From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 105E882134 for ; Fri, 24 Feb 2017 20:04:07 -0800 (PST) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Feb 2017 20:04:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,202,1484035200"; d="scan'208,217";a="52609852" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga002.jf.intel.com with ESMTP; 24 Feb 2017 20:04:06 -0800 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 24 Feb 2017 20:04:06 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 24 Feb 2017 20:04:05 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002; Sat, 25 Feb 2017 12:04:04 +0800 From: "Yao, Jiewen" To: Ard Biesheuvel , "edk2-devel@lists.01.org" CC: "Gao, Liming" Thread-Topic: [PATCH] MdeModulePkg/DxeCore: base code protection on permission attributes Thread-Index: AQHSjsahJptYmV0axEGozKQGdpCSX6F46ANQ Date: Sat, 25 Feb 2017 04:04:03 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8F5385@shsmsx102.ccr.corp.intel.com> References: <1487958664-10707-1-git-send-email-ard.biesheuvel@linaro.org> In-Reply-To: <1487958664-10707-1-git-send-email-ard.biesheuvel@linaro.org> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [PATCH] MdeModulePkg/DxeCore: base code protection on permission attributes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2017 04:04:07 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Ard I agree with you on this enhancement. I prefer to adding the description as comment in the code, so that people c= an get clear picture when he/she reads the code. // // Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_COD= E // can always be mapped read-only, classify a section as a code section onl= y // if it has the executable attribute set and the writable attribute cleare= d. // // This adheres more closely to the PE/COFF spec, and avoids issues with // Linux OS loaders that consists of a single read/write/execute section. // if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_= SCN_MEM_EXECUTE)) =3D=3D EFI_IMAGE_SCN_MEM_EXECUTE) { With comment update, reviewed-by: Jiewen.yao@intel.com Thank you Yao Jiewen > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Saturday, February 25, 2017 1:51 AM > To: edk2-devel@lists.01.org; Yao, Jiewen > Cc: Gao, Liming ; Ard Biesheuvel > > Subject: [PATCH] MdeModulePkg/DxeCore: base code protection on permission > attributes > > Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE > can always be mapped read-only, classify a section as a code section only > if it has the executable attribute set and the writable attribute cleared= . > > This adheres more closely to the PE/COFF spec, and avoids issues with > Linux OS loaders that consists of a single read/write/execute section. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel > --- > MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > index 1142dcc5a83d..3e037607a6be 100644 > --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > @@ -533,7 +533,7 @@ ProtectUefiImageCommon ( > Name[7] > )); > > - if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) !=3D 0= ) { > + if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | > EFI_IMAGE_SCN_MEM_EXECUTE)) =3D=3D EFI_IMAGE_SCN_MEM_EXECUTE) { > DEBUG ((DEBUG_VERBOSE, " VirtualSize - 0x%08x\n", > Section[Index].Misc.VirtualSize)); > DEBUG ((DEBUG_VERBOSE, " VirtualAddress - 0x%08x\n", > Section[Index].VirtualAddress)); > DEBUG ((DEBUG_VERBOSE, " SizeOfRawData - 0x%08x\n", > Section[Index].SizeOfRawData)); > -- > 2.7.4