public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Joey Vagedes <joey.vagedes@gmail.com>
To: gaoliming <gaoliming@byosoft.com.cn>
Cc: devel@edk2.groups.io,
	Michael D Kinney <michael.d.kinney@intel.com>,
	 Zhiguang Liu <zhiguang.liu@intel.com>,
	Rebecca Cran <rebecca@bsdio.com>,
	 Bob Feng <bob.c.feng@intel.com>,
	Yuwei Chen <yuwei.chen@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met
Date: Mon, 26 Jun 2023 14:58:59 -0700	[thread overview]
Message-ID: <CAKURc-_tFgzwRCAt_pbmcFHDe-nCNgmPxiVjNG2FtAx+j1Pyzg@mail.gmail.com> (raw)
In-Reply-To: <03da01d9a70f$0038a2c0$00a9e840$@byosoft.com.cn>

[-- Attachment #1: Type: text/plain, Size: 2815 bytes --]

Hi Liming,

This is being done as a part of the memory protections work which can be
reviewed here: Task Table · Memory Protections (github.com)
<https://github.com/orgs/tianocore/projects/3>

Overall, DxeCore will ingest the NX_COMPAT flag on image load.

In the base case, when modules make allocations of type EfiLoaderCode,
EfiBootServicesCode, and EfiRuntimeServicesCode, the EFI_MEMORY_XP access
attribute will be applied with the expectation that the allocating modules
will remove the EFI_MEMORY_XP attribute and apply the EFI_MEMORY_RO
attribute once they have loaded their code into the buffer for execution.

In the exception case, if an EFI_APPLICATION type image is loaded without
the NX_COMPAT flag then allocations of type EfiLoaderCode,
EfiBootServicesCode, and EfiRuntimeServicesCode will no longer have
EFI_MEMORY_XP applied for the remainder of boot.

Note that a patch series for the supporting DxeCore logic has not yet been
submitted.

Thanks,
Joey

On Sat, Jun 24, 2023 at 7:46 PM gaoliming <gaoliming@byosoft.com.cn> wrote:

> Joey:
>   Can you describe the full usage of NXCOMPAT bit? This patch sets NXCOMPAT
> bit. And, which module will consume NXCOMPAT bit, how use it? DxeCore?
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Joey Vagedes
> > 发送时间: 2023年6月23日 23:45
> > 收件人: devel@edk2.groups.io
> > 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao
> > <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>;
> > Rebecca Cran <rebecca@bsdio.com>; Bob Feng <bob.c.feng@intel.com>;
> > Yuwei Chen <yuwei.chen@intel.com>
> > 主题: [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if
> > requirements are met
> >
> > Utilize GenFw to automatically set the NXCOMPAT bit of the DLL
> > Characteristics
> > field of the Optional Header if the following requirements are met:
> >
> > 1. It is a 64bit PE
> > 2. The section alignment is evently divisible by 4K
> > 3. No section is both EFI_IMAGE_SCN_MEM_EXECUTE and
> > EFI_IMAGE_SCN_MEM_WRITE
> >
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <gaoliming@byosoft.com.cn>
> > Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> > Cc: Rebecca Cran <rebecca@bsdio.com>
> > Cc: Bob Feng <bob.c.feng@intel.com>
> > Cc: Yuwei Chen <yuwei.chen@intel.com>
> >
> > Joey Vagedes (2):
> >   MdePkg: IndustryStandard: Add DLL Characteristics
> >   BaseTools: GenFw: auto-set nxcompat flag
> >
> >  MdePkg/Include/IndustryStandard/PeImage.h | 15 +++++
> >  BaseTools/Source/C/GenFw/GenFw.c          | 59
> > ++++++++++++++++++++
> >  2 files changed, 74 insertions(+)
> >
> > --
> > 2.41.0.windows.1
> >
> >
> >
> > 
> >
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 4404 bytes --]

      reply	other threads:[~2023-06-26 21:59 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-23 15:44 [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Joey Vagedes
2023-06-23 15:44 ` [PATCH v1 1/2] MdePkg: IndustryStandard: Add DLL Characteristics Joey Vagedes
2023-06-27 20:12   ` Michael D Kinney
2023-06-27 21:42     ` Joey Vagedes
2023-06-27 23:51       ` Michael D Kinney
2023-06-23 15:44 ` [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag Joey Vagedes
2023-07-06 15:26   ` Joey Vagedes
2023-07-09 23:24     ` Rebecca Cran
2023-06-23 16:11 ` [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Ard Biesheuvel
2023-06-27 22:23   ` Joey Vagedes
2023-06-25  2:44 ` 回复: " gaoliming
2023-06-26 21:58   ` Joey Vagedes [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKURc-_tFgzwRCAt_pbmcFHDe-nCNgmPxiVjNG2FtAx+j1Pyzg@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox