From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 105E882134
 for <edk2-devel@lists.01.org>; Fri, 24 Feb 2017 20:04:07 -0800 (PST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 24 Feb 2017 20:04:06 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208,217";a="52609852"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by orsmga002.jf.intel.com with ESMTP; 24 Feb 2017 20:04:06 -0800
Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Fri, 24 Feb 2017 20:04:06 -0800
Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by
 fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Fri, 24 Feb 2017 20:04:05 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by
 SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002;
 Sat, 25 Feb 2017 12:04:04 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Gao, Liming" <liming.gao@intel.com>
Thread-Topic: [PATCH] MdeModulePkg/DxeCore: base code protection on
 permission attributes
Thread-Index: AQHSjsahJptYmV0axEGozKQGdpCSX6F46ANQ
Date: Sat, 25 Feb 2017 04:04:03 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8F5385@shsmsx102.ccr.corp.intel.com>
References: <1487958664-10707-1-git-send-email-ard.biesheuvel@linaro.org>
In-Reply-To: <1487958664-10707-1-git-send-email-ard.biesheuvel@linaro.org>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
Subject: Re: [PATCH] MdeModulePkg/DxeCore: base code protection on permission attributes
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Feb 2017 04:04:07 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Ard
I agree with you on this enhancement.

I prefer to adding the description as comment in the code, so that people c=
an get clear picture when he/she reads the code.

//
// Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_COD=
E
// can always be mapped read-only, classify a section as a code section onl=
y
// if it has the executable attribute set and the writable attribute cleare=
d.
//
// This adheres more closely to the PE/COFF spec, and avoids issues with
// Linux OS loaders that consists of a single read/write/execute section.
//
if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_=
SCN_MEM_EXECUTE)) =3D=3D EFI_IMAGE_SCN_MEM_EXECUTE) {

With comment update, reviewed-by: Jiewen.yao@intel.com

Thank you
Yao Jiewen


> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Saturday, February 25, 2017 1:51 AM
> To: edk2-devel@lists.01.org; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: Gao, Liming <liming.gao@intel.com>; Ard Biesheuvel
> <ard.biesheuvel@linaro.org>
> Subject: [PATCH] MdeModulePkg/DxeCore: base code protection on permission
> attributes
>
> Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
> can always be mapped read-only, classify a section as a code section only
> if it has the executable attribute set and the writable attribute cleared=
.
>
> This adheres more closely to the PE/COFF spec, and avoids issues with
> Linux OS loaders that consists of a single read/write/execute section.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> index 1142dcc5a83d..3e037607a6be 100644
> --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
> @@ -533,7 +533,7 @@ ProtectUefiImageCommon (
>        Name[7]
>        ));
>
> -    if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) !=3D 0=
) {
> +    if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE |
> EFI_IMAGE_SCN_MEM_EXECUTE)) =3D=3D EFI_IMAGE_SCN_MEM_EXECUTE) {
>        DEBUG ((DEBUG_VERBOSE, "  VirtualSize          - 0x%08x\n",
> Section[Index].Misc.VirtualSize));
>        DEBUG ((DEBUG_VERBOSE, "  VirtualAddress       - 0x%08x\n",
> Section[Index].VirtualAddress));
>        DEBUG ((DEBUG_VERBOSE, "  SizeOfRawData        - 0x%08x\n",
> Section[Index].SizeOfRawData));
> --
> 2.7.4