On 21 October 2015 at 15:24, Borislav Petkov <b...@alien8.de> wrote: > On Wed, Oct 21, 2015 at 02:57:47PM +0200, Ard Biesheuvel wrote: >> ... For the remaining cases, which is the vast majority, no such >> assumptions can be made, and since the UEFI runtime regions are >> typically populated with a bunch of PE/COFF images (each of which >> consists of text + data), inferring where the boundaries are between >> them does not seem tractable (for instance, to only map 'boundary' >> pages RWX) > > How much of a problem would it be if we still do the on-demand page > faulting and map a trailing piece of code together with the data in a > page RWX? > > Still better than mapping the *whole* thing RWX, no? >
In theory, yes. In practice, since this is supposed to be a security enhancement, we need some kind of ground truth to tell us which pages can be legally modified *and* executed, so that we can detect the illegal cases. My point was that, since a multitude of PE/COFF images can be covered by a single EfiRuntimeServicesCode region, the UEFI memory map does not give us enough information to make the distinction between a page that sits on the text/data boundary of some PE/COFF image and a page that sits wholly in either. -- Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/