From 8984fba2f22a2cd44e1189403e3553f447b82852 Mon Sep 17 00:00:00 2001 From: Oliver Smith-Denny Date: Wed, 3 Jul 2024 14:39:16 -0700 Subject: [PATCH] EmbeddedPkg: Mark DMA Memory Allocations XP By Default When allocating memory for a non-coherent DMA device, the current core code removes the XP attribute, allowing code to execute from that region. This is a security vulnerability and unneeded. This change updates to mark the region as XP when allocating memory for the non-coherent DMA device. Signed-off-by: Oliver Smith-Denny --- EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c index e193352fbe..0a21d72290 100644 --- a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c +++ b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c @@ -553,11 +553,11 @@ DmaAllocateAlignedBuffer ( InsertHeadList (&UncachedAllocationList, &Alloc->Link); - // Remap the region with the new attributes + // Remap the region with the new attributes and mark it non-executable Status = gDS->SetMemorySpaceAttributes ( (PHYSICAL_ADDRESS)(UINTN)Allocation, EFI_PAGES_TO_SIZE (Pages), - MemType + MemType | EFI_MEMORY_XP ); if (EFI_ERROR (Status)) { goto FreeAlloc;