MdeModulePkg/DxeCore: implement memory protection policy

This implements a DXE memory protection policy that ensures that regions
that don't require executable permissions are mapped with the non-exec
attribute set.

First of all, it iterates over all entries in the UEFI memory map, and
removes executable permissions according to the configured DXE memory
protection policy, as recorded in PcdDxeNxMemoryProtectionPolicy.

Secondly, it sets or clears the non-executable attribute when allocating
or freeing pages, both for page based or pool based allocations.

Note that this complements the image protection facility, which applies
strict permissions to BootServicesCode/RuntimeServicesCode regions when
the section alignment allows it. The memory protection configured by this
patch operates on non-code regions only.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Ard Biesheuvel
2017-02-24 14:51:33 +00:00
parent 973e388af2
commit 7eb927db3e
5 changed files with 409 additions and 1 deletions

View File

@@ -2949,4 +2949,28 @@ MemoryProtectionExitBootServicesCallback (
VOID
);
/**
Manage memory permission attributes on a memory range, according to the
configured DXE memory protection policy.
@param OldType The old memory type of the range
@param NewType The new memory type of the range
@param Memory The base address of the range
@param Length The size of the range (in bytes)
@return EFI_SUCCESS If the the CPU arch protocol is not installed yet
@return EFI_SUCCESS If no DXE memory protection policy has been configured
@return EFI_SUCCESS If OldType and NewType use the same permission attributes
@return other Return value of gCpu->SetMemoryAttributes()
**/
EFI_STATUS
EFIAPI
ApplyMemoryProtectionPolicy (
IN EFI_MEMORY_TYPE OldType,
IN EFI_MEMORY_TYPE NewType,
IN EFI_PHYSICAL_ADDRESS Memory,
IN UINT64 Length
);
#endif