8 Dec
2016
8 Dec
'16
4:23 p.m.
On Thu, Dec 08, 2016 at 09:30:26AM +0000, Ard Biesheuvel wrote:
Map the DXE stack as non-executable, to prevent stack buffer overflows from being exploitable.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
Any particular reason you're only doing this for the Styx platforms?
Those are the only ones I can test
To elaborate: mapping the stack as executable involves the MMU page table splitting code, which could trigger subtle issues involving TLB conflicts. Of course, we'd like to know about those asap, but blindly enabling it for all platforms seems risky.
Sure - but I guess something we would like to progressively migrate towards?
/ Leif