On 7 December 2016 at 09:00, Ard Biesheuvel ard.biesheuvel@linaro.org wrote:
On 7 December 2016 at 08:54, Leif Lindholm leif.lindholm@linaro.org wrote:
On Tue, Dec 06, 2016 at 07:42:17PM +0000, Ard Biesheuvel wrote:
Map the DXE stack as non-executable, to prevent stack buffer overflows from being exploitable.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
Any particular reason you're only doing this for the Styx platforms?
Those are the only ones I can test
To elaborate: mapping the stack as executable involves the MMU page table splitting code, which could trigger subtle issues involving TLB conflicts. Of course, we'd like to know about those asap, but blindly enabling it for all platforms seems risky.