From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2904A82241 for ; Wed, 22 Feb 2017 10:25:12 -0800 (PST) Received: by mail-wr0-x231.google.com with SMTP id s27so7996226wrb.2 for ; Wed, 22 Feb 2017 10:25:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PZzERjxxvqhbBXywh2UfA5kCwGMS83lyqLRRBYIdBS8=; b=VQgt8KXB8tjqKAsFrQweg3WB6LQYhZHkYUCDecYAVSpFzhcDBtog9bYTl3j4eUmxE2 Ac3KX8iLOgfXnLCDueDNSAwOtn0JjSDzCnis1Z8zHMM5mUbTn6mtXUVEJcxwj9HHVJKv ULu8mcIhcMLpC45rIhGnaRoYAgKEKOUVQg2WU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PZzERjxxvqhbBXywh2UfA5kCwGMS83lyqLRRBYIdBS8=; b=aTFd4rT25UlKdcbFgXz+CdHRbGrGdKawaCgT8H+1hv7kSnpHzzibMgb7wrj5WKSrHS vbXgt2dmcC22lusxsgz8VV4dpBj7K2T2MFSts7pUx7OJcHfHFerZUU96M3ZH8DbdOUYU Blk4RIwIiXQ9WZG39bFr/qqbFo/nOYmpxKXD6tEMLLlCXHC5Gidu1QGsUEOSUzCO438d AOsxW/W0ccdzfJRdEEHtim/q7o1v1f7VUeKZmvhwmO33DCwavdrmXAmTosyzgunzVXVp CSTsD8CvLJ1D13A3rfOOBic3CjGB3/u7pzC6HIUSV+Jq5I0ircQhH4y6Dx1d5EwyPoRs uZUA== X-Gm-Message-State: AMke39kxE8hnWHPs+w9M/DOwdVzVUC4OH0APLwWegfzlXn+aIePZ4JK+pb0YPTo1TsKPNDNZ X-Received: by 10.223.129.74 with SMTP id 68mr24080363wrm.183.1487787910626; Wed, 22 Feb 2017 10:25:10 -0800 (PST) Received: from localhost.localdomain ([196.80.204.181]) by smtp.gmail.com with ESMTPSA id e73sm3504667wmi.32.2017.02.22.10.25.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 22 Feb 2017 10:25:09 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, afish@apple.com, leif.lindholm@linaro.org, michael.d.kinney@intel.com, liming.gao@intel.com, jiewen.yao@intel.com Cc: lersek@redhat.com, feng.tian@intel.com, star.zeng@intel.com, Ard Biesheuvel Date: Wed, 22 Feb 2017 18:24:56 +0000 Message-Id: <1487787898-5222-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1487787898-5222-1-git-send-email-ard.biesheuvel@linaro.org> References: <1487787898-5222-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [RFC PATCH 2/4] MdeModulePkg/DxeCore: convert the DxeCore memory region to BootServicesCode X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 18:25:12 -0000 Before removing exec permissions from all non-code regions, ensure that the DXE core itself is covered by a BootServicesCode region, by adding a new function ConvertDxeCoreImage () and calling it at the right time from DxeMain (). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/DxeMain.h | 8 ++++++++ MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 2 ++ MdeModulePkg/Core/Dxe/Mem/Page.c | 15 +++++++++++++++ 3 files changed, 25 insertions(+) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h index b14be9a74d8e..300f19a3aa58 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -2949,4 +2949,12 @@ MemoryProtectionExitBootServicesCallback ( VOID ); +/** + Convert DXE core image to BootServicesCode memory +**/ +VOID +ConvertDxeCoreImage ( + VOID + ); + #endif diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c index 91e94a78d205..d3a873e737b1 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -396,6 +396,8 @@ DxeMain ( MemoryProfileInstallProtocol (); + ConvertDxeCoreImage (); + CoreInitializePropertiesTable (); CoreInitializeMemoryAttributesTable (); CoreInitializeMemoryProtection (); diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index b0939c596991..73b56fccf965 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1951,8 +1951,23 @@ Done: } +VOID +ConvertDxeCoreImage ( + VOID + ) +{ + CoreAcquireMemoryLock (); + // + // Convert the memory region that backs the DXE core to a 'code' region, so + // that the strict permissions handling doesn't take our exec permissions + // away. + // + CoreConvertPages ((UINTN)gDxeCoreLoadedImage->ImageBase, + EFI_SIZE_TO_PAGES (gDxeCoreLoadedImage->ImageSize), EfiBootServicesCode); + CoreReleaseMemoryLock (); +} -- 2.7.4