From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id CF0607803CF for ; Tue, 15 Aug 2023 04:57:16 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=kpX7GFsZ6ntQbiT4sWetURPnS00DdStdBBW6/TnLfQA=; c=relaxed/simple; d=groups.io; h=From:Message-id:MIME-version:Subject:Date:In-reply-to:Cc:To:References:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-type; s=20140610; t=1692075435; v=1; b=DCDcP+ylUpGb/9d5XDMsln8XzlZgiu/cJ0Ett+ygIhvSJSYTPQPr5C9A8WQJZhtQBvASBE27 nNl4BqCWws8KpsYCPHsGm8tgsg7Hr05l8HV3Nysp8sDKtb29hZx3mUYDFXEWmqbXcvNY5csGAtZ 7dctfb51AEjfJf6RQ6uo0Yvg= X-Received: by 127.0.0.2 with SMTP id OYuGYY7687511xyDoMtJjdcY; Mon, 14 Aug 2023 21:57:15 -0700 X-Received: from ma-mailsvcp-mx-lapp01.apple.com (ma-mailsvcp-mx-lapp01.apple.com [17.32.222.22]) by mx.groups.io with SMTP id smtpd.web11.128102.1692075434753990885 for ; Mon, 14 Aug 2023 21:57:14 -0700 X-Received: from ma-mailsvcp-mta-lapp02.corp.apple.com (ma-mailsvcp-mta-lapp02.corp.apple.com [10.226.18.134]) by ma-mailsvcp-mx-lapp01.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0RZF00O2Q1RDTG20@ma-mailsvcp-mx-lapp01.apple.com> for devel@edk2.groups.io; Mon, 14 Aug 2023 21:57:14 -0700 (PDT) X-Proofpoint-ORIG-GUID: F3rl2AATX9wAkbUaJcFK5pOOvMWwP_ta X-Proofpoint-GUID: F3rl2AATX9wAkbUaJcFK5pOOvMWwP_ta X-Received: from ma-mailsvcp-mmp-lapp02.apple.com (ma-mailsvcp-mmp-lapp02.apple.com [17.32.222.15]) by ma-mailsvcp-mta-lapp02.corp.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0RZF00ZJ41RDK310@ma-mailsvcp-mta-lapp02.corp.apple.com>; Mon, 14 Aug 2023 21:57:13 -0700 (PDT) X-Received: from process_milters-daemon.ma-mailsvcp-mmp-lapp02.apple.com by ma-mailsvcp-mmp-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) id <0RZF00J001NC4100@ma-mailsvcp-mmp-lapp02.apple.com>; Mon, 14 Aug 2023 21:57:13 -0700 (PDT) X-Va-A: X-Va-T-CD: e8694c3c822791ddeae7f8346da5dcb1 X-Va-E-CD: a79fd2dfc6232e7fdb69a3f9586137f7 X-Va-R-CD: e4c78c371ebf7c6b093b9a3c3edfe85c X-Va-ID: e3199550-dd35-4782-86b6-6d65c362abf6 X-Va-CD: 0 X-V-A: X-V-T-CD: e8694c3c822791ddeae7f8346da5dcb1 X-V-E-CD: a79fd2dfc6232e7fdb69a3f9586137f7 X-V-R-CD: e4c78c371ebf7c6b093b9a3c3edfe85c X-V-ID: 6b70a62e-3fbc-420d-ac45-e4053b144c57 X-V-CD: 0 X-Received: from smtpclient.apple (unknown [17.234.148.110]) by ma-mailsvcp-mmp-lapp02.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPSA id <0RZF0056R1RCIB00@ma-mailsvcp-mmp-lapp02.apple.com>; Mon, 14 Aug 2023 21:57:13 -0700 (PDT) From: "Andrew Fish via groups.io" Message-id: <4EB062B0-6C13-480F-A2CC-95C715A08ECD@apple.com> MIME-version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: [edk2-devel] About EDK2 supports Self Modifying Code Date: Mon, 14 Aug 2023 21:57:01 -0700 In-reply-to: <22642530-3177-d5d9-426a-d5a68ebfe8c6@loongson.cn> Cc: Liming Gao , Bob Feng , Yuwei Chen To: edk2-devel-groups-io , lichao@loongson.cn References: <22642530-3177-d5d9-426a-d5a68ebfe8c6@loongson.cn> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,afish@apple.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: lcbzDpwqbwu1r8hrNXmPrq9Cx7686176AA= Content-type: multipart/alternative; boundary="Apple-Mail=_F57ADC90-7056-44BD-9928-2F08B706F954" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=DCDcP+yl; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io --Apple-Mail=_F57ADC90-7056-44BD-9928-2F08B706F954 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 We also support Xcode clang so that means we also support Mach-O executable= s that get converted to PE/COFF. The is a tool called mtoc (mach-o to coff)= in a crufty old open source project that does the conversion.=20 The reason you are having issues is due to security hardening as the self m= odifying code is a security risk. It is kind of hard to imagine a case in U= EFI that the self modifying code is worth the security risk?. I know Linux = does some patching but those are really hot paths that get used a lot, I do= n=E2=80=99t see that being a pattern that would be common in firmware. The = only case I can think you might want SMC is if you were trying to make an U= EFI based stress test of some kind?=20 It might be helpful if you could explain why you can=E2=80=99t use a dispat= ch table or just define a UEFI Protocol and construct it on the fly to meet= your configuration? To me saying you need Self Modifying Code is kind of l= ike saying you need to write it in assembler since the C compiler is not sm= art enough, and most of the times people think that they are wrong. =20 Thanks, Andrew Fish > On Aug 14, 2023, at 8:06 PM, Chao Li wrote: >=20 > Hi Liming, Bob and Yuwei >=20 > There is a need that some code wants to supports Self-Modification, becau= se some program behavior may not be determined during compilation, and I th= ink this demand may be very popular.=20 >=20 > The permise of Self-Modification is that the section has executable and w= ritable permissions. Adding a new section and giving it executable and writ= able permissions is a better way, and the 'pragma seg_code' is recognized i= n Microsoft VS compiler but GCC doesn't. If use the GCC as the compiler, th= e '.section name flags' of GNU GAS are acceptable. >=20 > But there is a problem, if converting from elf to efi, the user-defined s= ection with W+X or A+W+X will be droped, Elf64Convert.c will scan the file = section permission of elf, if the section is A+X, it will be classified int= o the .text section, if the section is A+W , then it will be classified int= o the .data section, if the section is A+W+X or W+X, then it will be droped= (Elf64Convert.c, line 272 to 325). >=20 > That is: >=20 > If using the VS compiler, the user-defined with executable and writable s= ections may be perserved, but GCC elf to efi conversion may not. >=20 >=20 >=20 > Hope hearback from you and discuss the necessity of SMC(Slef-Modifying-Co= de) and how to implement it. >=20 >=20 >=20 >=20 > Thanks, > Chao >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107760): https://edk2.groups.io/g/devel/message/107760 Mute This Topic: https://groups.io/mt/100751724/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --Apple-Mail=_F57ADC90-7056-44BD-9928-2F08B706F954 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 We also support Xcode clang so th= at means we also support Mach-O executables that get converted to PE/COFF. = The is a tool called mtoc (mach-o to coff) in a crufty old open source proj= ect that does the conversion. 

The reason you are h= aving issues is due to security hardening as the self modifying code is a s= ecurity risk. It is kind of hard to imagine a case in UEFI that the self mo= difying code is worth the security risk?. I know Linux does some patching b= ut those are really hot paths that get used a lot, I don=E2=80=99t see that= being a pattern that would be common in firmware. The only case I can thin= k you might want SMC is if you were trying to make an UEFI based stress tes= t of some kind? 

It might be helpful if you c= ould explain why you can=E2=80=99t use a dispatch table or just define a UE= FI Protocol and construct it on the fly to meet your configuration? To me s= aying you need Self Modifying Code is kind of like saying you need to write= it in assembler since the C compiler is not smart enough, and most of the = times people think that they are wrong.  

Thank= s,

Andrew Fish

On Aug 14, 2023, at 8:06 PM, Chao Li <lichao@loongson.cn> wro= te:

=20 =20

Hi Liming, Bob and Yuwei

There is a need that some code wants to supports Self-Modification, because some program behavior may not be determined during compilation, and I think this demand may be very popular.

The permise of Self-Modification is th= at the section has executable and writable permiss= ions. Adding a new section and giving it executable and writable permissions is a better way, and the 'pragma seg_code' is recognized in Microsoft VS compiler but GCC doesn't. If use the GCC as the compiler, the '.section name flags' of GNU GAS are acceptable.

But there is a problem, i= f converting from elf to efi, the user-defined section with W+X or A+W+X will be droped, Elf64Convert.c will scan the file section permission of elf, if the section is A+X, it will be classified into the .text section, if the section is A+W , then it will be classified into the .data section, if the section is A+W+X or W+X, then it will be droped(Elf64Convert.c, line 272 to 325).

That is:

If using the VS compiler, the= user-defined with executable and writable sections may be perserved, but GCC elf to efi conversion may not.


Hope hearback from you and discuss the= necessity of SMC(Slef-Modifying-Code) and how to implement it.



Thanks,
Chao

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#107760) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--Apple-Mail=_F57ADC90-7056-44BD-9928-2F08B706F954--