diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h index 815a6b4bd8..43daa037be 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformation[EfiMaxMemoryType + 1] extern BOOLEAN gDispatcherRunning; extern EFI_RUNTIME_ARCH_PROTOCOL gRuntimeTemplate; +extern BOOLEAN gMemoryAttributesTableForwardCfi; + extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE gLoadModuleAtFixAddressConfigurationTable; extern BOOLEAN gLoadFixedAddressCodeMemoryReady; // diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c index 8704ebea9a..9dbfb2a1fa 100644 --- a/MdeModulePkg/Core/Dxe/Image/Image.c +++ b/MdeModulePkg/Core/Dxe/Image/Image.c @@ -1399,6 +1399,16 @@ CoreLoadImageCommon ( CoreNewDebugImageInfoEntry (EFI_DEBUG_IMAGE_INFO_TYPE_NORMAL, &Image->Info, Image->Handle); } + // + // Check whether we are loading a runtime image that lacks support for + // IBT/BTI landing pads. + // + if ((Image->ImageContext.ImageCodeMemoryType == EfiRuntimeServicesCode) && + ((Image->ImageContext.DllCharacteristicsEx & EFI_IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT) == 0)) + { + gMemoryAttributesTableForwardCfi = FALSE; + } + // // Reinstall loaded image protocol to fire any notifications // diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c index 82fa026bce..fd127ee167 100644 --- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c +++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c @@ -89,6 +89,7 @@ BOOLEAN mMemoryAttributesTableEnable = TRUE; BOOLEAN mMemoryAttributesTableEndOfDxe = FALSE; EFI_MEMORY_ATTRIBUTES_TABLE *mMemoryAttributesTable = NULL; BOOLEAN mMemoryAttributesTableReadyToBoot = FALSE; +BOOLEAN gMemoryAttributesTableForwardCfi = TRUE; /** Install MemoryAttributesTable. @@ -182,7 +183,12 @@ InstallMemoryAttributesTable ( MemoryAttributesTable->Version = EFI_MEMORY_ATTRIBUTES_TABLE_VERSION; MemoryAttributesTable->NumberOfEntries = RuntimeEntryCount; MemoryAttributesTable->DescriptorSize = (UINT32)DescriptorSize; - MemoryAttributesTable->Flags = 0; + if (gMemoryAttributesTableForwardCfi) { + MemoryAttributesTable->Flags = EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD; + } else { + MemoryAttributesTable->Flags = 0; + } + DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n")); DEBUG ((DEBUG_VERBOSE, " Version - 0x%08x\n", MemoryAttributesTable->Version)); DEBUG ((DEBUG_VERBOSE, " NumberOfEntries - 0x%08x\n", MemoryAttributesTable->NumberOfEntries));