On Tue, Feb 28, 2017 at 12:13:12PM +0000, Ard Biesheuvel wrote:
> The primary use case for UncachedMemoryAllocationLib is non-coherent DMA,
> which implies that such regions are not used to fetch instructions from.
>
> So let's map them as non-executable, to avoid creating a security hole
> when the rest of the platform may be enforcing strict memory permissions
> on ordinary allocations.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindh...@linaro.org>
> ---
> ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c | 3
> ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git
> a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
> b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
> index 0d8abad23433..b4fbfbcb362b 100644
> --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
> +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
> @@ -154,7 +154,8 @@ AllocatePagesFromList (
> return Status;
> }
>
> - Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages),
> EFI_MEMORY_WC);
> + Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages),
> + EFI_MEMORY_WC | EFI_MEMORY_XP);
> if (EFI_ERROR (Status)) {
> gBS->FreePages (Memory, Pages);
> return Status;
> --
> 2.7.4
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
