1. Patchew
  2. EDK2
  3. [edk2] [RFC PATCH 0/4] RFC: increased memory protection
  4. View patch

[edk2] [RFC PATCH 2/4] MdeModulePkg/DxeCore: convert the DxeCore memory region to BootServicesCode

Ard Biesheuvel posted 4 patches 7 years, 8 months ago
There is a newer version of this series
[edk2] [RFC PATCH 2/4] MdeModulePkg/DxeCore: convert the DxeCore memory region to BootServicesCode
Posted by Ard Biesheuvel 7 years, 8 months ago 
Before removing exec permissions from all non-code regions, ensure that
the DXE core itself is covered by a BootServicesCode region, by adding
a new function ConvertDxeCoreImage () and calling it at the right time
from DxeMain ().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 MdeModulePkg/Core/Dxe/DxeMain.h         |  8 ++++++++
 MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c |  2 ++
 MdeModulePkg/Core/Dxe/Mem/Page.c        | 15 +++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index b14be9a74d8e..300f19a3aa58 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -2949,4 +2949,12 @@ MemoryProtectionExitBootServicesCallback (
   VOID
   );
 
+/**
+  Convert DXE core image to BootServicesCode memory
+**/
+VOID
+ConvertDxeCoreImage (
+  VOID
+  );
+
 #endif
diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index 91e94a78d205..d3a873e737b1 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -396,6 +396,8 @@ DxeMain (
 
   MemoryProfileInstallProtocol ();
 
+  ConvertDxeCoreImage ();
+
   CoreInitializePropertiesTable ();
   CoreInitializeMemoryAttributesTable ();
   CoreInitializeMemoryProtection ();
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c
index b0939c596991..73b56fccf965 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Page.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Page.c
@@ -1951,8 +1951,23 @@ Done:
 }
 
 
+VOID
+ConvertDxeCoreImage (
+  VOID
+  )
+{
+  CoreAcquireMemoryLock ();
 
+  //
+  // Convert the memory region that backs the DXE core to a 'code' region, so
+  // that the strict permissions handling doesn't take our exec permissions
+  // away.
+  //
+  CoreConvertPages ((UINTN)gDxeCoreLoadedImage->ImageBase,
+    EFI_SIZE_TO_PAGES (gDxeCoreLoadedImage->ImageSize), EfiBootServicesCode);
 
+  CoreReleaseMemoryLock ();
+}
 
 
 
-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.