, but this is
also the same logic that applies to XIP PEIMs, and this can be achieved
trivially by tweaking some FDF image generation rules. (Note that this
adds padding to the FV, but this generally compresses well, and we
ultimately uses less memory at runtime by not making a copy of the
image).
This requires the DXE IPL (which is the component that decompresses the
firmware volumes to memory) to iterate over the contents and relocate
these drivers in place. Given that DXE IPL is already in charge of
applying NX permissions to the stack and to other memory regions, we can
trivially extend it to apply restricted permissions to the XIP DXE
drivers after relocation.
This means we enter DXE core with those DXE drivers ready to be
dispatched, removing the need to perform manipulation of memory
attributes before the CPU arch protocol is dispatched, which is a bit of
a catch-22 otherwise.
With these changes in place, the platform no longer needs to map memory
writable and executable by default, and all DRAM can be mapped
non-executable right out of reset.
Cc: Ray Ni <ray...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Taylor Beebe <t...@taylorbeebe.com>
Cc: Oliver Smith-Denny <o...@smith-denny.com>
Cc: Dandan Bi <dandan...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: Leif Lindholm <quic_llind...@quicinc.com>
Cc: Michael Kubacki <mikub...@linux.microsoft.com>
Ard Biesheuvel (11):
MdeModulePkg/DxeCore: Remove unused 'EntryPoint' argument to LoadImage
MdeModulePkg/DxeCore: Remove unused DstBuffer arg from LoadImage
MdeModulePkg/DxeCore: Remove FreePage argument from CoreUnloadImage
MdeModulePkg/DxeCore: Avoid caching memory mapped FFS files
MdeModulePkg/DxeCore: Use memory mapped FV protocol to avoid image
copy
MdeModulePkg/DxeCore: Expose memory mapped FV protocol when possible
MdeModulePkg/DxeCore: Execute loaded images in place if possible
MdeModulePkg/DxeIpl: Relocate and remap XIP capable DXE drivers
MdeModulePkg/DxeCore: Add PCD NX policy bit for default NX state
ArmVirtPkg/ArmVirtQemu: Allow CPU arch protocol DXE to execute in
place
ArmVirtPkg/ArmVirtQemu: Map all DRAM non-execute by default
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 17 +-
ArmVirtPkg/ArmVirtRules.fdf.inc | 9 +
ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 4 +-
ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf | 2 +-
MdeModulePkg/Core/Dxe/DxeMain.h | 1 +
MdeModulePkg/Core/Dxe/DxeMain.inf | 3 +
MdeModulePkg/Core/Dxe/FwVol/FwVol.c | 113 ++++++-
MdeModulePkg/Core/Dxe/FwVol/FwVolDriver.h | 31 ++
MdeModulePkg/Core/Dxe/FwVol/FwVolRead.c | 22 --
MdeModulePkg/Core/Dxe/Image/Image.c | 322
++++++++++----------
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 7 +
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 1 +
MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 196 ++++++++++++
MdeModulePkg/Include/Protocol/MemoryMappedFv.h | 59 ++++
MdeModulePkg/MdeModulePkg.dec | 6 +
16 files changed, 607 insertions(+), 187 deletions(-)
create mode 100644 MdeModulePkg/Include/Protocol/MemoryMappedFv.h
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105362): https://edk2.groups.io/g/devel/message/105362
Mute This Topic: https://groups.io/mt/99197132/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
