ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Tue, 28 Feb 2017 12:13:12 +0000 (12:13 +0000)
committerArd Biesheuvel <ard.biesheuvel@linaro.org>
Wed, 8 Mar 2017 08:50:18 +0000 (09:50 +0100)
The primary use case for UncachedMemoryAllocationLib is non-coherent DMA,
which implies that such regions are not used to fetch instructions from.

So let's map them as non-executable, to avoid creating a security hole
when the rest of the platform may be enforcing strict memory permissions
on ordinary allocations.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c

index 0d8abad..b4fbfbc 100644 (file)
@@ -154,7 +154,8 @@ AllocatePagesFromList (
     return Status;\r
   }\r
 \r
-  Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC);\r
+  Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages),\r
+                  EFI_MEMORY_WC | EFI_MEMORY_XP);\r
   if (EFI_ERROR (Status)) {\r
     gBS->FreePages (Memory, Pages);\r
     return Status;\r