MdeModulePkg/DxeCore: base code protection on permission attributes

Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
can always be mapped read-only, classify a section as a code section only
if it has the executable attribute set and the writable attribute cleared.

This adheres more closely to the PE/COFF spec, and avoids issues with
Linux OS loaders that may consist of a single read/write/execute section.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

1 files changed, 9 insertions, 1 deletions

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index c36612a1b1..46d88463d4 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -533,7 +533,15 @@ ProtectUefiImageCommon (
       Name[7]

       ));

 

-    if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) != 0) {

+    //

+    // Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE

+    // can always be mapped read-only, classify a section as a code section only

+    // if it has the executable attribute set and the writable attribute cleared.

+    //

+    // This adheres more closely to the PE/COFF spec, and avoids issues with

+    // Linux OS loaders that may consist of a single read/write/execute section.

+    //

+    if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)) == EFI_IMAGE_SCN_MEM_EXECUTE) {

       DEBUG ((DEBUG_VERBOSE, "  VirtualSize          - 0x%08x\n", Section[Index].Misc.VirtualSize));

       DEBUG ((DEBUG_VERBOSE, "  VirtualAddress       - 0x%08x\n", Section[Index].VirtualAddress));

       DEBUG ((DEBUG_VERBOSE, "  SizeOfRawData        - 0x%08x\n", Section[Index].SizeOfRawData));