--- /dev/null
+/**@file\r
+\r
+Copyright (c) 2006 - 2009, Intel Corporation. All rights reserved.<BR>\r
+Portions copyright (c) 2008 - 2010, Apple Inc. All rights reserved.<BR>\r
+Portions copyright (c) 2011 - 2018, ARM Ltd. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+\r
+#include <Library/ArmMmuLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/PcdLib.h>\r
+#include <Library/PeCoffLib.h>\r
+#include <Library/PeCoffExtraActionLib.h>\r
+\r
+typedef RETURN_STATUS (*REGION_PERMISSION_UPDATE_FUNC) (\r
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,\r
+ IN UINT64 Length\r
+ );\r
+\r
+STATIC\r
+RETURN_STATUS\r
+UpdatePeCoffPermissions (\r
+ IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
+ IN REGION_PERMISSION_UPDATE_FUNC NoExecUpdater,\r
+ IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater\r
+ )\r
+{\r
+ RETURN_STATUS Status;\r
+ EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
+ EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData;\r
+ UINTN Size;\r
+ UINTN ReadSize;\r
+ UINT32 SectionHeaderOffset;\r
+ UINTN NumberOfSections;\r
+ UINTN Index;\r
+ EFI_IMAGE_SECTION_HEADER SectionHeader;\r
+ PE_COFF_LOADER_IMAGE_CONTEXT TmpContext;\r
+ EFI_PHYSICAL_ADDRESS Base;\r
+\r
+ //\r
+ // We need to copy ImageContext since PeCoffLoaderGetImageInfo ()\r
+ // will mangle the ImageAddress field\r
+ //\r
+ CopyMem (&TmpContext, ImageContext, sizeof (TmpContext));\r
+\r
+ if (TmpContext.PeCoffHeaderOffset == 0) {\r
+ Status = PeCoffLoaderGetImageInfo (&TmpContext);\r
+ if (RETURN_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n",\r
+ __FUNCTION__, Status));\r
+ return Status;\r
+ }\r
+ }\r
+\r
+ if (TmpContext.IsTeImage &&\r
+ TmpContext.ImageAddress == ImageContext->ImageAddress) {\r
+ DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__,\r
+ ImageContext->ImageAddress));\r
+ return RETURN_SUCCESS;\r
+ }\r
+\r
+ if (TmpContext.SectionAlignment < EFI_PAGE_SIZE) {\r
+ //\r
+ // The sections need to be at least 4 KB aligned, since that is the\r
+ // granularity at which we can tighten permissions. So just clear the\r
+ // noexec permissions on the entire region.\r
+ //\r
+ if (!TmpContext.IsTeImage) {\r
+ DEBUG ((DEBUG_WARN,\r
+ "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",\r
+ __FUNCTION__, ImageContext->ImageAddress, TmpContext.SectionAlignment));\r
+ }\r
+ Base = ImageContext->ImageAddress & ~(EFI_PAGE_SIZE - 1);\r
+ Size = ImageContext->ImageAddress - Base + ImageContext->ImageSize;\r
+ return NoExecUpdater (Base, ALIGN_VALUE (Size, EFI_PAGE_SIZE));\r
+ }\r
+\r
+ //\r
+ // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much\r
+ // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic\r
+ // determines if this is a PE32 or PE32+ image. The magic is in the same\r
+ // location in both images.\r
+ //\r
+ Hdr.Union = &HdrData;\r
+ Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);\r
+ ReadSize = Size;\r
+ Status = TmpContext.ImageRead (TmpContext.Handle,\r
+ TmpContext.PeCoffHeaderOffset, &Size, Hdr.Pe32);\r
+ if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: TmpContext.ImageRead () failed (Status = %r)\n",\r
+ __FUNCTION__, Status));\r
+ return Status;\r
+ }\r
+\r
+ ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);\r
+\r
+ SectionHeaderOffset = TmpContext.PeCoffHeaderOffset + sizeof (UINT32) +\r
+ sizeof (EFI_IMAGE_FILE_HEADER);\r
+ NumberOfSections = (UINTN)(Hdr.Pe32->FileHeader.NumberOfSections);\r
+\r
+ switch (Hdr.Pe32->OptionalHeader.Magic) {\r
+ case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:\r
+ SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;\r
+ break;\r
+ case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:\r
+ SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;\r
+ break;\r
+ default:\r
+ ASSERT (FALSE);\r
+ }\r
+\r
+ //\r
+ // Iterate over the sections\r
+ //\r
+ for (Index = 0; Index < NumberOfSections; Index++) {\r
+ //\r
+ // Read section header from file\r
+ //\r
+ Size = sizeof (EFI_IMAGE_SECTION_HEADER);\r
+ ReadSize = Size;\r
+ Status = TmpContext.ImageRead (TmpContext.Handle, SectionHeaderOffset,\r
+ &Size, &SectionHeader);\r
+ if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r
+ DEBUG ((DEBUG_ERROR,\r
+ "%a: TmpContext.ImageRead () failed (Status = %r)\n",\r
+ __FUNCTION__, Status));\r
+ return Status;\r
+ }\r
+\r
+ Base = TmpContext.ImageAddress + SectionHeader.VirtualAddress;\r
+\r
+ if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) {\r
+\r
+ if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) == 0 &&\r
+ TmpContext.ImageType != EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER) {\r
+\r
+ DEBUG ((DEBUG_INFO,\r
+ "%a: Mapping section %d of image at 0x%lx with RO-XN permissions and size 0x%x\n",\r
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));\r
+ ReadOnlyUpdater (Base, SectionHeader.Misc.VirtualSize);\r
+ } else {\r
+ DEBUG ((DEBUG_WARN,\r
+ "%a: Mapping section %d of image at 0x%lx with RW-XN permissions and size 0x%x\n",\r
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));\r
+ }\r
+ } else {\r
+ DEBUG ((DEBUG_INFO,\r
+ "%a: Mapping section %d of image at 0x%lx with RO-XN permissions and size 0x%x\n",\r
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));\r
+ ReadOnlyUpdater (Base, SectionHeader.Misc.VirtualSize);\r
+\r
+ DEBUG ((DEBUG_INFO,\r
+ "%a: Mapping section %d of image at 0x%lx with RO-X permissions and size 0x%x\n",\r
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));\r
+ NoExecUpdater (Base, SectionHeader.Misc.VirtualSize);\r
+ }\r
+\r
+ SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER);\r
+ }\r
+ return RETURN_SUCCESS;\r
+}\r
+\r
+/**\r
+ Performs additional actions after a PE/COFF image has been loaded and relocated.\r
+\r
+ If ImageContext is NULL, then ASSERT().\r
+\r
+ @param ImageContext Pointer to the image context structure that describes the\r
+ PE/COFF image that has already been loaded and relocated.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+PeCoffLoaderRelocateImageExtraAction (\r
+ IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext\r
+ )\r
+{\r
+ UpdatePeCoffPermissions (\r
+ ImageContext,\r
+ ArmClearMemoryRegionNoExec,\r
+ ArmSetMemoryRegionReadOnly\r
+ );\r
+}\r
+\r
+\r
+\r
+/**\r
+ Performs additional actions just before a PE/COFF image is unloaded. Any resources\r
+ that were allocated by PeCoffLoaderRelocateImageExtraAction() must be freed.\r
+\r
+ If ImageContext is NULL, then ASSERT().\r
+\r
+ @param ImageContext Pointer to the image context structure that describes the\r
+ PE/COFF image that is being unloaded.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+PeCoffLoaderUnloadImageExtraAction (\r
+ IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext\r
+ )\r
+{\r
+ UpdatePeCoffPermissions (\r
+ ImageContext,\r
+ ArmSetMemoryRegionNoExec,\r
+ ArmClearMemoryRegionReadOnly\r
+ );\r
+}\r