edk2
edk2 copied to clipboard
tianocore
MdeModulePkg NonDiscoverablePciDeviceIo: MMIO Memory XP By Default
Description
When allocating memory for a non-discoverable PCI device's IO, the current core code removes the XP attribute, allowing code to execute from that region. This is a security vulnerability and unneeded. This change updates to mark the region as XP when allocating memory for the non-discoverable PCI device.
These allocations in this function are limited to EfiBootServicesData and EfiRuntimeServicesData, which we expect to be XP.
- [ ] Breaking change?
- Breaking change - Does this PR cause a break in build or boot behavior?
- Examples: Does it add a new library class or move a module to a different repo.
- [ ] Impacts security?
- Security - Does this PR have a direct security impact?
- Examples: Crypto algorithm change or buffer overflow fix.
- [ ] Includes tests?
- Tests - Does this PR include any explicit test code?
- Examples: Unit tests or integration tests.
How This Was Tested
Tested on QEMU and a physical platform.
Integration Instructions
N/A
I agree this change is correct. Do you find any impact on the real platform?
@os-d pointed out that this needs another changed, based on #5944 and the fix up in #5999.
On a real platform, there is no visible changes aside from the generated Paging Audit Report looking better because there are less regions with RWX.
To add to @apop5's statement, there is an impact on physical systems with this change, the MMIO allocated by this driver is not mapped executable any longer which fixes a security risk. Prior to this change, the MMIO regions allocated here would overwrite the attributes and make the region RWX.
