On Tue, Dec 06, 2016 at 07:42:17PM +0000, Ard Biesheuvel wrote:
Map the DXE stack as non-executable, to prevent stack buffer overflows from being exploitable.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
Any particular reason you're only doing this for the Styx platforms?
Anyway: Signed-off-by: Leif Lindholm leif.lindholm@linaro.org
Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc | 3 +++ Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc | 3 +++ Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc | 3 +++ 3 files changed, 9 insertions(+)
diff --git a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc index f833fe200422..0f299c388d00 100644 --- a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc +++ b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc @@ -439,6 +439,9 @@ DEFINE DO_KCS = 0 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000
- # map the stack as non-executable when entering the DXE phase
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
[PcdsPatchableInModule] # PCIe Configuration: x4x2x2 gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2 diff --git a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc index 107205386c55..0d630fba1ca9 100644 --- a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc +++ b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc @@ -461,6 +461,9 @@ DEFINE DO_KCS = 1 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000
- # map the stack as non-executable when entering the DXE phase
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
[PcdsPatchableInModule] # PCIe Configuration: x4x2x2 (=2 See Include/FDKGionb.h) gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2 diff --git a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc index 92721064a51f..944cee3d8536 100644 --- a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc +++ b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc @@ -458,6 +458,9 @@ DEFINE DO_KCS = 1 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000
- # map the stack as non-executable when entering the DXE phase
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
!if $(DO_XGBE) gAmdModulePkgTokenSpaceGuid.PcdXgbeEnable|TRUE -- 2.7.4