]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f1dcbe)
ArmVirtPkg: enable non-executable DXE stack for all platforms
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Wed, 1 Mar 2017 16:31:43 +0000 (16:31 +0000)
committerArd Biesheuvel <ard.biesheuvel@linaro.org>
Tue, 7 Mar 2017 09:31:56 +0000 (10:31 +0100)
Now that ARM has grown support for managing memory permissions in
ArmMmuLib, we can enable the non-executable DXE stack for all virt
platforms. Note that this includes the AARCH64 Xen platform as well.

Note that this is not [entirely] redundant: the non-executable stack
is configured before DxeCore is invoked. The image and memory protection
features configured during DXE only take affect when the CPU arch
protocol implementation is registered.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
ArmVirtPkg/ArmVirt.dsc.inc patch | blob | blame | history
ArmVirtPkg/ArmVirtQemu.dsc patch | blob | blame | history
ArmVirtPkg/ArmVirtQemuKernel.dsc patch | blob | blame | history

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index acfb71d3ff6c7f3b9c99e2b8f32b9c27e3e34b82..e2d3dcce7945f560d9e0eb0ece0546b077c8b651 100644 (file)
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -386,6 +386,11 @@
   #\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
 \r
   #\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
 \r
+  #\r
+  # Enable the non-executable DXE stack. (This gets set up by DxeIpl)\r
+  #\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
+\r
 [PcdsFixedAtBuild.ARM]\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
 \r
 [PcdsFixedAtBuild.ARM]\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
 \r
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 615e1fca48774b07e578d0c0b0e454fdc9a6b6b4..477dfdcfc76465ae650c06ba14fd856be0978940 100644 (file)
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -152,8 +152,6 @@
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16\r
 \r
 [PcdsFixedAtBuild.AARCH64]\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16\r
 \r
 [PcdsFixedAtBuild.AARCH64]\r
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
-\r
   # KVM limits it IPA space to 40 bits (1 TB), so there is no need to\r
   # support anything bigger, even if the host hardware does\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
   # KVM limits it IPA space to 40 bits (1 TB), so there is no need to\r
   # support anything bigger, even if the host hardware does\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index e4902690123c4a344f78747ab52962efda2b3dea..fd39c2802a85b757e020d3082dcd89b689c55a0c 100644 (file)
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -163,8 +163,6 @@
   #\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16\r
 \r
   #\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16\r
 \r
-  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
-\r
   # KVM limits it IPA space to 40 bits (1 TB), so there is no need to\r
   # support anything bigger, even if the host hardware does\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
   # KVM limits it IPA space to 40 bits (1 TB), so there is no need to\r
   # support anything bigger, even if the host hardware does\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
EFI Development Kit II mirror for PVE