EmbeddedPkg: Mark DMA Memory Allocations XP By Default

When allocating memory for a non-coherent DMA device, the current core code removes the XP attribute, allowing code to execute from that region. This is a security vulnerability and unneeded. This change updates to mark the region as XP when allocating memory for the non-coherent DMA device. These allocations in this function are limited to `EfiBootServicesData` and `EfiRuntimeServicesData`, which we expect to be XP.
microsoft · Jul 3, 2024 · 97bd7ef · 97bd7ef
1 parent 7879110
commit 97bd7ef
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c
@@ -557,7 +557,7 @@ DmaAllocateAlignedBuffer (
   Status = gDS->SetMemorySpaceAttributes (
                   (PHYSICAL_ADDRESS)(UINTN)Allocation,
                   EFI_PAGES_TO_SIZE (Pages),
-                  MemType
+                  MemType | EFI_MEMORY_XP // MU_CHANGE: Allocate DMA memory XP by default
                   );
   if (EFI_ERROR (Status)) {
     goto FreeAlloc;