From patchwork Tue Dec 6 19:42:17 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 86905 Delivered-To: patch@linaro.org Received: by 10.140.20.101 with SMTP id 92csp2190965qgi; Tue, 6 Dec 2016 11:42:31 -0800 (PST) X-Received: by 10.237.32.70 with SMTP id 64mr55180505qta.163.1481053351069; Tue, 06 Dec 2016 11:42:31 -0800 (PST) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id 82si2402242qks.109.2016.12.06.11.42.30; Tue, 06 Dec 2016 11:42:31 -0800 (PST) Received-SPF: pass (google.com: domain of linaro-uefi-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linaro-uefi-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=linaro-uefi-bounces@lists.linaro.org; dmarc=pass (p=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6EC5062D8B; Tue, 6 Dec 2016 19:42:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2 autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id A143062D87; Tue, 6 Dec 2016 19:42:26 +0000 (UTC) X-Original-To: linaro-uefi@lists.linaro.org Delivered-To: linaro-uefi@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 5861B62D89; Tue, 6 Dec 2016 19:42:25 +0000 (UTC) Received: from mail-wj0-f171.google.com (mail-wj0-f171.google.com [209.85.210.171]) by lists.linaro.org (Postfix) with ESMTPS id 60C1962D86 for ; Tue, 6 Dec 2016 19:42:24 +0000 (UTC) Received: by mail-wj0-f171.google.com with SMTP id tg4so79706428wjb.1 for ; Tue, 06 Dec 2016 11:42:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=52okyBipwpT0YTTmc0PA8p1uc1THAPZlA+vVmtH5lCU=; b=Abzt3Sf6LDn63yhzsque17P7Lvncs6IgGSy81xj5Ha3oh68+cNdZUpbR8p6y2JAbv7 ybVFrHTXjvivTOC5zJ5/Pd8e7v1jx6m9r2kZiZuqkwFZZULf15UGnyQ3gMYfNOiec2yL qJiCiym3qFlobDlQOA4pMiqgqT/NM8YE5C5hvQfRwX4OZEAtlFACoEM8dlGurrmcLyCZ O96PMLcJe9+hYUfmp1r6TloO2JMeL1Q7TQtsJxD1Kfm5yeeuD1An/5JTWsHarPb4Enz2 ZukzolRfvJ5YDfFDGs4fvSLCto7p1jdWgxN+Fs0qOt0hyOu/P4PiOUb2HkEZyF+YmIcL Lgbw== X-Gm-Message-State: AKaTC03biomJVW1ev61+GjLPHy1RLRQ9iGjPc8LDtcfYD9VLfwhJbXwm9SDeSXOCOWDnbicl+9g= X-Received: by 10.194.85.77 with SMTP id f13mr56349702wjz.187.1481053343311; Tue, 06 Dec 2016 11:42:23 -0800 (PST) Received: from localhost.localdomain ([105.144.52.243]) by smtp.gmail.com with ESMTPSA id g17sm27387253wjs.38.2016.12.06.11.42.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 06 Dec 2016 11:42:22 -0800 (PST) From: Ard Biesheuvel To: linaro-uefi@lists.linaro.org Date: Tue, 6 Dec 2016 19:42:17 +0000 Message-Id: <1481053337-13319-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [Linaro-uefi] [PATCH] Platforms/AMD/Styx: map the DXE stack as non-executable X-BeenThere: linaro-uefi@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: linaro-uefi-bounces@lists.linaro.org Sender: "Linaro-uefi" Map the DXE stack as non-executable, to prevent stack buffer overflows from being exploitable. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Signed-off-by: Leif Lindholm --- Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc | 3 +++ Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc | 3 +++ Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc | 3 +++ 3 files changed, 9 insertions(+) diff --git a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc index f833fe200422..0f299c388d00 100644 --- a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc +++ b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc @@ -439,6 +439,9 @@ DEFINE DO_KCS = 0 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000 + # map the stack as non-executable when entering the DXE phase + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [PcdsPatchableInModule] # PCIe Configuration: x4x2x2 gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2 diff --git a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc index 107205386c55..0d630fba1ca9 100644 --- a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc +++ b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc @@ -461,6 +461,9 @@ DEFINE DO_KCS = 1 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000 + # map the stack as non-executable when entering the DXE phase + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [PcdsPatchableInModule] # PCIe Configuration: x4x2x2 (=2 See Include/FDKGionb.h) gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2 diff --git a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc index 92721064a51f..944cee3d8536 100644 --- a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc +++ b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc @@ -458,6 +458,9 @@ DEFINE DO_KCS = 1 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000 + # map the stack as non-executable when entering the DXE phase + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + !if $(DO_XGBE) gAmdModulePkgTokenSpaceGuid.PcdXgbeEnable|TRUE