From nobody Thu Dec 26 18:00:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101139+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101139+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727950; cv=none; d=zohomail.com; s=zohoarc; b=EjOg4V4ZKVmJV8hbLszMKwLoR8wdRPw8EE0xf5wQl19M+mxFgz31vHVK5ESVXaTA5r2hrbGxrAK67t28t7N8A+8ZIJyWdbGDDLnd05ZwoZf4S0J77bNZtyntOiWgyijdkv6Xza2+e/tm7nzOkjqnmUrFd1pHf/ca9hZIYO9y+6U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727950; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2PZMdU1wBIpj/H2q9pDp7vm8ET8dOZTkm2JZysj7QAg=; b=OyTVfCjEplBpS06TeJ9rvnAvWjMToR4QsY6JJ68ht5YNkU+iX/VEoHHsWvAD+4KfulUELnTmm228KUlvFNyYAFZ3CBE/LR10SNBKYnyPPSvcPxGz1TRwjEEZNiNU66cVzQkD3y+3FwH9A5xaRQmPkDn7Uhu4+2RN9nYinqK+BKI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101139+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727950292191.73202776719825; Mon, 13 Mar 2023 10:19:10 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id LEBgYY1788612xy8kWNvCYGu; Mon, 13 Mar 2023 10:19:09 -0700 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web11.26521.1678727948933130809 for ; Mon, 13 Mar 2023 10:19:09 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 5D435B811B3; Mon, 13 Mar 2023 17:19:07 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id D84D4C433A0; Mon, 13 Mar 2023 17:19:03 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 35/38] MdeModulePkg/DxeCore: Clear NX permissions on non-protected images Date: Mon, 13 Mar 2023 18:17:11 +0100 Message-Id: <20230313171714.3866151-36-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: I0k6FzwqvxJsKqHNgWt8gPrbx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727949; bh=s0TuGQ/RT0pp9wDR6id2r0qvdbKL1Gu4sY8HZ5V3FrA=; h=Cc:Date:From:Reply-To:Subject:To; b=e5LAYFKzIhWJHdCqZzKObiDEIOFDKziXaU4B49bg5II3Itc1pv/ic7eos98kZp1+a91 ymJrCaTcjoWtQA3lHEypzQovhb79jqvcNMEHkCfm2C4ZYjjZDquiswT/tvjil8X2wO4Fn u3H1Em/IEaPa9jZlbKtUwNfSpRqJUq39fG8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727952526100004 Content-Type: text/plain; charset="utf-8" Currently, we rely on the memory type for loading images being executable by default, and only restrict the permissions if the policy says so, and the image sections are suitably aligned. This requires that the various 'code' memory types are executable by default, which is unfortunate. In order to be able to tighten this, let's update the image protection policy handling so that images that should not be mapped with strict separation of RW- and R-X are remapped RWX explicitly if the memory type used for loading the images is marked as NX by default. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 98 +++++++++++--------- 1 file changed, 54 insertions(+), 44 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/C= ore/Dxe/Misc/MemoryProtection.c index 301ddd6eb053..7c7a946c1b48 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c @@ -373,11 +373,62 @@ ProtectUefiImage ( } =20 ProtectionPolicy =3D GetUefiImageProtectionPolicy (LoadedImage, LoadedIm= ageDevicePath); + + ImageAddress =3D LoadedImage->ImageBase; + + PdbPointer =3D PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)ImageAddress); + if (PdbPointer !=3D NULL) { + DEBUG ((DEBUG_VERBOSE, " Image - %a\n", PdbPointer)); + } + switch (ProtectionPolicy) { - case DO_NOT_PROTECT: - return EFI_SUCCESS; case PROTECT_IF_ALIGNED_ELSE_ALLOW: - break; + // + // Check PE/COFF image + // + DosHdr =3D (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress; + PeCoffHeaderOffset =3D 0; + if (DosHdr->e_magic =3D=3D EFI_IMAGE_DOS_SIGNATURE) { + PeCoffHeaderOffset =3D DosHdr->e_lfanew; + } + + Hdr.Pe32 =3D (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress= + PeCoffHeaderOffset); + if (Hdr.Pe32->Signature !=3D EFI_IMAGE_NT_SIGNATURE) { + DEBUG ((DEBUG_INFO, "Hdr.Pe32->Signature invalid - 0x%x\n", Hdr.Pe= 32->Signature)); + // It might be image in SMM. + } else { + // + // Get SectionAlignment + // + if (Hdr.Pe32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HD= R32_MAGIC) { + SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionAlignment; + } else { + SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlignme= nt; + } + + if (SectionAlignment >=3D EFI_PAGE_SIZE) { + break; + } + + DEBUG (( + DEBUG_VERBOSE, + "!!!!!!!! ProtectUefiImageCommon - Section Alignment(0x%x) is i= ncorrect !!!!!!!!\n", + SectionAlignment + )); + } + // fall through to unprotect image if needed + case DO_NOT_PROTECT: + if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & + LShiftU64 (1, LoadedImage->ImageCodeType)) !=3D 0) + { + SetUefiImageMemoryAttributes ( + (UINTN)LoadedImage->ImageBase, + (LoadedImage->ImageSize + EFI_PAGE_MASK) & ~(UINT64)EFI_PAGE_MAS= K, + 0 + ); + } + + return EFI_SUCCESS; default: ASSERT (FALSE); return EFI_SUCCESS; @@ -396,47 +447,6 @@ ProtectUefiImage ( ImageRecord->ImageBase =3D (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->Ima= geBase; ImageRecord->ImageSize =3D LoadedImage->ImageSize; =20 - ImageAddress =3D LoadedImage->ImageBase; - - PdbPointer =3D PeCoffLoaderGetPdbPointer ((VOID *)(UINTN)ImageAddress); - if (PdbPointer !=3D NULL) { - DEBUG ((DEBUG_VERBOSE, " Image - %a\n", PdbPointer)); - } - - // - // Check PE/COFF image - // - DosHdr =3D (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress; - PeCoffHeaderOffset =3D 0; - if (DosHdr->e_magic =3D=3D EFI_IMAGE_DOS_SIGNATURE) { - PeCoffHeaderOffset =3D DosHdr->e_lfanew; - } - - Hdr.Pe32 =3D (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + P= eCoffHeaderOffset); - if (Hdr.Pe32->Signature !=3D EFI_IMAGE_NT_SIGNATURE) { - DEBUG ((DEBUG_VERBOSE, "Hdr.Pe32->Signature invalid - 0x%x\n", Hdr.Pe3= 2->Signature)); - // It might be image in SMM. - goto Finish; - } - - // - // Get SectionAlignment - // - if (Hdr.Pe32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MA= GIC) { - SectionAlignment =3D Hdr.Pe32->OptionalHeader.SectionAlignment; - } else { - SectionAlignment =3D Hdr.Pe32Plus->OptionalHeader.SectionAlignment; - } - - if (SectionAlignment >=3D EFI_PAGE_SIZE) { - DEBUG (( - DEBUG_VERBOSE, - "!!!!!!!! ProtectUefiImageCommon - Section Alignment(0x%x) is incor= rect !!!!!!!!\n", - SectionAlignment - )); - goto Finish; - } - Section =3D (EFI_IMAGE_SECTION_HEADER *)( (UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset + --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101139): https://edk2.groups.io/g/devel/message/101139 Mute This Topic: https://groups.io/mt/97586058/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-