[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)



>>> On 09.09.15 at 11:37, <ian.campbell@xxxxxxxxxx> wrote:
> I'm not 100% what is going on, but if this (executable code on stack) is
> happening in grub is there something which is explicitly forbidden to UEFI
> apps by the UEFI spec?

Whether it's spelled out explicitly I don't know, but the separation
of memory types (*Code vs *Data) is clearly with the intention to
limit permissions. Hence an entity allocating *Data should not place
code there (as much as an entity allocating *Code shouldn't expect
to be able to write to that area, which kind of implies that such
allocations aren't useful from outside of UEFI, since then you have
no way to fill in the code you mean to execute).

> Or is it happening within UEFI itself based on a call from grub.efi?

That's still unclear at this point.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.