From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8E8B381F45 for ; Tue, 28 Feb 2017 04:13:25 -0800 (PST) Received: by mail-wm0-x22f.google.com with SMTP id u199so10120618wmd.1 for ; Tue, 28 Feb 2017 04:13:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2PJeDJx/oCwuAczTf8dB+hbItlKbISDKQs+mTTJxprI=; b=RvgmQHSzBXxKNiOL+Mp+QdLP6un7QQbWgMmbJXFeXnA3uExeXPyxW2Of5Yd4jBIkff MTxR2gRCic15/0bZn8iIXqF9lKqSaKeslB0En5GjEODK+trPUtt/w8KI/pQ0RpcOEVg5 Y9vKfLxdmaTZWExO/2C4n8Wzt31I9HhpocAC0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2PJeDJx/oCwuAczTf8dB+hbItlKbISDKQs+mTTJxprI=; b=MXxo5ft7WgXpd9HSOFyyvUkOav4Oe5SnVAA/ZCMBeHE58fQuSO6N3anTEmhBCJxtcf dzsvYts6CKN5eMCig+rTkysmd0yJQGQOQfC8XcZTMokBe3PWz66bAwAzjDMyT/imvVvu RiyLKkiV2n0rbIRIZdCKGmOFhqfDVq5SP347CZRq3wG6e/q/mXaVUSOaYI1+EiWJNxqL UJ8vFVy9GxbssPvAR2iLDzzmugKLJ4h8whrrNlYN0nO2vMzTEwdhFi8HeQAK3jwgkCmk kiaIxB4ikQPoRvFuPFoNJMRzFyu95NWVx81o6pc0Ezevw1uskXxjk7NzXGG+5bzCY07W sCFw== X-Gm-Message-State: AMke39moznQdndGA/6NKulEpNHbTmF8Cl/CdJRXILYPS2ljSfhn9uu5ubOOwx1fWMf/VnWsv X-Received: by 10.28.97.194 with SMTP id v185mr2164037wmb.117.1488284004136; Tue, 28 Feb 2017 04:13:24 -0800 (PST) Received: from localhost.localdomain ([105.149.201.216]) by smtp.gmail.com with ESMTPSA id x193sm2403690wme.23.2017.02.28.04.13.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 28 Feb 2017 04:13:23 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org Cc: Ard Biesheuvel Date: Tue, 28 Feb 2017 12:13:12 +0000 Message-Id: <1488283992-32104-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488283992-32104-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488283992-32104-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [PATCH 3/3] ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2017 12:13:26 -0000 The primary use case for UncachedMemoryAllocationLib is non-coherent DMA, which implies that such regions are not used to fetch instructions from. So let's map them as non-executable, to avoid creating a security hole when the rest of the platform may be enforcing strict memory permissions on ordinary allocations. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c index 0d8abad23433..b4fbfbcb362b 100644 --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c @@ -154,7 +154,8 @@ AllocatePagesFromList ( return Status; } - Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), EFI_MEMORY_WC); + Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), + EFI_MEMORY_WC | EFI_MEMORY_XP); if (EFI_ERROR (Status)) { gBS->FreePages (Memory, Pages); return Status; -- 2.7.4