From patchwork Wed Feb 22 18:24:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94360 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp1041819qgi; Wed, 22 Feb 2017 10:25:14 -0800 (PST) X-Received: by 10.107.6.156 with SMTP id f28mr24688619ioi.6.1487787914015; Wed, 22 Feb 2017 10:25:14 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id 198si2341438ita.77.2017.02.22.10.25.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Feb 2017 10:25:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 3EA2382241; Wed, 22 Feb 2017 10:25:13 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2904A82241 for ; Wed, 22 Feb 2017 10:25:12 -0800 (PST) Received: by mail-wr0-x231.google.com with SMTP id s27so7996226wrb.2 for ; Wed, 22 Feb 2017 10:25:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PZzERjxxvqhbBXywh2UfA5kCwGMS83lyqLRRBYIdBS8=; b=VQgt8KXB8tjqKAsFrQweg3WB6LQYhZHkYUCDecYAVSpFzhcDBtog9bYTl3j4eUmxE2 Ac3KX8iLOgfXnLCDueDNSAwOtn0JjSDzCnis1Z8zHMM5mUbTn6mtXUVEJcxwj9HHVJKv ULu8mcIhcMLpC45rIhGnaRoYAgKEKOUVQg2WU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PZzERjxxvqhbBXywh2UfA5kCwGMS83lyqLRRBYIdBS8=; b=aTFd4rT25UlKdcbFgXz+CdHRbGrGdKawaCgT8H+1hv7kSnpHzzibMgb7wrj5WKSrHS vbXgt2dmcC22lusxsgz8VV4dpBj7K2T2MFSts7pUx7OJcHfHFerZUU96M3ZH8DbdOUYU Blk4RIwIiXQ9WZG39bFr/qqbFo/nOYmpxKXD6tEMLLlCXHC5Gidu1QGsUEOSUzCO438d AOsxW/W0ccdzfJRdEEHtim/q7o1v1f7VUeKZmvhwmO33DCwavdrmXAmTosyzgunzVXVp CSTsD8CvLJ1D13A3rfOOBic3CjGB3/u7pzC6HIUSV+Jq5I0ircQhH4y6Dx1d5EwyPoRs uZUA== X-Gm-Message-State: AMke39kxE8hnWHPs+w9M/DOwdVzVUC4OH0APLwWegfzlXn+aIePZ4JK+pb0YPTo1TsKPNDNZ X-Received: by 10.223.129.74 with SMTP id 68mr24080363wrm.183.1487787910626; Wed, 22 Feb 2017 10:25:10 -0800 (PST) Received: from localhost.localdomain ([196.80.204.181]) by smtp.gmail.com with ESMTPSA id e73sm3504667wmi.32.2017.02.22.10.25.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 22 Feb 2017 10:25:09 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, afish@apple.com, leif.lindholm@linaro.org, michael.d.kinney@intel.com, liming.gao@intel.com, jiewen.yao@intel.com Date: Wed, 22 Feb 2017 18:24:56 +0000 Message-Id: <1487787898-5222-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1487787898-5222-1-git-send-email-ard.biesheuvel@linaro.org> References: <1487787898-5222-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [RFC PATCH 2/4] MdeModulePkg/DxeCore: convert the DxeCore memory region to BootServicesCode X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: feng.tian@intel.com, lersek@redhat.com, star.zeng@intel.com, Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Before removing exec permissions from all non-code regions, ensure that the DXE core itself is covered by a BootServicesCode region, by adding a new function ConvertDxeCoreImage () and calling it at the right time from DxeMain (). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/DxeMain.h | 8 ++++++++ MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 2 ++ MdeModulePkg/Core/Dxe/Mem/Page.c | 15 +++++++++++++++ 3 files changed, 25 insertions(+) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h index b14be9a74d8e..300f19a3aa58 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -2949,4 +2949,12 @@ MemoryProtectionExitBootServicesCallback ( VOID ); +/** + Convert DXE core image to BootServicesCode memory +**/ +VOID +ConvertDxeCoreImage ( + VOID + ); + #endif diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c index 91e94a78d205..d3a873e737b1 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -396,6 +396,8 @@ DxeMain ( MemoryProfileInstallProtocol (); + ConvertDxeCoreImage (); + CoreInitializePropertiesTable (); CoreInitializeMemoryAttributesTable (); CoreInitializeMemoryProtection (); diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index b0939c596991..73b56fccf965 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1951,8 +1951,23 @@ Done: } +VOID +ConvertDxeCoreImage ( + VOID + ) +{ + CoreAcquireMemoryLock (); + // + // Convert the memory region that backs the DXE core to a 'code' region, so + // that the strict permissions handling doesn't take our exec permissions + // away. + // + CoreConvertPages ((UINTN)gDxeCoreLoadedImage->ImageBase, + EFI_SIZE_TO_PAGES (gDxeCoreLoadedImage->ImageSize), EfiBootServicesCode); + CoreReleaseMemoryLock (); +}