summaryrefslogtreecommitdiff
path: root/MdeModulePkg
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-02-24 17:51:04 +0000
committerArd Biesheuvel <ard.biesheuvel@linaro.org>2017-02-26 13:50:21 +0000
commita2ed40c02bf24ec335d68056d92a6c164a61b35f (patch)
treece96c17e13aebc7d0be1ed89985e27fc4d715611 /MdeModulePkg
parentdf453e1b7c7c3612d1fa3311bfb4c9d153ec9ad8 (diff)
downloadedk2-platforms-a2ed40c02bf24ec335d68056d92a6c164a61b35f.tar.xz
MdeModulePkg/DxeCore: base code protection on permission attributes
Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE can always be mapped read-only, classify a section as a code section only if it has the executable attribute set and the writable attribute cleared. This adheres more closely to the PE/COFF spec, and avoids issues with Linux OS loaders that may consist of a single read/write/execute section. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'MdeModulePkg')
-rw-r--r--MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index c36612a1b1..46d88463d4 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -533,7 +533,15 @@ ProtectUefiImageCommon (
Name[7]
));
- if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) != 0) {
+ //
+ // Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
+ // can always be mapped read-only, classify a section as a code section only
+ // if it has the executable attribute set and the writable attribute cleared.
+ //
+ // This adheres more closely to the PE/COFF spec, and avoids issues with
+ // Linux OS loaders that may consist of a single read/write/execute section.
+ //
+ if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)) == EFI_IMAGE_SCN_MEM_EXECUTE) {
DEBUG ((DEBUG_VERBOSE, " VirtualSize - 0x%08x\n", Section[Index].Misc.VirtualSize));
DEBUG ((DEBUG_VERBOSE, " VirtualAddress - 0x%08x\n", Section[Index].VirtualAddress));
DEBUG ((DEBUG_VERBOSE, " SizeOfRawData - 0x%08x\n", Section[Index].SizeOfRawData));