On 7. Feb 2023, at 11:01, Ard Biesheuvel <ardb@kernel.org> wrote:
Actually, it seems UnprotectUefiImage () is corrent under theassumption that all code regions have EFI_MEMORY_XP cleared bydefault.However, if you redefine the policy to set EFI_MEMORY_XP on coderegions by default, and only permit execution after remapping the coderead-only explicitly, and only then clearing EFI_MEMORY_XP, thatroutine should revert the region to EFI_MEMORY_XP. But given theexisting ASSERT()s on having EFI_MEMORY_XP cleared for all coderegions, the code as it is currently is not incorrect.
Right. My main issue is, it’s nowhere documented that manually changed permissions must be restored to their default before freeing. Within DxeCore, this is easily done using the PCDs, but outside (say you allocate a trampoline buffer and then free it), you would need to manually query the permissions, store them, and restore later.
I did *not* look into the implementation code in detail, but does the new memory permission protocol impose the same constraint implementation-wise and if so, is this documented anywhere?
Best regards,
Marvin