tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

MdePkg/DynamicStackCookieEntryPointLib: Drop execute-in-place versions

Browse Source 
SEC, PEI_CORE and PEIM type modules generally execute in place from
memory that is not writable. This means that it is not generally
possible to use an entrypoint implementation that stores a dynamically
generated stack cookie into a global variable. For PEIMs in particular,
there may be other options, such as a DEPEX on the permanent memory PPI,
but the current dynamic implementations of the stack checking library
entrypoints for PEI_CORE and PEIM modules must not be used as-is.

So remove them, and update the readme accordingly.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
Ard Biesheuvel 2025-02-08 11:25:19 +01:00 committed by mergify[bot]
parent 5c3dcef94c
commit 96cf70951f
8 changed files with 6 additions and 297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
MdePkg/Library/DynamicStackCookieEntryPointLib/PeiCore/PeiCoreEntryPoint.c
View File

@ -1,93 +0,0 @@
/** @file
Entry point to a the PEI Core.
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
//
// The Library classes this module produced
//
#include <Library/PeiCoreEntryPoint.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
/**
The entry point of PE/COFF Image for the PEI Core.
This function is the entry point for the PEI Foundation, which allows the SEC phase
to pass information about the stack, temporary RAM and the Boot Firmware Volume.
In addition, it also allows the SEC phase to pass services and data forward for use
during the PEI phase in the form of one or more PPIs.
There is no limit to the number of additional PPIs that can be passed from SEC into
the PEI Foundation. As part of its initialization phase, the PEI Foundation will add
these SEC-hosted PPIs to its PPI database such that both the PEI Foundation and any
modules can leverage the associated service calls and/or code in these early PPIs.
This function is required to call ProcessModuleEntryPointList() with the Context
parameter set to NULL. ProcessModuleEntryPoint() is never expected to return.
The PEI Core is responsible for calling ProcessLibraryConstructorList() as soon as
the PEI Services Table and the file handle for the PEI Core itself have been established.
If ProcessModuleEntryPointList() returns, then ASSERT() and halt the system.
@param SecCoreData Points to a data structure containing information about the
PEI core's operating environment, such as the size and
location of temporary RAM, the stack location and the BFV
location.
@param PpiList Points to a list of one or more PPI descriptors to be
installed initially by the PEI core. An empty PPI list
consists of a single descriptor with the end-tag
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST.
As part of its initialization phase, the PEI Foundation will
add these SEC-hosted PPIs to its PPI database, such that both
the PEI Foundation and any modules can leverage the associated
service calls and/or code in these early PPIs.
**/
VOID
EFIAPI
_CModuleEntryPoint (
IN CONST EFI_SEC_PEI_HAND_OFF *SecCoreData,
IN CONST EFI_PEI_PPI_DESCRIPTOR *PpiList
)
{
ProcessModuleEntryPointList (SecCoreData, PpiList, NULL);
//
// Should never return
//
ASSERT (FALSE);
CpuDeadLoop ();
}
/**
Required by the EBC compiler and identical in functionality to _ModuleEntryPoint().
This function is required to call _CModuleEntryPoint() passing in SecCoreData and PpiList.
@param SecCoreData Points to a data structure containing information about the PEI core's
operating environment, such as the size and location of temporary RAM,
the stack location and the BFV location.
@param PpiList Points to a list of one or more PPI descriptors to be installed
initially by the PEI core. An empty PPI list consists of
a single descriptor with the end-tag
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST.
As part of its initialization phase, the PEI Foundation will
add these SEC-hosted PPIs to its PPI database, such that both
the PEI Foundationand any modules can leverage the associated
service calls and/or code in these early PPIs.
**/
VOID
EFIAPI
EfiMain (
IN CONST EFI_SEC_PEI_HAND_OFF *SecCoreData,
IN CONST EFI_PEI_PPI_DESCRIPTOR *PpiList
)
{
_CModuleEntryPoint (SecCoreData, PpiList);
}

16
MdePkg/Library/DynamicStackCookieEntryPointLib/PeiCore/PeiCoreEntryPoint.uni
View File

@ -1,16 +0,0 @@
// /** @file
// Module entry point library for PEI core.
//
// Module entry point library for PEI core.
//
// Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Module entry point library for PEI core"
#string STR_MODULE_DESCRIPTION #language en-US "Module entry point library for PEI core."

44
MdePkg/Library/DynamicStackCookieEntryPointLib/PeiCoreEntryPoint.inf
View File

@ -1,44 +0,0 @@
## @file
# Module entry point library for PEI core that dynamically updates the stack cookie.
#
# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = PeiCoreEntryPointDynamicInit
MODULE_UNI_FILE = PeiCore/PeiCoreEntryPoint.uni
FILE_GUID = 2627DFCD-054D-403E-B812-E67034865D29
MODULE_TYPE = PEI_CORE
VERSION_STRING = 1.0
LIBRARY_CLASS = PeiCoreEntryPoint|PEI_CORE
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
PeiCore/PeiCoreEntryPoint.c
[Sources.IA32]
IA32/DynamicCookieGcc.nasm | GCC
IA32/DynamicCookieMsvc.nasm | MSFT
[Sources.X64]
X64/DynamicCookieGcc.nasm | GCC
X64/DynamicCookieMsvc.nasm | MSFT
[Sources.AARCH64]
AArch64/DynamicCookieGcc.S | GCC
[Packages]
MdePkg/MdePkg.dec
[LibraryClasses]
BaseLib
DebugLib
StackCheckLib

72
MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimEntryPoint.c
View File

@ -1,72 +0,0 @@
/** @file
Entry point to a PEIM.
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Library/PeimEntryPoint.h>
#include <Library/DebugLib.h>
/**
The entry point of PE/COFF Image for a PEIM.
This function is the entry point for a PEIM. This function must call ProcessLibraryConstructorList()
and ProcessModuleEntryPointList(). The return value from ProcessModuleEntryPointList() is returned.
If _gPeimRevision is not zero and PeiServices->Hdr.Revision is less than _gPeimRevison, then ASSERT().
@param FileHandle Handle of the file being invoked.
@param PeiServices Describes the list of possible PEI Services.
@retval EFI_SUCCESS The PEIM executed normally.
@retval !EFI_SUCCESS The PEIM failed to execute normally.
**/
EFI_STATUS
EFIAPI
_CModuleEntryPoint (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
if (_gPeimRevision != 0) {
//
// Make sure that the PEI spec revision of the platform is >= PEI spec revision of the driver
//
ASSERT ((*PeiServices)->Hdr.Revision >= _gPeimRevision);
}
//
// Call constructor for all libraries
//
ProcessLibraryConstructorList (FileHandle, PeiServices);
//
// Call the driver entry point
//
return ProcessModuleEntryPointList (FileHandle, PeiServices);
}
/**
Required by the EBC compiler and identical in functionality to _ModuleEntryPoint().
This function is required to call _ModuleEntryPoint() passing in FileHandle and PeiServices.
@param FileHandle Handle of the file being invoked.
@param PeiServices Describes the list of possible PEI Services.
@retval EFI_SUCCESS The PEIM executed normally.
@retval !EFI_SUCCESS The PEIM failed to execute normally.
**/
EFI_STATUS
EFIAPI
EfiMain (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
return _CModuleEntryPoint (FileHandle, PeiServices);
}

16
MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimEntryPoint.uni
View File

@ -1,16 +0,0 @@
// /** @file
// Module entry point library for PEIM.
//
// Module entry point library for PEIM.
//
// Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Module entry point library for PEIM"
#string STR_MODULE_DESCRIPTION #language en-US "Module entry point library for PEIM."

43
MdePkg/Library/DynamicStackCookieEntryPointLib/PeimEntryPoint.inf
View File

@ -1,43 +0,0 @@
## @file
# Module entry point library for PEIM that dynamically updates the stack cookie.
#
# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = PeimEntryPointDynamicInit
MODULE_UNI_FILE = Peim/PeimEntryPoint.uni
FILE_GUID = 0E53AFCB-7FDD-461E-B8CE-6DA9F3F9014C
MODULE_TYPE = PEIM
VERSION_STRING = 1.0
LIBRARY_CLASS = PeimEntryPoint|PEIM
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
Peim/PeimEntryPoint.c
[Sources.IA32]
IA32/DynamicCookieGcc.nasm | GCC
IA32/DynamicCookieMsvc.nasm | MSFT
[Sources.X64]
X64/DynamicCookieGcc.nasm | GCC
X64/DynamicCookieMsvc.nasm | MSFT
[Sources.AARCH64]
AArch64/DynamicCookieGcc.S | GCC
[Packages]
MdePkg/MdePkg.dec
[LibraryClasses]
DebugLib
StackCheckLib

17
MdePkg/Library/StackCheckLib/Readme.md
View File

@ -195,17 +195,12 @@ This will cause `MdeLibs.dsc.inc` to not link `StackCheckLibNull` and instead li
stack cookie updating versions of `DxeCoreEntryPoint`, `StandaloneMmDriverEntryPoint`,
`UefiApplicationEntryPoint`, and `UefiDriverEntryPoint`.
Because edk2 does not implement exception handling for `SEC` and `PEI_CORE`, `MdeLibs.dsc.inc`
uses `StackCheckLibNull` for these phases always. As a result, dynamic stack cookies are also
not set for `PEI_CORE`. There is no standard `SEC` entrypoint, so it is not supported generically
to apply dynamic stack cookies there. If a platform wishes to use `StackCheckLib` and dynamic stack
cookies for these phases, it should override this in its DSC, e.g.:
```inf
[LibraryClasses.common.SEC, LibraryClasses.common.PEI_CORE]
StackCheckLib|MdePkg/Library/StackCheckLib/StackCheckLib.inf
PeiCoreEntryPoint|MdePkg/Library/DynamicStackCookieEntryPointLib/PeiCoreEntryPoint.inf
```
Because edk2 does not implement exception handling for `SEC` and `PEI_CORE`,
`MdeLibs.dsc.inc` uses `StackCheckLibNull` for these phases always. If a
platform wishes to use `StackCheckLib` for these phases, it can enable static
stack cookie checking, as documented in the previous section. Due to the fact
that writable global variables are not supported in the `SEC` or `PEI` phases
of execution, dynamic stack cookie checking is not supported here.
It is recommended that a platform only do this for debugging or if they have implemented
exception handlers for these phases.

2
MdePkg/MdePkg.dsc
View File

@ -144,8 +144,6 @@
MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
MdePkg/Library/StackCheckLib/StackCheckLib.inf
MdePkg/Library/DynamicStackCookieEntryPointLib/DxeCoreEntryPoint.inf
MdePkg/Library/DynamicStackCookieEntryPointLib/PeiCoreEntryPoint.inf
MdePkg/Library/DynamicStackCookieEntryPointLib/PeimEntryPoint.inf
MdePkg/Library/DynamicStackCookieEntryPointLib/StandaloneMmDriverEntryPoint.inf
MdePkg/Library/DynamicStackCookieEntryPointLib/UefiApplicationEntryPoint.inf
MdePkg/Library/DynamicStackCookieEntryPointLib/UefiDriverEntryPoint.inf