public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH] MdeModulePkg/DxeCore: base code protection on permission attributes
@ 2017-02-24 17:51 Ard Biesheuvel
  2017-02-25  4:04 ` Yao, Jiewen
  0 siblings, 1 reply; 7+ messages in thread
From: Ard Biesheuvel @ 2017-02-24 17:51 UTC (permalink / raw)
  To: edk2-devel, jiewen.yao; +Cc: liming.gao, Ard Biesheuvel

Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
can always be mapped read-only, classify a section as a code section only
if it has the executable attribute set and the writable attribute cleared.

This adheres more closely to the PE/COFF spec, and avoids issues with
Linux OS loaders that consists of a single read/write/execute section.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index 1142dcc5a83d..3e037607a6be 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -533,7 +533,7 @@ ProtectUefiImageCommon (
       Name[7]
       ));
 
-    if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) != 0) {
+    if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)) == EFI_IMAGE_SCN_MEM_EXECUTE) {
       DEBUG ((DEBUG_VERBOSE, "  VirtualSize          - 0x%08x\n", Section[Index].Misc.VirtualSize));
       DEBUG ((DEBUG_VERBOSE, "  VirtualAddress       - 0x%08x\n", Section[Index].VirtualAddress));
       DEBUG ((DEBUG_VERBOSE, "  SizeOfRawData        - 0x%08x\n", Section[Index].SizeOfRawData));
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2017-03-17 13:23 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-24 17:51 [PATCH] MdeModulePkg/DxeCore: base code protection on permission attributes Ard Biesheuvel
2017-02-25  4:04 ` Yao, Jiewen
2017-02-26 14:00   ` Ard Biesheuvel
2017-03-17 12:07     ` Laszlo Ersek
2017-03-17 12:11       ` Ard Biesheuvel
2017-03-17 12:35         ` Laszlo Ersek
2017-03-17 13:23           ` Ard Biesheuvel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox