3 files changed, 19 insertions, 1 deletions

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index 815a6b4bd8..43daa037be 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -280,6 +280,8 @@ extern EFI_MEMORY_TYPE_INFORMATION  gMemoryTypeInformation[EfiMaxMemoryType + 1]
 extern BOOLEAN                    gDispatcherRunning;

 extern EFI_RUNTIME_ARCH_PROTOCOL  gRuntimeTemplate;

 

+extern BOOLEAN  gMemoryAttributesTableForwardCfi;

+

 extern EFI_LOAD_FIXED_ADDRESS_CONFIGURATION_TABLE  gLoadModuleAtFixAddressConfigurationTable;

 extern BOOLEAN                                     gLoadFixedAddressCodeMemoryReady;

 //

diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
index 8704ebea9a..9dbfb2a1fa 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -1400,6 +1400,16 @@ CoreLoadImageCommon (
   }

 

   //

+  // Check whether we are loading a runtime image that lacks support for

+  // IBT/BTI landing pads.

+  //

+  if ((Image->ImageContext.ImageCodeMemoryType == EfiRuntimeServicesCode) &&

+      ((Image->ImageContext.DllCharacteristicsEx & EFI_IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT) == 0))

+  {

+    gMemoryAttributesTableForwardCfi = FALSE;

+  }

+

+  //

   // Reinstall loaded image protocol to fire any notifications

   //

   Status = CoreReinstallProtocolInterface (

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
index 82fa026bce..fd127ee167 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
@@ -89,6 +89,7 @@ BOOLEAN                      mMemoryAttributesTableEnable      = TRUE;
 BOOLEAN                      mMemoryAttributesTableEndOfDxe    = FALSE;

 EFI_MEMORY_ATTRIBUTES_TABLE  *mMemoryAttributesTable           = NULL;

 BOOLEAN                      mMemoryAttributesTableReadyToBoot = FALSE;

+BOOLEAN                      gMemoryAttributesTableForwardCfi  = TRUE;

 

 /**

   Install MemoryAttributesTable.

@@ -182,7 +183,12 @@ InstallMemoryAttributesTable (
   MemoryAttributesTable->Version         = EFI_MEMORY_ATTRIBUTES_TABLE_VERSION;

   MemoryAttributesTable->NumberOfEntries = RuntimeEntryCount;

   MemoryAttributesTable->DescriptorSize  = (UINT32)DescriptorSize;

-  MemoryAttributesTable->Flags           = 0;

+  if (gMemoryAttributesTableForwardCfi) {

+    MemoryAttributesTable->Flags = EFI_MEMORY_ATTRIBUTES_FLAGS_RT_FORWARD_CONTROL_FLOW_GUARD;

+  } else {

+    MemoryAttributesTable->Flags = 0;

+  }

+

   DEBUG ((DEBUG_VERBOSE, "MemoryAttributesTable:\n"));

   DEBUG ((DEBUG_VERBOSE, "  Version              - 0x%08x\n", MemoryAttributesTable->Version));

   DEBUG ((DEBUG_VERBOSE, "  NumberOfEntries      - 0x%08x\n", MemoryAttributesTable->NumberOfEntries));