tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/DxeCore: Re-use ImageIsFromFv for memory protection

This commit is contained in:
Marvin Häuser 2023-05-05 11:33:30 +02:00 committed by Mikhail Krichanov
parent ab361688e4
commit fe0d5cac87
4 changed files with 20 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
MdeModulePkg/Core/Dxe/DxeMain.h
View File

@ -2720,12 +2720,15 @@ RemoveImageRecord (
Protect UEFI image.
@param[in] LoadedImage The loaded image protocol
@param[in] ImageType Whether File comes from FV. Must be FALSE
or TRUE.
@param[in] LoadedImageDevicePath The loaded image device path protocol
**/
VOID
ProtectUefiImage (
IN LOADED_IMAGE_PRIVATE_DATA *Image,
UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext
IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage,
IN BOOLEAN ImageIsFromFv,
UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext
);
/**

2
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
View File

@ -318,7 +318,7 @@ DxeMain (
CoreInitializeMemoryProtection ();
ProtectUefiImage (mCurrentImage, &ImageContext);
ProtectUefiImage (&mCurrentImage->Info, TRUE, &ImageContext);
//
// Call constructor for all libraries

2
MdeModulePkg/Core/Dxe/Image/Image.c
View File

@ -1383,7 +1383,7 @@ CoreLoadImageCommon (
}
Status = EFI_SUCCESS;
ProtectUefiImage (Image, &ImageContext);
ProtectUefiImage (&Image->Info, ImageIsFromFv, &ImageContext);
RegisterMemoryProfileImage (
Image->LoadedImageDevicePath,

92
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
View File

@ -46,12 +46,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "ProcessorBind.h"
#include "Uefi/UefiMultiPhase.h"
//
// Image type definitions
//
#define IMAGE_UNKNOWN 0x00000001
#define IMAGE_FROM_FV 0x00000002
//
// Protection policy bit definition
//
@ -70,67 +64,21 @@ extern LIST_ENTRY mGcdMemorySpaceMap;
STATIC LIST_ENTRY mProtectedImageRecordList;
/**
Get the image type.
@param[in] File This is a pointer to the device path of the file that is
being dispatched.
@return UINT32 Image Type
**/
UINT32
GetImageType (
IN CONST EFI_DEVICE_PATH_PROTOCOL *File
)
{
EFI_STATUS Status;
EFI_HANDLE DeviceHandle;
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
if (File == NULL) {
return IMAGE_UNKNOWN;
}
//
// First check to see if File is from a Firmware Volume
//
DeviceHandle = NULL;
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
Status = gBS->LocateDevicePath (
&gEfiFirmwareVolume2ProtocolGuid,
&TempDevicePath,
&DeviceHandle
);
if (!EFI_ERROR (Status)) {
Status = gBS->OpenProtocol (
DeviceHandle,
&gEfiFirmwareVolume2ProtocolGuid,
NULL,
NULL,
NULL,
EFI_OPEN_PROTOCOL_TEST_PROTOCOL
);
if (!EFI_ERROR (Status)) {
return IMAGE_FROM_FV;
}
}
return IMAGE_UNKNOWN;
}
/**
Get UEFI image protection policy based upon image type.
@param[in] ImageType The UEFI image type
@param[in] ImageIsFromFv Whether File comes from FV. Must be FALSE or TRUE.
@return UEFI image protection policy
**/
UINT32
GetProtectionPolicyFromImageType (
IN UINT32 ImageType
IN BOOLEAN ImageIsFromFv
)
{
if ((ImageType & mImageProtectionPolicy) == 0) {
ASSERT (ImageIsFromFv == FALSE || ImageIsFromFv == TRUE);
if (((ImageIsFromFv + 1) & mImageProtectionPolicy) == 0) {
return DO_NOT_PROTECT;
} else {
return PROTECT_IF_ALIGNED_ELSE_ALLOW;
@ -140,19 +88,16 @@ GetProtectionPolicyFromImageType (
/**
Get UEFI image protection policy based upon loaded image device path.
@param[in] LoadedImage The loaded image protocol
@param[in] LoadedImageDevicePath The loaded image device path protocol
@param[in] ImageIsFromFv Whether File comes from FV. Must be FALSE or TRUE.
@return UEFI image protection policy
**/
UINT32
GetUefiImageProtectionPolicy (
IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage,
IN EFI_DEVICE_PATH_PROTOCOL *LoadedImageDevicePath
IN BOOLEAN ImageIsFromFv
)
{
BOOLEAN InSmm;
UINT32 ImageType;
UINT32 ProtectionPolicy;
//
@ -167,16 +112,7 @@ GetUefiImageProtectionPolicy (
return FALSE;
}
//
// Check DevicePath
//
if (LoadedImage == gDxeCoreLoadedImage) {
ImageType = IMAGE_FROM_FV;
} else {
ImageType = GetImageType (LoadedImageDevicePath);
}
ProtectionPolicy = GetProtectionPolicyFromImageType (ImageType);
ProtectionPolicy = GetProtectionPolicyFromImageType (ImageIsFromFv);
return ProtectionPolicy;
}
@ -286,17 +222,18 @@ IsMemoryProtectionSectionAligned (
Protect UEFI PE/COFF image.
@param[in] LoadedImage The loaded image protocol
@param[in] ImageIsFromFv Whether File comes from FV. Must be FALSE
or TRUE.
@param[in] LoadedImageDevicePath The loaded image device path protocol
**/
VOID
ProtectUefiImage (
IN LOADED_IMAGE_PRIVATE_DATA *Image,
IN EFI_LOADED_IMAGE_PROTOCOL *LoadedImage,
IN BOOLEAN ImageIsFromFv,
UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext
)
{
RETURN_STATUS PdbStatus;
EFI_LOADED_IMAGE_PROTOCOL *LoadedImage;
EFI_DEVICE_PATH_PROTOCOL *LoadedImageDevicePath;
UINT32 SectionAlignment;
UEFI_IMAGE_RECORD *ImageRecord;
CONST CHAR8 *PdbPointer;
@ -304,13 +241,10 @@ ProtectUefiImage (
BOOLEAN IsAligned;
UINT32 ProtectionPolicy;
LoadedImage = &Image->Info;
LoadedImageDevicePath = Image->LoadedImageDevicePath;
DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
ProtectionPolicy = GetUefiImageProtectionPolicy (LoadedImage, LoadedImageDevicePath);
ProtectionPolicy = GetUefiImageProtectionPolicy (ImageIsFromFv);
switch (ProtectionPolicy) {
case DO_NOT_PROTECT:
return;