From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B20B58218F for ; Fri, 24 Feb 2017 09:51:19 -0800 (PST) Received: by mail-wr0-x234.google.com with SMTP id u47so17895400wrb.0 for ; Fri, 24 Feb 2017 09:51:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=HFC5sSej2qDU8MhQH0Yap1m97SudyQpV5cE446UmYAY=; b=bdGZ/rUdW/xUgMrLWNleL5lwK4TokLOfrSKAhS+zMrNOPUuA8Dqqy1vIPHIkB/AiSp 2Lm4qyq4R745LJM+lQNcEimGFjShMrTbARNU/1v3tYbEb+OPOcaN4UQtmqYzt6Szg3Nm znbTUspKqu2Wq/it1aUyIUaXDcGAW6QKQ3GNk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=HFC5sSej2qDU8MhQH0Yap1m97SudyQpV5cE446UmYAY=; b=DayHq7POpsrW9GUOlxnuXru9rhoCjLM5vY9a+/ywZgw8HxuhZPNCIlYfHmxnp1wCXm a5b6gKGzo821SfQPflFurfd4ESRv8E2pjDoWEMuXxWMsowyaoLCIknROLTY+nWpzzr5u QB1V922HCE6JBZkwg05F5lZfsLAUEvG27jRTxvWpdDUBJ2MoiJ80XT8RXPzBJdUw9+3S VmKqHgwDgGjwpfh5Cdb8A3w4ui6OIyHHS3q8jZI3MqKyZgmhyKsc+B1PIWNmCUPf4crV 9hqGGJy2NAERFGFKrtiAcZeavgL5Thv9rJPtG8+4sKEe1yz2qLCKXBVwL/ehr18/pVYc fs1A== X-Gm-Message-State: AMke39nhGnlYS2Mdd1xkMHUxukCmmu0TyhL6IR1YXivgCccAPdhkayqYYEP3mE8wVENLvivF X-Received: by 10.223.133.131 with SMTP id 3mr3764380wrt.161.1487958678109; Fri, 24 Feb 2017 09:51:18 -0800 (PST) Received: from localhost.localdomain ([105.149.201.216]) by smtp.gmail.com with ESMTPSA id d6sm3194247wmd.6.2017.02.24.09.51.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 24 Feb 2017 09:51:17 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, jiewen.yao@intel.com Cc: liming.gao@intel.com, Ard Biesheuvel Date: Fri, 24 Feb 2017 17:51:04 +0000 Message-Id: <1487958664-10707-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [PATCH] MdeModulePkg/DxeCore: base code protection on permission attributes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2017 17:51:20 -0000 Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE can always be mapped read-only, classify a section as a code section only if it has the executable attribute set and the writable attribute cleared. This adheres more closely to the PE/COFF spec, and avoids issues with Linux OS loaders that consists of a single read/write/execute section. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c index 1142dcc5a83d..3e037607a6be 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -533,7 +533,7 @@ ProtectUefiImageCommon ( Name[7] )); - if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) != 0) { + if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)) == EFI_IMAGE_SCN_MEM_EXECUTE) { DEBUG ((DEBUG_VERBOSE, " VirtualSize - 0x%08x\n", Section[Index].Misc.VirtualSize)); DEBUG ((DEBUG_VERBOSE, " VirtualAddress - 0x%08x\n", Section[Index].VirtualAddress)); DEBUG ((DEBUG_VERBOSE, " SizeOfRawData - 0x%08x\n", Section[Index].SizeOfRawData)); -- 2.7.4