mirror of https://github.com/acidanthera/audk.git
ead7cb12d5
SVN rev 18166 ("MdeModulePkg DxeIpl: Add stack NX support") enables
platforms to request non-executable stack for the DXE phase, by setting
PcdSetNxForStack to TRUE.
The PCD defaults to FALSE, because:
(a) A non-executable DXE stack is a new feature and causes changes in
behavior. Some platform could rely on executing code from the stack.
(b) The code enabling NX in the DXE IPL PEIM enforces the
PcdSetNxForStack ==> PcdDxeIplBuildPageTables
implication for "64-bit PEI + 64-bit DXE" platforms, with a new
ASSERT(). Some platform might not comply with this requirement
immediately.
Regarding (a), in none of the OVMF builds do we try to execute code from
the stack.
Regarding (b):
- In the OvmfPkgX64.dsc build (which is where (b) applies) we simply
inherit the PcdDxeIplBuildPageTables|TRUE default from
"MdeModulePkg/MdeModulePkg.dec". Therefore we can set PcdSetNxForStack
to TRUE.
- In OvmfPkgIa32X64.dsc, page tables are built by default for DXE. Hence
we can set PcdSetNxForStack to TRUE.
- In OvmfPkgIa32.dsc, page tables used not to be necessary until now.
After we set PcdSetNxForStack to TRUE in this patch, the DXE IPL will
construct page tables even when it is built as part of OvmfPkgIa32.dsc,
provided the (virtual) hardware supports both PAE mode and the XD bit.
Should this setting cause problems in a GPU (or other device) passthru
scenario, with a UEFI_DRIVER in the PCI option rom attempting to execute
code from the stack, the feature can be dynamically disabled on the QEMU
command line, with "-cpu <MODEL>,-nx".
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: "Zeng, Star" <star.zeng@intel.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18360 6f19259b-4bc3-4df7-8a09-765794883524
|
||
|---|---|---|
| AppPkg | ||
| ArmPkg | ||
| ArmPlatformPkg | ||
| ArmVirtPkg | ||
| BaseTools | ||
| BeagleBoardPkg | ||
| Conf | ||
| CorebootModulePkg | ||
| CorebootPayloadPkg | ||
| CryptoPkg | ||
| DuetPkg | ||
| EdkCompatibilityPkg | ||
| EdkShellBinPkg | ||
| EdkShellPkg | ||
| EmbeddedPkg | ||
| EmulatorPkg | ||
| FatBinPkg | ||
| IntelFrameworkModulePkg | ||
| IntelFrameworkPkg | ||
| IntelFspPkg | ||
| IntelFspWrapperPkg | ||
| MdeModulePkg | ||
| MdePkg | ||
| NetworkPkg | ||
| Nt32Pkg | ||
| Omap35xxPkg | ||
| OptionRomPkg | ||
| OvmfPkg | ||
| PcAtChipsetPkg | ||
| PerformancePkg | ||
| SecurityPkg | ||
| ShellBinPkg | ||
| ShellPkg | ||
| SourceLevelDebugPkg | ||
| StdLib | ||
| StdLibPrivateInternalFiles | ||
| UefiCpuPkg | ||
| UnixPkg | ||
| Vlv2DeviceRefCodePkg | ||
| Vlv2TbltDevicePkg | ||
| .gitignore | ||
| BuildNotes2.txt | ||
| Edk2Setup.bat | ||
| Maintainers.txt | ||
| edksetup.bat | ||
| edksetup.sh | ||