mu_basecore icon indicating copy to clipboard operation
mu_basecore copied to clipboard

Published 20 hours ago verified publisher icon microsoft

[Rebase & FF] 202405: MdeModulePkg NonDiscoverablePciDeviceIo: Mark NonDiscoverablePciDeviceIo Memory XP by default

Open apop5 opened this issue 1 year ago • 1 comments

Description

When allocating memory for a non-discoverable PCI device's IO, the current core code removes the XP attribute, allowing code to execute from that region. This is a security vulnerability and unneeded. This change updates to mark the region as XP when allocating memory for the non-discoverable PCI device.

These allocations in this function are limited to EfiBootServicesData and EfiRuntimeServicesData, which we expect to be XP.

Cherry-Pick the following commits:

dabc5022d0

  • [x] Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • [ ] Impacts security?
    • Security - Does the change have a direct security impact on an application, flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
  • [ ] Breaking change?
    • Breaking change - Will anyone consuming this change experience a break in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ...
  • [ ] Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • [ ] Includes documentation?
    • Documentation - Does the change contain explicit documentation additions outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ...

How This Was Tested

Tested on QEMU and a physical platform.

Integration Instructions

N/A.

apop5 avatar Jun 24 '24 15:06 apop5

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Please upload report for BASE (release/202405@58969d9). Learn more about missing BASE report.

Additional details and impacted files 
@@                Coverage Diff                @@
##             release/202405     #938   +/-   ##
=================================================
  Coverage                  ?    0.20%           
=================================================
  Files                     ?      628           
  Lines                     ?   218353           
  Branches                  ?      326           
=================================================
  Hits                      ?      448           
  Misses                    ?   217896           
  Partials                  ?        9
Flag Coverage Δ
MdeModulePkg 0.20% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar Jun 24 '24 15:06 codecov-commenter