summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-02-28 12:13:12 +0000
committerArd Biesheuvel <ard.biesheuvel@linaro.org>2017-03-08 09:50:18 +0100
commite7b24ec9785d206f1d3faf8f646e63a1b540d6a5 (patch)
tree75fbabac098a5272c9f1e02cd4f786473fe11b41
parent25549bda46c581271a303840fb266539c00ede71 (diff)
downloadedk2-platforms-e7b24ec9785d206f1d3faf8f646e63a1b540d6a5.tar.xz
ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable
The primary use case for UncachedMemoryAllocationLib is non-coherent DMA, which implies that such regions are not used to fetch instructions from. So let's map them as non-executable, to avoid creating a security hole when the rest of the platform may be enforcing strict memory permissions on ordinary allocations. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
-rw-r--r--ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
index 0d8abad234..b4fbfbcb36 100644
--- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
+++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c
@@ -154,7 +154,8 @@ AllocatePagesFromList (
return Status;
}
- Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC);
+ Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages),
+ EFI_MEMORY_WC | EFI_MEMORY_XP);
if (EFI_ERROR (Status)) {
gBS->FreePages (Memory, Pages);
return Status;