[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)

To: "Ian Campbell" <ian.campbell@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 09 Sep 2015 04:06:02 -0600
Cc: Jordan L Justen <jordan.l.justen@xxxxxxxxx>, edk2-devel-01 <edk2-devel@xxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>, AnthonyPERARD <anthony.perard@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Laszlo Ersek <lersek@xxxxxxxxxx>, Star Zeng <star.zeng@xxxxxxxxx>
Delivery-date: Wed, 09 Sep 2015 10:06:11 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 09.09.15 at 11:37, <ian.campbell@xxxxxxxxxx> wrote:
> I'm not 100% what is going on, but if this (executable code on stack) is
> happening in grub is there something which is explicitly forbidden to UEFI
> apps by the UEFI spec?

Whether it's spelled out explicitly I don't know, but the separation
of memory types (*Code vs *Data) is clearly with the intention to
limit permissions. Hence an entity allocating *Data should not place
code there (as much as an entity allocating *Code shouldn't expect
to be able to write to that area, which kind of implies that such
allocations aren't useful from outside of UEFI, since then you have
no way to fill in the code you mean to execute).

> Or is it happening within UEFI itself based on a call from grub.efi?

That's still unclear at this point.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
  - From: Anthony PERARD
- Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
  - From: Laszlo Ersek
- Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
  - From: Jan Beulich
- Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] [xen-unstable test] 61521: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH v4 10/11] x86/intel_pstate: support the use of intel_pstate in pmstat.c
Previous by thread: Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
Next by thread: Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.