From e7b24ec9785d206f1d3faf8f646e63a1b540d6a5 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Tue, 28 Feb 2017 12:13:12 +0000
Subject: [PATCH] ArmPkg/UncachedMemoryAllocationLib: map uncached allocations
 non-executable

The primary use case for UncachedMemoryAllocationLib is non-coherent DMA,
which implies that such regions are not used to fetch instructions from.

So let's map them as non-executable, to avoid creating a security hole
when the rest of the platform may be enforcing strict memory permissions
on ordinary allocations.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
---
 .../UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
index 0d8abad234..b4fbfbcb36 100644
--- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
+++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
@@ -154,7 +154,8 @@ AllocatePagesFromList (
     return Status;
   }
 
-  Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC);
+  Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages),
+                  EFI_MEMORY_WC | EFI_MEMORY_XP);
   if (EFI_ERROR (Status)) {
     gBS->FreePages (Memory, Pages);
     return Status;
-- 
2.39.2