MdeModulePkg/DxeCore: base code protection on permission attributes

Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE
can always be mapped read-only, classify a section as a code section only
if it has the executable attribute set and the writable attribute cleared.

This adheres more closely to the PE/COFF spec, and avoids issues with
Linux OS loaders that may consist of a single read/write/execute section.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index c36612a1b1f2c1b4f49fe26dfb3501db4aaaa9b2..46d88463d417b476e7d476c2440b341e1815a060 100644 (file)
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -533,7 +533,15 @@ ProtectUefiImageCommon (
       Name[7]\r
       ));\r
 \r
-    if ((Section[Index].Characteristics & EFI_IMAGE_SCN_CNT_CODE) != 0) {\r
+    //\r
+    // Instead of assuming that a PE/COFF section of type EFI_IMAGE_SCN_CNT_CODE\r
+    // can always be mapped read-only, classify a section as a code section only\r
+    // if it has the executable attribute set and the writable attribute cleared.\r
+    //\r
+    // This adheres more closely to the PE/COFF spec, and avoids issues with\r
+    // Linux OS loaders that may consist of a single read/write/execute section.\r
+    //\r
+    if ((Section[Index].Characteristics & (EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)) == EFI_IMAGE_SCN_MEM_EXECUTE) {\r
       DEBUG ((DEBUG_VERBOSE, "  VirtualSize          - 0x%08x\n", Section[Index].Misc.VirtualSize));\r
       DEBUG ((DEBUG_VERBOSE, "  VirtualAddress       - 0x%08x\n", Section[Index].VirtualAddress));\r
       DEBUG ((DEBUG_VERBOSE, "  SizeOfRawData        - 0x%08x\n", Section[Index].SizeOfRawData));\r