[edk2-devel] [PATCH v3 03/16] ArmVirtPkg: make EFI_LOADER_DATA non-executable
Leif Lindholm
quic_llindhol at quicinc.com
Mon Sep 26 22:28:27 UTC 2022
On 2022-09-26 01:24, Ard Biesheuvel wrote:
> When the memory protections were implemented and enabled on ArmVirtQemu
> 5+ years ago, we had to work around the fact that GRUB at the time
> expected EFI_LOADER_DATA to be executable, as that is the memory type it
> allocates when loading its modules.
>
> This has been fixed in GRUB in August 2017, so by now, we should be able
> to tighten this, and remove execute permissions from EFI_LOADER_DATA
> allocations.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> ---
> ArmVirtPkg/ArmVirt.dsc.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 34575585adbb..462073517a22 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -368,7 +368,7 @@ [PcdsFixedAtBuild.common]
> # reserved ones, with the exception of LoaderData regions, of which OS loaders
>
> # (i.e., GRUB) may assume that its contents are executable.
>
Should the comment be updated too ("old versions of GRUB")?
Regardless:
Reviewed-by: Leif Lindholm <quic_llindhol at quicinc.com>
/
Leif
> #
>
> - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
>
> + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
>
>
>
> [Components.common]
>
> #
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#94364): https://edk2.groups.io/g/devel/message/94364
Mute This Topic: https://groups.io/mt/93922691/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list