MdeModulePkg/DxeCore: implement memory protection policy

This implements a DXE memory protection policy that ensures that regions
that don't require executable permissions are mapped with the non-exec
attribute set.

First of all, it iterates over all entries in the UEFI memory map, and
removes executable permissions according to the configured DXE memory
protection policy, as recorded in PcdDxeNxMemoryProtectionPolicy.

Secondly, it sets or clears the non-executable attribute when allocating
or freeing pages, both for page based or pool based allocations.

Note that this complements the image protection facility, which applies
strict permissions to BootServicesCode/RuntimeServicesCode regions when
the section alignment allows it. The memory protection configured by this
patch operates on non-code regions only.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Ard Biesheuvel
2017-02-24 14:51:33 +00:00
parent 973e388af2
commit 7eb927db3e
5 changed files with 409 additions and 1 deletions

View File

@@ -553,6 +553,9 @@ CoreAddMemoryDescriptor (
CoreFreeMemoryMapStack ();
CoreReleaseMemoryLock ();
ApplyMemoryProtectionPolicy (EfiMaxMemoryType, Type, Start,
EFI_PAGES_TO_SIZE (NumberOfPages));
//
// If Loading Module At Fixed Address feature is enabled. try to allocate memory with Runtime code & Boot time code type
//
@@ -1344,6 +1347,8 @@ CoreAllocatePages (
NULL
);
InstallMemoryAttributesTableOnMemoryAllocation (MemoryType);
ApplyMemoryProtectionPolicy (EfiConventionalMemory, MemoryType, *Memory,
EFI_PAGES_TO_SIZE (NumberOfPages));
}
return Status;
}
@@ -1460,6 +1465,8 @@ CoreFreePages (
NULL
);
InstallMemoryAttributesTableOnMemoryAllocation (MemoryType);
ApplyMemoryProtectionPolicy (MemoryType, EfiConventionalMemory, Memory,
EFI_PAGES_TO_SIZE (NumberOfPages));
}
return Status;
}