diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2025-02-08 11:25:19 +0100 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2025-02-11 20:25:08 +0000 |
| commit | 96cf70951f53f16853fdd42129b73940e71bab2d (patch) | |
| tree | 13dc48ccdae88f0426a05016239afcfa296a5f17 /MdePkg/Library/StackCheckLib/Readme.md | |
| parent | 5c3dcef94cf36646f75a44cb75c72beb34fa1fd0 (diff) | |
| download | edk2-96cf70951f53f16853fdd42129b73940e71bab2d.tar.gz | |
MdePkg/DynamicStackCookieEntryPointLib: Drop execute-in-place versions
SEC, PEI_CORE and PEIM type modules generally execute in place from
memory that is not writable. This means that it is not generally
possible to use an entrypoint implementation that stores a dynamically
generated stack cookie into a global variable. For PEIMs in particular,
there may be other options, such as a DEPEX on the permanent memory PPI,
but the current dynamic implementations of the stack checking library
entrypoints for PEI_CORE and PEIM modules must not be used as-is.
So remove them, and update the readme accordingly.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Diffstat (limited to 'MdePkg/Library/StackCheckLib/Readme.md')
| -rw-r--r-- | MdePkg/Library/StackCheckLib/Readme.md | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/MdePkg/Library/StackCheckLib/Readme.md b/MdePkg/Library/StackCheckLib/Readme.md index 2d9bb6fbda..fe16084bd3 100644 --- a/MdePkg/Library/StackCheckLib/Readme.md +++ b/MdePkg/Library/StackCheckLib/Readme.md @@ -195,17 +195,12 @@ This will cause `MdeLibs.dsc.inc` to not link `StackCheckLibNull` and instead li stack cookie updating versions of `DxeCoreEntryPoint`, `StandaloneMmDriverEntryPoint`,
`UefiApplicationEntryPoint`, and `UefiDriverEntryPoint`.
-Because edk2 does not implement exception handling for `SEC` and `PEI_CORE`, `MdeLibs.dsc.inc`
-uses `StackCheckLibNull` for these phases always. As a result, dynamic stack cookies are also
-not set for `PEI_CORE`. There is no standard `SEC` entrypoint, so it is not supported generically
-to apply dynamic stack cookies there. If a platform wishes to use `StackCheckLib` and dynamic stack
-cookies for these phases, it should override this in its DSC, e.g.:
-
-```inf
-[LibraryClasses.common.SEC, LibraryClasses.common.PEI_CORE]
- StackCheckLib|MdePkg/Library/StackCheckLib/StackCheckLib.inf
- PeiCoreEntryPoint|MdePkg/Library/DynamicStackCookieEntryPointLib/PeiCoreEntryPoint.inf
-```
+Because edk2 does not implement exception handling for `SEC` and `PEI_CORE`,
+`MdeLibs.dsc.inc` uses `StackCheckLibNull` for these phases always. If a
+platform wishes to use `StackCheckLib` for these phases, it can enable static
+stack cookie checking, as documented in the previous section. Due to the fact
+that writable global variables are not supported in the `SEC` or `PEI` phases
+of execution, dynamic stack cookie checking is not supported here.
It is recommended that a platform only do this for debugging or if they have implemented
exception handlers for these phases.
|