diff options
| author | Oliver Smith-Denny <osde@microsoft.com> | 2024-07-03 14:39:16 -0700 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-07-22 21:44:47 +0000 |
| commit | 8984fba2f22a2cd44e1189403e3553f447b82852 (patch) | |
| tree | b40172d9056500d366a911a10101a28154ace46f /EmbeddedPkg | |
| parent | 469f29fe7647c6dc8975a3c03ea7e181270d44d3 (diff) | |
| download | edk2-8984fba2f22a2cd44e1189403e3553f447b82852.tar.gz | |
EmbeddedPkg: Mark DMA Memory Allocations XP By Default
When allocating memory for a non-coherent DMA device, the current core
code removes the XP attribute, allowing code to execute from that
region. This is a security vulnerability and unneeded. This change
updates to mark the region as XP when allocating memory for the
non-coherent DMA device.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Diffstat (limited to 'EmbeddedPkg')
| -rw-r--r-- | EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c index e193352fbe..0a21d72290 100644 --- a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c +++ b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c @@ -553,11 +553,11 @@ DmaAllocateAlignedBuffer ( InsertHeadList (&UncachedAllocationList, &Alloc->Link);
- // Remap the region with the new attributes
+ // Remap the region with the new attributes and mark it non-executable
Status = gDS->SetMemorySpaceAttributes (
(PHYSICAL_ADDRESS)(UINTN)Allocation,
EFI_PAGES_TO_SIZE (Pages),
- MemType
+ MemType | EFI_MEMORY_XP
);
if (EFI_ERROR (Status)) {
goto FreeAlloc;
|