From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 81D4682139 for ; Thu, 23 Feb 2017 11:53:26 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com [10.5.11.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C70EB85543; Thu, 23 Feb 2017 19:53:26 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-58.phx2.redhat.com [10.3.116.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id BBA97B7550; Thu, 23 Feb 2017 19:53:25 +0000 (UTC) To: Ard Biesheuvel , edk2-devel@ml01.01.org, liming.gao@intel.com, yonghong.zhu@intel.com References: <1487874651-19202-1-git-send-email-ard.biesheuvel@linaro.org> From: Laszlo Ersek Message-ID: Date: Thu, 23 Feb 2017 20:53:18 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: <1487874651-19202-1-git-send-email-ard.biesheuvel@linaro.org> X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 23 Feb 2017 19:53:26 +0000 (UTC) Subject: Re: [PATCH] BaseTools: GCC: move most AutoGen.obj contents back to .data section X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 19:53:26 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 02/23/17 19:30, Ard Biesheuvel wrote: > The generated AutoGen.c files mostly contain read-only data, but due to > lacking annotations, all of it is emitted into the .data section by the > compiler. > > Given that GUIDs are UEFI's gaffer tape, having writable GUIDs is a > security hazard, and this was the main rationale for putting AutoGen.obj > in the .text section. However, as it turns out, patchable PCDs are emitted > there as well, which can legally be modified at runtime. > > So update the wildcard pattern to only match g...Guid sections, and move > everything else back to .data (Note that this relies on -fdata-sections, > without that option, everything is emitted into .data) > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel > --- > BaseTools/Scripts/GccBase.lds | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/BaseTools/Scripts/GccBase.lds b/BaseTools/Scripts/GccBase.lds > index 900848747144..41e5c0b4a769 100644 > --- a/BaseTools/Scripts/GccBase.lds > +++ b/BaseTools/Scripts/GccBase.lds > @@ -32,11 +32,14 @@ SECTIONS { > *(.got .got.*) > > /* > - * The contents of AutoGen.c files are constant from the POV of the program, > - * but most of its contents end up in .data or .bss by default since few of > + * The contents of AutoGen.c files are mostly constant from the POV of the > + * program, but most of it ends up in .data or .bss by default since few of > * the variable definitions that get emitted are declared as CONST. > + * Unfortunately, we cannot pull it into the .text section entirely, since > + * patchable PCDs are also emitted here, but we can at least move all of the > + * emitted GUIDs here. > */ > - *:AutoGen.obj(.data .data.* .bss .bss.*) > + *:AutoGen.obj(.data.g*Guid) > } > > /* > Do you agree to add: Fixes: 233bd25b000f92fc4bbe181fa48edcd72808de8e to the commit message, or to reference that commit in some other form? Either way: Tested-by: Laszlo Ersek Thank you very much for the quick fix! Laszlo