From a564d558623c199872f43c3b4a4aade9d1896b56 Mon Sep 17 00:00:00 2001 From: Mikhail Krichanov Date: Thu, 20 Apr 2023 11:03:03 +0300 Subject: [PATCH] MdePkg: Add PCD to remove X perm from image sections with WX perms This feature is useful for images created by old Apple mtoc utility. Signed-off-by: Vitaly Cheptsov --- MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf | 1 + MdePkg/Library/BasePeCoffLib2/PeCoffInit.c | 2 +- .../Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf | 1 + MdePkg/Library/BaseUefiImageLib/PeCoffSupport.c | 4 ++++ MdePkg/MdePkg.dec | 9 +++++++++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf b/MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf index f2a295b8ab..1ab7022e29 100644 --- a/MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf +++ b/MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf @@ -46,3 +46,4 @@ gEfiMdePkgTokenSpaceGuid.PcdImageLoaderProhibitTe gEfiMdePkgTokenSpaceGuid.PcdImageLoaderAllowMisalignedOffset gEfiMdePkgTokenSpaceGuid.PcdDebugRaisePropertyMask + gEfiMdePkgTokenSpaceGuid.PcdImageLoaderRemoveXForWX diff --git a/MdePkg/Library/BasePeCoffLib2/PeCoffInit.c b/MdePkg/Library/BasePeCoffLib2/PeCoffInit.c index 180cb40a49..0209c0d847 100644 --- a/MdePkg/Library/BasePeCoffLib2/PeCoffInit.c +++ b/MdePkg/Library/BasePeCoffLib2/PeCoffInit.c @@ -125,7 +125,7 @@ InternalVerifySections ( // Verify the Image section adheres to the W^X principle, if the policy // demands it. // - if (PcdGetBool (PcdImageLoaderWXorX)) { + if (PcdGetBool (PcdImageLoaderWXorX) && !PcdGetBool (PcdImageLoaderRemoveXForWX)) { if ((Sections[SectionIndex].Characteristics & (EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE)) == (EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE)) { DEBUG_RAISE (); return RETURN_VOLUME_CORRUPTED; diff --git a/MdePkg/Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf b/MdePkg/Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf index 6185cf7edf..3c289fc1a5 100644 --- a/MdePkg/Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf +++ b/MdePkg/Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf @@ -38,3 +38,4 @@ gEfiMdePkgTokenSpaceGuid.PcdImageLoaderLoadHeader gEfiMdePkgTokenSpaceGuid.PcdImageLoaderProhibitTe gEfiMdePkgTokenSpaceGuid.PcdDebugRaisePropertyMask + gEfiMdePkgTokenSpaceGuid.PcdImageLoaderRemoveXForWX diff --git a/MdePkg/Library/BaseUefiImageLib/PeCoffSupport.c b/MdePkg/Library/BaseUefiImageLib/PeCoffSupport.c index 5c98de8673..37794d4e64 100644 --- a/MdePkg/Library/BaseUefiImageLib/PeCoffSupport.c +++ b/MdePkg/Library/BaseUefiImageLib/PeCoffSupport.c @@ -37,6 +37,10 @@ InternalCharacteristicsToAttributes ( { UINT32 Attributes; + if (PcdGetBool (PcdImageLoaderRemoveXForWX) && (Characteristics & (EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE)) == (EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE)) { + Characteristics &= ~EFI_IMAGE_SCN_MEM_EXECUTE; + } + Attributes = 0; if ((Characteristics & EFI_IMAGE_SCN_MEM_READ) == 0) { Attributes |= EFI_MEMORY_RP; diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 078f954fd1..5a3af1031c 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -2278,6 +2278,15 @@ # @Prompt Allow Misaligned Offset. gEfiMdePkgTokenSpaceGuid.PcdImageLoaderAllowMisalignedOffset|FALSE|BOOLEAN|0x40001020 + ## Indicates whether Image sections that do not adhere to the W^X principle + # by mistake will have their X permission removed at load time.

+ # TRUE - Image sections with WX permissions will have X permission removed.
+ # FALSE - Image sections with WX permissions will be treated by PcdImageLoaderWXorX.
+ # This feature is only useful for images created by old Apple mtoc utility. Do not enable + # it unless such images need to be supported. + # @Prompt Remove X permission from WX sections. + gEfiMdePkgTokenSpaceGuid.PcdImageLoaderRemoveXForWX|FALSE|BOOLEAN|0x40001021 + [PcdsFixedAtBuild,PcdsPatchableInModule] ## Indicates the maximum length of unicode string used in the following # BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy()