| Message ID | 1488283992-32104-3-git-send-email-ard.biesheuvel@linaro.org |
|---|---|
| State | Accepted |
| Commit | e7b24ec9785d206f1d3faf8f646e63a1b540d6a5 |
| Headers | show |
| Series | [edk2,1/3] ArmPkg/UncachedMemoryAllocationLib: restore mapping attributes after free | expand |
On Tue, Feb 28, 2017 at 12:13:12PM +0000, Ard Biesheuvel wrote: > The primary use case for UncachedMemoryAllocationLib is non-coherent DMA, > which implies that such regions are not used to fetch instructions from. > > So let's map them as non-executable, to avoid creating a security hole > when the rest of the platform may be enforcing strict memory permissions > on ordinary allocations. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> > --- > ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c > index 0d8abad23433..b4fbfbcb362b 100644 > --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c > +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c > @@ -154,7 +154,8 @@ AllocatePagesFromList ( > return Status; > } > > - Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC); > + Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), > + EFI_MEMORY_WC | EFI_MEMORY_XP); > if (EFI_ERROR (Status)) { > gBS->FreePages (Memory, Pages); > return Status; > -- > 2.7.4 > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c index 0d8abad23433..b4fbfbcb362b 100644 --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c @@ -154,7 +154,8 @@ AllocatePagesFromList ( return Status; } - Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC); + Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), + EFI_MEMORY_WC | EFI_MEMORY_XP); if (EFI_ERROR (Status)) { gBS->FreePages (Memory, Pages); return Status;
The primary use case for UncachedMemoryAllocationLib is non-coherent DMA, which implies that such regions are not used to fetch instructions from. So let's map them as non-executable, to avoid creating a security hole when the rest of the platform may be enforcing strict memory permissions on ordinary allocations. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel