ArmVirtPkg/HighMemDxe: preserve non-exec permissions on newly added regions
Using DxeServices::SetMemorySpaceAttributes to set cacheability attributes has the side effect of stripping permission attributes, given that those are bits in the same bitfield, and so setting the Attributes argument to EFI_MEMORY_WB implies not setting EFI_MEMORY_XP or EFI_MEMORY_RO attributes. In fact, the situation is even worse, given that the descriptor returned by DxeServices::GetMemorySpaceDescriptor does not reflect the permission attributes that may have been set by the preceding call to DxeServices::AddMemorySpace if PcdDxeNxMemoryProtectionPolicy has been configured to map EfiConventionalMemory with non-executable permissions. Note that this applies equally to the non-executable stack and to PE/COFF sections that may have been mapped with R-X or RW- permissions. This is due to the ambiguity in the meaning of the EFI_MEMORY_RO/EFI_MEMORY_XP attributes when used in the GCD memory map, i.e., between signifying that an underlying RAM region has the controls to be configured as read-only or non-executable, and signifying that the contents of a certain UEFI memory region allow them to be mapped with certain restricted permissions. So let's check the policy in PcdDxeNxMemoryProtectionPolicy directly, and set the EFI_MEMORY_XP attribute if appropriate for EfiConventionalMemory regions. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by:Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by:
Laszlo Ersek <lersek@redhat.com>
Loading
Please register or sign in to comment