From 443d8a625e38f68ff3441dc2c0088b3ff0e117a5 Mon Sep 17 00:00:00 2001 From: Oliver Smith-Denny Date: Fri, 13 Sep 2024 10:01:52 -0700 Subject: [PATCH] Remove StackCheckLibNull From MdeLibs.dsc.inc Commit ac43bbacdef18a6fea6d978e096326ec0805885d added StackCheckLibNull to MdeLibs.dsc.inc per review requests on the PR: https://github.com/tianocore/edk2/pull/5957#issuecomment-2246925255 https://github.com/tianocore/edk2/pull/5957#discussion_r1694761065. The PR was adapted to move specifying StackCheckLibNull in every DSC to MdeLibs.dsc.inc. However, while this works, it does not allow for a platform to use one of the other StackCheckLibs (such as StackCheckLibStaticInit) because we get a linker error by having the compiler defined stack cookie variables defined more than once (once from StackCheckLibNull in MdeLibs.dsc.inc and the other in the actual StackCheckLib implementation). Every platform must include MdeLibs.dsc.inc and there is no way to override a NULL library class. So, we must go back to the original solution and include StackCheckLib in each DSC with whatever the preferred version is. In order to avoid build breaks, this PR updates all DSCs and relevant dsc.incs to add StackCheckLibNull for the CI build. It also removes it from MdeLibs.dsc.inc. As per the original PR, StackCheckLib cannot be generically linked against all SEC modules, on some IA32/X64 SEC modules, they do not include _ModuleEntryPoint, which is required when linking against a module. This has been tested that StackCheckLibStaticInit can be used in a package's CI instead of the null version now. Continuous-integration-options: PatchCheck.ignore-multi-package Signed-off-by: Oliver Smith-Denny --- ArmPkg/ArmPkg.dsc | 3 +-- ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc | 3 +++ ArmVirtPkg/ArmVirt.dsc.inc | 6 +++--- CryptoPkg/CryptoPkg.dsc | 5 +++-- CryptoPkg/CryptoPkgMbedTls.dsc | 3 +++ DynamicTablesPkg/DynamicTablesPkg.dsc | 3 +-- EmbeddedPkg/EmbeddedPkg.dsc | 5 +++-- EmulatorPkg/EmulatorPkg.dsc | 5 +++-- FatPkg/FatPkg.dsc | 3 +-- FmpDevicePkg/FmpDevicePkg.dsc | 3 +-- IntelFsp2Pkg/IntelFsp2Pkg.dsc | 3 +-- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 5 ++--- MdeModulePkg/MdeModulePkg.dsc | 3 +-- MdePkg/MdeLibs.dsc.inc | 6 ------ MdePkg/MdePkg.dsc | 3 +++ NetworkPkg/NetworkPkg.dsc | 3 +-- OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +++--- OvmfPkg/Bhyve/BhyveX64.dsc | 6 +++--- OvmfPkg/CloudHv/CloudHvX64.dsc | 6 +++--- OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc | 8 ++++++++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 6 +++--- OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc | 8 +++++--- OvmfPkg/Microvm/MicrovmX64.dsc | 6 +++--- OvmfPkg/OvmfXen.dsc | 8 ++++++++ OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 6 +++--- PcAtChipsetPkg/PcAtChipsetPkg.dsc | 3 +-- PrmPkg/PrmPkg.dsc | 3 +-- RedfishPkg/RedfishPkg.dsc | 3 +-- SecurityPkg/SecurityPkg.dsc | 3 +-- ShellPkg/ShellPkg.dsc | 3 +-- SignedCapsulePkg/SignedCapsulePkg.dsc | 3 +-- SourceLevelDebugPkg/SourceLevelDebugPkg.dsc | 3 +-- StandaloneMmPkg/StandaloneMmPkg.dsc | 3 +++ UefiCpuPkg/UefiCpuPkg.dsc | 8 ++++++++ UefiPayloadPkg/UefiPayloadPkg.dsc | 6 +++--- 35 files changed, 90 insertions(+), 70 deletions(-) diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc index 041751e36830..fde91a4efed6 100644 --- a/ArmPkg/ArmPkg.dsc +++ b/ArmPkg/ArmPkg.dsc @@ -93,8 +93,7 @@ OemMiscLib|ArmPkg/Universal/Smbios/OemMiscLibNull/OemMiscLibNull.inf -[LibraryClasses.common.SEC] - # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] diff --git a/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc b/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc index 28ebe68b417e..b519dc8cc755 100644 --- a/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc +++ b/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc @@ -43,5 +43,8 @@ UefiLib|MdePkg/Library/UefiLib/UefiLib.inf UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [Components.common] ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.inf diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 890a056cd018..7a66dd013958 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -168,6 +168,9 @@ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf @@ -182,9 +185,6 @@ DebugLib|ArmVirtPkg/Library/DebugLibFdtPL011Uart/DebugLibFdtPL011UartFlash.inf !endif - # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f23fb6f945e1..481ef533d826 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -112,6 +112,9 @@ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf @@ -124,8 +127,6 @@ [LibraryClasses.common.SEC] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc index 17f41c4f3612..49e3b1012a49 100644 --- a/CryptoPkg/CryptoPkgMbedTls.dsc +++ b/CryptoPkg/CryptoPkgMbedTls.dsc @@ -51,6 +51,9 @@ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.PEIM] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf diff --git a/DynamicTablesPkg/DynamicTablesPkg.dsc b/DynamicTablesPkg/DynamicTablesPkg.dsc index 8cac9d579e37..cdf7cd6cbb58 100644 --- a/DynamicTablesPkg/DynamicTablesPkg.dsc +++ b/DynamicTablesPkg/DynamicTablesPkg.dsc @@ -34,8 +34,7 @@ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] diff --git a/EmbeddedPkg/EmbeddedPkg.dsc b/EmbeddedPkg/EmbeddedPkg.dsc index 503d7cc6d506..92be5c752468 100644 --- a/EmbeddedPkg/EmbeddedPkg.dsc +++ b/EmbeddedPkg/EmbeddedPkg.dsc @@ -107,6 +107,9 @@ TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.DXE_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf @@ -122,8 +125,6 @@ [LibraryClasses.common.SEC] ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmGicLib|ArmPkg/Drivers/ArmGic/ArmGicLib.inf diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index e4bf3ce4165e..378decf5e238 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -142,6 +142,9 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -151,8 +154,6 @@ PpiListLib|EmulatorPkg/Library/SecPpiListLib/SecPpiListLib.inf DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf TimerLib|EmulatorPkg/Library/PeiTimerLib/PeiTimerLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.USER_DEFINED, LibraryClasses.common.BASE] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf diff --git a/FatPkg/FatPkg.dsc b/FatPkg/FatPkg.dsc index 76dddaa6907e..553d2541606f 100644 --- a/FatPkg/FatPkg.dsc +++ b/FatPkg/FatPkg.dsc @@ -49,8 +49,7 @@ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index c38cbc480b72..7df46f940780 100644 --- a/FmpDevicePkg/FmpDevicePkg.dsc +++ b/FmpDevicePkg/FmpDevicePkg.dsc @@ -72,8 +72,7 @@ FmpDependencyDeviceLib|FmpDevicePkg/Library/FmpDependencyDeviceLibNull/FmpDependencyDeviceLibNull.inf TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM] diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dsc b/IntelFsp2Pkg/IntelFsp2Pkg.dsc index ea61c5d9b447..0a5b552af460 100644 --- a/IntelFsp2Pkg/IntelFsp2Pkg.dsc +++ b/IntelFsp2Pkg/IntelFsp2Pkg.dsc @@ -46,8 +46,7 @@ FspSecPlatformLib|IntelFsp2Pkg/Library/SecFspSecPlatformLibNull/SecFspSecPlatformLibNull.inf FspMultiPhaseLib|IntelFsp2Pkg/Library/BaseFspMultiPhaseLib/BaseFspMultiPhaseLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM, LibraryClasses.common.SEC] diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc index f904e6f258fe..2ead126e30fe 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -57,9 +57,8 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index f8204f787553..3e64f3c76b95 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -109,8 +109,7 @@ IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf SpiHcPlatformLib|MdeModulePkg/Library/BaseSpiHcPlatformLibNull/BaseSpiHcPlatformLibNull.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.EBC.PEIM] diff --git a/MdePkg/MdeLibs.dsc.inc b/MdePkg/MdeLibs.dsc.inc index 4e3858edb627..e40ff7d95e04 100644 --- a/MdePkg/MdeLibs.dsc.inc +++ b/MdePkg/MdeLibs.dsc.inc @@ -30,9 +30,3 @@ # definitions for the intrinsic functions. # NULL|MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf - -# Stack Cookies cannot be generically applied to SEC modules because they may not define _ModuleEntryPoint and when we -# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can -# apply a library class override to get StackCheckLibNull.inf -[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM, LibraryClasses.common.DXE_CORE, LibraryClasses.common.SMM_CORE, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index 0f00172be100..503fc9149ec7 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -35,6 +35,9 @@ [LibraryClasses] SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [Components] MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc index f008790f30f8..c5b739d83e7b 100644 --- a/NetworkPkg/NetworkPkg.dsc +++ b/NetworkPkg/NetworkPkg.dsc @@ -62,8 +62,7 @@ FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.UEFI_DRIVER] diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 1f5837d6e723..6174a726ca45 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -204,6 +204,9 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -232,9 +235,6 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 2f5fb46a2e67..e0ec700de596 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -232,6 +232,9 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -256,9 +259,6 @@ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 1a8d3c4911cf..f6e9bb86bb86 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -242,6 +242,9 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -269,9 +272,6 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc b/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc index 585545e106c9..9484083ee20f 100644 --- a/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc @@ -2,6 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## +# +# Stack Cookies cannot be generically applied to SEC modules because they may not define _ModuleEntryPoint and when we +# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can +# apply a library class override to get StackCheckLibNull.inf +# +[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM, LibraryClasses.common.DXE_CORE, LibraryClasses.common.SMM_CORE, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [PcdsFixedAtBuild.common] !ifdef $(FIRMWARE_VER) gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER)" diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index fbda01bd7582..95783c7d36fe 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -211,6 +211,9 @@ !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -240,9 +243,6 @@ PeilessStartupLib|OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc b/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc index 755892737b12..a30417cee478 100644 --- a/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc +++ b/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc @@ -185,6 +185,11 @@ VariableFlashInfoLib | MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf VirtNorFlashPlatformLib | OvmfPkg/Library/FdtNorFlashQemuLib/FdtNorFlashQemuLib.inf + # + # Provides Stack Cookie Implementation + # + NULL | MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PcdLib | MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf ReportStatusCodeLib | MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf @@ -194,9 +199,6 @@ PlatformHookLib | OvmfPkg/LoongArchVirt/Library/Fdt16550SerialPortHookLib/EarlyFdt16550SerialPortHookLib.inf CpuExceptionHandlerLib | UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL | MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] PcdLib | MdePkg/Library/PeiPcdLib/PeiPcdLib.inf HobLib | MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 6fe8dfd2880e..76b605f7e03b 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -246,6 +246,9 @@ !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -277,9 +280,6 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index ac7d18196909..9a87fc3f6a26 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -238,6 +238,14 @@ CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf +# +# Stack Cookies cannot be generically applied to SEC modules here because not all define _ModuleEntryPoint and when we +# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can +# apply a library class override to get StackCheckLibNull.inf +# +[LibraryClasses.common.PEIM, LibraryClasses.common.PEI_CORE, LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf !ifndef $(DEBUG_ON_HYPERVISOR_CONSOLE) diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc index 9cf743c842bc..d7227d88c7a9 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc @@ -141,6 +141,9 @@ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf @@ -152,9 +155,6 @@ PrePiHobListPointerLib|OvmfPkg/RiscVVirt/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.DXE_CORE] PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/PcAtChipsetPkg/PcAtChipsetPkg.dsc b/PcAtChipsetPkg/PcAtChipsetPkg.dsc index 73f8198f68fd..b9a52b7040ba 100644 --- a/PcAtChipsetPkg/PcAtChipsetPkg.dsc +++ b/PcAtChipsetPkg/PcAtChipsetPkg.dsc @@ -45,8 +45,7 @@ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [Components] diff --git a/PrmPkg/PrmPkg.dsc b/PrmPkg/PrmPkg.dsc index 8eeb393cd19c..4b793dd5175e 100644 --- a/PrmPkg/PrmPkg.dsc +++ b/PrmPkg/PrmPkg.dsc @@ -40,8 +40,7 @@ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.IA32, LibraryClasses.X64] diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index 97f20597d244..03eeed4a3d83 100644 --- a/RedfishPkg/RedfishPkg.dsc +++ b/RedfishPkg/RedfishPkg.dsc @@ -52,8 +52,7 @@ IpmiLib|MdeModulePkg/Library/BaseIpmiLibNull/BaseIpmiLibNull.inf IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index f6a3f49f12aa..53d9d166f1dd 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -89,8 +89,7 @@ PlatformLibWrapper|SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc index 029a22fc7997..3b2470780f00 100644 --- a/ShellPkg/ShellPkg.dsc +++ b/ShellPkg/ShellPkg.dsc @@ -65,8 +65,7 @@ DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [PcdsFixedAtBuild] diff --git a/SignedCapsulePkg/SignedCapsulePkg.dsc b/SignedCapsulePkg/SignedCapsulePkg.dsc index 1217d24b8adc..267d5279cb5d 100644 --- a/SignedCapsulePkg/SignedCapsulePkg.dsc +++ b/SignedCapsulePkg/SignedCapsulePkg.dsc @@ -95,8 +95,7 @@ PlatformFlashAccessLib|SignedCapsulePkg/Library/PlatformFlashAccessLibNull/PlatformFlashAccessLibNull.inf RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM] diff --git a/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc b/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc index 1b9a99b6ab57..da01df2b392d 100644 --- a/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc +++ b/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc @@ -52,8 +52,7 @@ !endif !endif -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] diff --git a/StandaloneMmPkg/StandaloneMmPkg.dsc b/StandaloneMmPkg/StandaloneMmPkg.dsc index 51dd134ef9da..b3a5550e9b8c 100644 --- a/StandaloneMmPkg/StandaloneMmPkg.dsc +++ b/StandaloneMmPkg/StandaloneMmPkg.dsc @@ -64,6 +64,9 @@ ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.PEIM] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc index f173bba87e4b..5f21f2aa5772 100644 --- a/UefiCpuPkg/UefiCpuPkg.dsc +++ b/UefiCpuPkg/UefiCpuPkg.dsc @@ -72,6 +72,14 @@ HobLib|MdeModulePkg/Library/BaseHobLibNull/BaseHobLibNull.inf MemoryAllocationLib|MdeModulePkg/Library/BaseMemoryAllocationLibNull/BaseMemoryAllocationLibNull.inf +# +# Stack Cookies cannot be generically applied to SEC modules here because not all define _ModuleEntryPoint and when we +# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can +# apply a library class override to get StackCheckLibNull.inf +# +[LibraryClasses.common.PEIM, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 3c0f2d699b0b..c0afce6a3b3f 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -321,6 +321,9 @@ HobPrintLib|MdeModulePkg/Library/HobPrintLib/HobPrintLib.inf BuildFdtLib|UefiPayloadPkg/Library/BuildFdtLib/BuildFdtLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] !if $(BOOTSPLASH_IMAGE) SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf @@ -352,9 +355,6 @@ SerialPortLib|UefiPayloadPkg/Library/BaseSerialPortLibHob/BaseSerialPortLibHob.inf !endif - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.DXE_CORE] DxeHobListLib|UefiPayloadPkg/Library/DxeHobListLibNull/DxeHobListLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf