From ead7cb12d5b0e23b55e47f38a8a0675958783668 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Fri, 28 Aug 2015 08:12:51 +0000 Subject: [PATCH] OvmfPkg: prevent code execution from DXE stack SVN rev 18166 ("MdeModulePkg DxeIpl: Add stack NX support") enables platforms to request non-executable stack for the DXE phase, by setting PcdSetNxForStack to TRUE. The PCD defaults to FALSE, because: (a) A non-executable DXE stack is a new feature and causes changes in behavior. Some platform could rely on executing code from the stack. (b) The code enabling NX in the DXE IPL PEIM enforces the PcdSetNxForStack ==> PcdDxeIplBuildPageTables implication for "64-bit PEI + 64-bit DXE" platforms, with a new ASSERT(). Some platform might not comply with this requirement immediately. Regarding (a), in none of the OVMF builds do we try to execute code from the stack. Regarding (b): - In the OvmfPkgX64.dsc build (which is where (b) applies) we simply inherit the PcdDxeIplBuildPageTables|TRUE default from "MdeModulePkg/MdeModulePkg.dec". Therefore we can set PcdSetNxForStack to TRUE. - In OvmfPkgIa32X64.dsc, page tables are built by default for DXE. Hence we can set PcdSetNxForStack to TRUE. - In OvmfPkgIa32.dsc, page tables used not to be necessary until now. After we set PcdSetNxForStack to TRUE in this patch, the DXE IPL will construct page tables even when it is built as part of OvmfPkgIa32.dsc, provided the (virtual) hardware supports both PAE mode and the XD bit. Should this setting cause problems in a GPU (or other device) passthru scenario, with a UEFI_DRIVER in the PCI option rom attempting to execute code from the stack, the feature can be dynamically disabled on the QEMU command line, with "-cpu ,-nx". Cc: Paolo Bonzini Cc: Jordan Justen Cc: "Zeng, Star" Suggested-by: Paolo Bonzini Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Star Zeng git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18360 6f19259b-4bc3-4df7-8a09-765794883524 --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + 3 files changed, 3 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d92a327bf6..685e72a570 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -308,6 +308,7 @@ !endif [PcdsFixedAtBuild] + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 1c39cc7b62..84cbb7ab4d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -313,6 +313,7 @@ !endif [PcdsFixedAtBuild] + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 778ea28926..1d023a7527 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -313,6 +313,7 @@ !endif [PcdsFixedAtBuild] + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1 gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10