From: Ard Biesheuvel Date: Tue, 28 Feb 2017 12:13:12 +0000 (+0000) Subject: ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable X-Git-Tag: edk2-stable201903~4446 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=e7b24ec9785d206f1d3faf8f646e63a1b540d6a5 ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable The primary use case for UncachedMemoryAllocationLib is non-coherent DMA, which implies that such regions are not used to fetch instructions from. So let's map them as non-executable, to avoid creating a security hole when the rest of the platform may be enforcing strict memory permissions on ordinary allocations. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c index 0d8abad234..b4fbfbcb36 100644 --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c @@ -154,7 +154,8 @@ AllocatePagesFromList ( return Status; } - Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC); + Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), + EFI_MEMORY_WC | EFI_MEMORY_XP); if (EFI_ERROR (Status)) { gBS->FreePages (Memory, Pages); return Status;