[edk2,RFC,3/4] MdeModulePkg/DxeCore: lift non-exec permissions on loaded images

Message ID 1487787898-5222-4-git-send-email-ard.biesheuvel@linaro.org
State New
Headers show
Series
  • RFC: increased memory protection
Related show

Commit Message

Ard Biesheuvel Feb. 22, 2017, 6:24 p.m.
To ensure that loaded PE/COFF images are executable regardless of
the protection policy and the section alignment, clear all permission
restrictions when loading PE/COFF images.

Subsequently, permissions may be restricted again if the protection
policy and section alignment allow it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

---
 MdeModulePkg/Core/Dxe/Image/Image.c | 8 ++++++++
 1 file changed, 8 insertions(+)

-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patch hide | download patch | download mbox

diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
index 652da8bf1075..cab06e821e39 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -644,6 +644,14 @@  CoreLoadPeImage (
   InvalidateInstructionCacheRange ((VOID *)(UINTN)Image->ImageContext.ImageAddress, (UINTN)Image->ImageContext.ImageSize);
 
   //
+  // Remove any permission restrictions.
+  //
+  if (gCpu != NULL) {
+    gCpu->SetMemoryAttributes (gCpu, Image->ImageContext.ImageAddress,
+            Image->ImageContext.ImageSize, 0);
+  }
+
+  //
   // Copy the machine type from the context to the image private data. This
   // is needed during image unload to know if we should call an EBC protocol
   // to unload the image.