tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-27 15:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/DxeCore: Re-use ImageIsFromFv for memory protection

Browse Source
This commit is contained in:
Marvin Häuser 2023-05-05 11:33:30 +02:00 committed by Mikhail Krichanov
parent 4e04fa016e
commit ec35a44c1e
4 changed files with 20 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
MdeModulePkg/Core/Dxe/DxeMain.h
View File

@ -2727,11 +2727,14 @@ RemoveImageRecord (
Protect UEFI image. Protect UEFI image.
@param[in] LoadedImage The loaded image protocol @param[in] LoadedImage The loaded image protocol
@param[in] ImageType Whether File comes from FV. Must be FALSE
or TRUE.
@param[in] LoadedImageDevicePath The loaded image device path protocol @param[in] LoadedImageDevicePath The loaded image device path protocol
**/ **/
VOID VOID
ProtectUefiImage ( ProtectUefiImage (
IN LOADED_IMAGE_PRIVATE_DATA *Image, IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage,
IN BOOLEAN ImageIsFromFv,
UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext
); );

2
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
View File

@ -331,7 +331,7 @@ DxeMain (
CoreInitializeMemoryProtection (); CoreInitializeMemoryProtection ();
ProtectUefiImage (mCurrentImage, &ImageContext); ProtectUefiImage (&mCurrentImage->Info, TRUE, &ImageContext);
// //
// Call constructor for all libraries // Call constructor for all libraries

2
MdeModulePkg/Core/Dxe/Image/Image.c
View File

@ -1383,7 +1383,7 @@ CoreLoadImageCommon (
} }
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
ProtectUefiImage (Image, &ImageContext); ProtectUefiImage (&Image->Info, ImageIsFromFv, &ImageContext);
RegisterMemoryProfileImage ( RegisterMemoryProfileImage (
Image->LoadedImageDevicePath, Image->LoadedImageDevicePath,

92
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
View File

@ -47,12 +47,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "ProcessorBind.h" #include "ProcessorBind.h"
#include "Uefi/UefiMultiPhase.h" #include "Uefi/UefiMultiPhase.h"
//
// Image type definitions
//
#define IMAGE_UNKNOWN 0x00000001
#define IMAGE_FROM_FV 0x00000002
// //
// Protection policy bit definition // Protection policy bit definition
// //
@ -71,67 +65,21 @@ extern LIST_ENTRY mGcdMemorySpaceMap;
STATIC LIST_ENTRY mProtectedImageRecordList; STATIC LIST_ENTRY mProtectedImageRecordList;
/**
Get the image type.
@param[in] File This is a pointer to the device path of the file that is
being dispatched.
@return UINT32 Image Type
**/
UINT32
GetImageType (
IN CONST EFI_DEVICE_PATH_PROTOCOL *File
)
{
EFI_STATUS Status;
EFI_HANDLE DeviceHandle;
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
if (File == NULL) {
return IMAGE_UNKNOWN;
}
//
// First check to see if File is from a Firmware Volume
//
DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath (
&gEfiFirmwareVolume2ProtocolGuid,
&TempDevicePath,
&DeviceHandle
);
if (!EFI_ERROR (Status)) {
Status = gBS->OpenProtocol (
DeviceHandle,
&gEfiFirmwareVolume2ProtocolGuid,
NULL,
NULL,
NULL,
EFI_OPEN_PROTOCOL_TEST_PROTOCOL
);
if (!EFI_ERROR (Status)) {
return IMAGE_FROM_FV;
}
}
return IMAGE_UNKNOWN;
}
/** /**
Get UEFI image protection policy based upon image type. Get UEFI image protection policy based upon image type.
@param[in] ImageType The UEFI image type @param[in] ImageIsFromFv Whether File comes from FV. Must be FALSE or TRUE.
@return UEFI image protection policy @return UEFI image protection policy
**/ **/
UINT32 UINT32
GetProtectionPolicyFromImageType ( GetProtectionPolicyFromImageType (
IN UINT32 ImageType IN BOOLEAN ImageIsFromFv
) )
{ {
if ((ImageType & mImageProtectionPolicy) == 0) { ASSERT (ImageIsFromFv == FALSE || ImageIsFromFv == TRUE);
if (((ImageIsFromFv + 1) & mImageProtectionPolicy) == 0) {
return DO_NOT_PROTECT; return DO_NOT_PROTECT;
} else { } else {
return PROTECT_IF_ALIGNED_ELSE_ALLOW; return PROTECT_IF_ALIGNED_ELSE_ALLOW;
@ -141,19 +89,16 @@ GetProtectionPolicyFromImageType (
/** /**
Get UEFI image protection policy based upon loaded image device path. Get UEFI image protection policy based upon loaded image device path.
@param[in] LoadedImage The loaded image protocol @param[in] ImageIsFromFv Whether File comes from FV. Must be FALSE or TRUE.
@param[in] LoadedImageDevicePath The loaded image device path protocol
@return UEFI image protection policy @return UEFI image protection policy
**/ **/
UINT32 UINT32
GetUefiImageProtectionPolicy ( GetUefiImageProtectionPolicy (
IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage, IN BOOLEAN ImageIsFromFv
IN EFI_DEVICE_PATH_PROTOCOL *LoadedImageDevicePath
) )
{ {
BOOLEAN InSmm; BOOLEAN InSmm;
UINT32 ImageType;
UINT32 ProtectionPolicy; UINT32 ProtectionPolicy;
// //
@ -168,16 +113,7 @@ GetUefiImageProtectionPolicy (
return FALSE; return FALSE;
} }
// ProtectionPolicy = GetProtectionPolicyFromImageType (ImageIsFromFv);
// Check DevicePath
//
if (LoadedImage == gDxeCoreLoadedImage) {
ImageType = IMAGE_FROM_FV;
} else {
ImageType = GetImageType (LoadedImageDevicePath);
}
ProtectionPolicy = GetProtectionPolicyFromImageType (ImageType);
return ProtectionPolicy; return ProtectionPolicy;
} }
@ -288,17 +224,18 @@ IsMemoryProtectionSectionAligned (
Protect UEFI PE/COFF image. Protect UEFI PE/COFF image.
@param[in] LoadedImage The loaded image protocol @param[in] LoadedImage The loaded image protocol
@param[in] ImageIsFromFv Whether File comes from FV. Must be FALSE
or TRUE.
@param[in] LoadedImageDevicePath The loaded image device path protocol @param[in] LoadedImageDevicePath The loaded image device path protocol
**/ **/
VOID VOID
ProtectUefiImage ( ProtectUefiImage (
IN LOADED_IMAGE_PRIVATE_DATA *Image, IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage,
IN BOOLEAN ImageIsFromFv,
UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext
) )
{ {
RETURN_STATUS PdbStatus; RETURN_STATUS PdbStatus;
EFI_LOADED_IMAGE_PROTOCOL *LoadedImage;
EFI_DEVICE_PATH_PROTOCOL *LoadedImageDevicePath;
UINT32 SectionAlignment; UINT32 SectionAlignment;
UEFI_IMAGE_RECORD *ImageRecord; UEFI_IMAGE_RECORD *ImageRecord;
CONST CHAR8 *PdbPointer; CONST CHAR8 *PdbPointer;
@ -306,13 +243,10 @@ ProtectUefiImage (
BOOLEAN IsAligned; BOOLEAN IsAligned;
UINT32 ProtectionPolicy; UINT32 ProtectionPolicy;
LoadedImage = &Image->Info;
LoadedImageDevicePath = Image->LoadedImageDevicePath;
DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage)); DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize)); DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
ProtectionPolicy = GetUefiImageProtectionPolicy (LoadedImage, LoadedImageDevicePath); ProtectionPolicy = GetUefiImageProtectionPolicy (ImageIsFromFv);
switch (ProtectionPolicy) { switch (ProtectionPolicy) {
case DO_NOT_PROTECT: case DO_NOT_PROTECT:
return; return;