@@ -2949,4 +2949,12 @@ MemoryProtectionExitBootServicesCallback (
VOID
);
+/**
+ Convert DXE core image to BootServicesCode memory
+**/
+VOID
+ConvertDxeCoreImage (
+ VOID
+ );
+
#endif
@@ -396,6 +396,8 @@ DxeMain (
MemoryProfileInstallProtocol ();
+ ConvertDxeCoreImage ();
+
CoreInitializePropertiesTable ();
CoreInitializeMemoryAttributesTable ();
CoreInitializeMemoryProtection ();
@@ -1951,8 +1951,23 @@ Done:
}
+VOID
+ConvertDxeCoreImage (
+ VOID
+ )
+{
+ CoreAcquireMemoryLock ();
+ //
+ // Convert the memory region that backs the DXE core to a 'code' region, so
+ // that the strict permissions handling doesn't take our exec permissions
+ // away.
+ //
+ CoreConvertPages ((UINTN)gDxeCoreLoadedImage->ImageBase,
+ EFI_SIZE_TO_PAGES (gDxeCoreLoadedImage->ImageSize), EfiBootServicesCode);
+ CoreReleaseMemoryLock ();
+}
Before removing exec permissions from all non-code regions, ensure that the DXE core itself is covered by a BootServicesCode region, by adding a new function ConvertDxeCoreImage () and calling it at the right time from DxeMain (). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- MdeModulePkg/Core/Dxe/DxeMain.h | 8 ++++++++ MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 2 ++ MdeModulePkg/Core/Dxe/Mem/Page.c | 15 +++++++++++++++ 3 files changed, 25 insertions(+) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel