From 97bd7efa6675a04a37c3bfcd4f8c12959e59de88 Mon Sep 17 00:00:00 2001 From: Oliver Smith-Denny Date: Wed, 3 Jul 2024 14:39:16 -0700 Subject: [PATCH] EmbeddedPkg: Mark DMA Memory Allocations XP By Default When allocating memory for a non-coherent DMA device, the current core code removes the XP attribute, allowing code to execute from that region. This is a security vulnerability and unneeded. This change updates to mark the region as XP when allocating memory for the non-coherent DMA device. These allocations in this function are limited to `EfiBootServicesData` and `EfiRuntimeServicesData`, which we expect to be XP. --- EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c index e193352fbe..e587cb5ec9 100644 --- a/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c +++ b/EmbeddedPkg/Library/NonCoherentDmaLib/NonCoherentDmaLib.c @@ -557,7 +557,7 @@ DmaAllocateAlignedBuffer ( Status = gDS->SetMemorySpaceAttributes ( (PHYSICAL_ADDRESS)(UINTN)Allocation, EFI_PAGES_TO_SIZE (Pages), - MemType + MemType | EFI_MEMORY_XP // MU_CHANGE: Allocate DMA memory XP by default ); if (EFI_ERROR (Status)) { goto FreeAlloc;