From nobody Thu May 16 18:17:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106348+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106348+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1687768614; cv=none; d=zohomail.com; s=zohoarc; b=aEEX4Wx+MeS3NK+ZyMiF3gK/nkZAKl5tyzJozaG/JTFBr9RXfCOYwQUjiCEv7GNVlqoppRM2ni1V8yQbv2ySSjVkvnpiE7Vv3kwz2tWYp/TTAHQiGa/n15TO6gpOt7+9vLz3dzs26Z+WeDE3L5jkyfMEbckM4C+1DIt4HR/CW2Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1687768614; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=0ru8OZHjwq8SAMy3WdpR74g7FnrQ9kL1bHc0nQix1ls=; b=GA2IIrM4yBTKWvoLINjzY5670J/+efZw+CpRs3o/rFdy2DONevRje+5zFPl7DzCRh1E4ogbprrRhjBoiplGGYjm/4//PqAFLmBXFIKgYimvUPDilfqkzCMWGzS6WSC4g70FR6Nn4QqsMWlHkeSGVb2UxVG48QS6c6dR+W405TYQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106348+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1687768614160798.2691619264037; Mon, 26 Jun 2023 01:36:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id E2IzYY1788612xUwcVLNldqg; Mon, 26 Jun 2023 01:36:53 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.3283.1687768613304359391 for ; Mon, 26 Jun 2023 01:36:53 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D5C7060D24; Mon, 26 Jun 2023 08:36:52 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3F8FAC433C8; Mon, 26 Jun 2023 08:36:51 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Sami Mujawar , Leif Lindholm Subject: [edk2-devel] [PATCH 1/3] StandaloneMmPkg: Include correct MmuLib header Date: Mon, 26 Jun 2023 10:36:42 +0200 Message-Id: <20230626083644.1011698-2-ardb@kernel.org> In-Reply-To: <20230626083644.1011698-1-ardb@kernel.org> References: <20230626083644.1011698-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: TH3vhuAGI68L7SVRjWdyW0DRx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1687768613; bh=07n26qXjhtonZhk83cx2GCOiye3CmMYLu7OkQ9ZyJVU=; h=Cc:Date:From:Reply-To:Subject:To; b=jtNIVIYP4Dvmdrc8QeRoaMpRZ0e9TPbooU0D4Fhjg/2syBKfYocUeBWTNwp5szeeqwQ uVkS4sFRak1BhLUt5WRmq0ngiEvgKIfhbt31GGDCJpeoZTz6G//1n94K1h9uON+5xnsgJ ufInshzvYRlwi+bPhcMFL/S5do68yXb7hH0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1687768614721100002 Content-Type: text/plain; charset="utf-8" StandaloneMm has its own version of the ArmMmuLib library class, but includes the ArmMmuLib header. This happens to work because the prototypes that are referenced are the same, but this will no longer be the case after a future patch. So correct the #includes. Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCoreEnt= ryPoint.c | 2 +- StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/AArch64/Standalon= eMmPeCoffExtraActionLib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/Standal= oneMmCoreEntryPoint.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/= Arm/StandaloneMmCoreEntryPoint.c index e78b2acacb5873cd..96de10405af829c6 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCo= reEntryPoint.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCo= reEntryPoint.c @@ -15,13 +15,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include =20 -#include #include #include #include #include #include #include +#include #include =20 #include diff --git a/StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/AArch= 64/StandaloneMmPeCoffExtraActionLib.c b/StandaloneMmPkg/Library/StandaloneM= mPeCoffExtraActionLib/AArch64/StandaloneMmPeCoffExtraActionLib.c index 492252843e12ff69..7a5bb412d0d2d789 100644 --- a/StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/AArch64/Stan= daloneMmPeCoffExtraActionLib.c +++ b/StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/AArch64/Stan= daloneMmPeCoffExtraActionLib.c @@ -10,13 +10,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include =20 -#include #include #include #include #include #include #include +#include =20 typedef RETURN_STATUS (*REGION_PERMISSION_UPDATE_FUNC) ( IN EFI_PHYSICAL_ADDRESS BaseAddress, --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106348): https://edk2.groups.io/g/devel/message/106348 Mute This Topic: https://groups.io/mt/99783773/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 18:17:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106349+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106349+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1687768615; cv=none; d=zohomail.com; s=zohoarc; b=euoa45UdhjqDieycVlD61GVki2oHahqJ3cvZdqGdvjnFT66A7qfjzTdVB+o5/LB7+BU2n2sA3kbCfrnCe9M8nmzZHQtD6oSMRxb7isij0Xpy+CSnNEDGguWJtiOqA1UlqKtwU9RAdgSPafNCjq6nidE71O/VZR7zGWpraPEc4KI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1687768615; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=z4k33P5Um+zHhSdqgg88SbaYbYsolY8RN2FFHQ1Hz+8=; b=K7HcMG6qApBeoKES3jxzPB68MJWnsJZyK8lJEaSLJLKWLAovBAZDwq+iDXXm8SiqdcjNg24IN8zmIp3YayoD62Or9jkKqTwQiwhQw70xt+7oK+e19PdTukakfZR1OWG8MA7trQwx6Qy0cggbRNEBSeZqAz2sEGBvOpuYUB32GEU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106349+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1687768615986630.3991401327845; Mon, 26 Jun 2023 01:36:55 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mMqsYY1788612xtwOoXKLaZH; Mon, 26 Jun 2023 01:36:55 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.3284.1687768614910079058 for ; Mon, 26 Jun 2023 01:36:55 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5E1F560D2E; Mon, 26 Jun 2023 08:36:54 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id B882BC433C9; Mon, 26 Jun 2023 08:36:52 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Sami Mujawar , Leif Lindholm Subject: [edk2-devel] [PATCH 2/3] ArmPkg: Drop individual memory permission helpers Date: Mon, 26 Jun 2023 10:36:43 +0200 Message-Id: <20230626083644.1011698-3-ardb@kernel.org> In-Reply-To: <20230626083644.1011698-1-ardb@kernel.org> References: <20230626083644.1011698-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: 2ixOtUze5yAnkfm39ZFLyT0Ox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1687768615; bh=ykoqrh+EhvE/nZFc/BHgX+GjFG+EelOX1GmLtXX++YA=; h=Cc:Date:From:Reply-To:Subject:To; b=HCLZjbLCV0mrkHrTiJH1eXGH+GTiAT9gw79Mjh1ECWTJtUycDlDyzzD27wZ9jxjPKmH fOOw9RfYOKImicJ+8O5fQjIylqtl9H88kMlNMQiuK4/Zvt3Cf7zGW6bSqSpLS/y5e7C9C bkX2nb/oHVxWPy3OpxNg0msuEqQr4v670c0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1687768617326100009 Content-Type: text/plain; charset="utf-8" Now that we have a sane API to set and clear memory permissions that works the same on ARM and AArch64, we no longer have a need for the individual set/clear no-access/read-only/no-exec helpers so let's drop them. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 6 +- ArmPkg/Include/Library/ArmMmuLib.h | 62 --------- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 136 -------------------- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 104 --------------- 4 files changed, 4 insertions(+), 304 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c index f820f3f621891365..fc63e527846acba9 100644 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c @@ -288,9 +288,11 @@ RemapUnusedMemoryNx ( MemoryMapEnd =3D (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + Memory= MapSize); while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) { if (MemoryMapEntry->Type =3D=3D EfiConventionalMemory) { - ArmSetMemoryRegionNoExec ( + ArmSetMemoryAttributes ( MemoryMapEntry->PhysicalStart, - EFI_PAGES_TO_SIZE (MemoryMapEntry->NumberOfPages) + EFI_PAGES_TO_SIZE (MemoryMapEntry->NumberOfPages), + EFI_MEMORY_XP, + EFI_MEMORY_XP ); } =20 diff --git a/ArmPkg/Include/Library/ArmMmuLib.h b/ArmPkg/Include/Library/Ar= mMmuLib.h index 91d112314fdf4859..2ce948e8db1d34e5 100644 --- a/ArmPkg/Include/Library/ArmMmuLib.h +++ b/ArmPkg/Include/Library/ArmMmuLib.h @@ -21,68 +21,6 @@ ArmConfigureMmu ( OUT UINTN *TranslationTableSize OPTIONAL ); =20 -/** - Convert a region of memory to read-protected, by clearing the access fla= g. - - @param BaseAddress The start of the region. - @param Length The size of the region. - - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. - -**/ -EFI_STATUS -EFIAPI -ArmSetMemoryRegionNoAccess ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ); - -/** - Convert a region of memory to read-enabled, by setting the access flag. - - @param BaseAddress The start of the region. - @param Length The size of the region. - - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. - -**/ -EFI_STATUS -EFIAPI -ArmClearMemoryRegionNoAccess ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ); - -EFI_STATUS -EFIAPI -ArmSetMemoryRegionNoExec ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ); - -EFI_STATUS -EFIAPI -ArmClearMemoryRegionNoExec ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ); - -EFI_STATUS -EFIAPI -ArmSetMemoryRegionReadOnly ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ); - -EFI_STATUS -EFIAPI -ArmClearMemoryRegionReadOnly ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ); - VOID EFIAPI ArmReplaceLiveTranslationEntry ( diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 22623572b9cb931c..1e57e589977e6c39 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -552,142 +552,6 @@ ArmSetMemoryAttributes ( ); } =20 -STATIC -EFI_STATUS -SetMemoryRegionAttribute ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length, - IN UINT64 Attributes, - IN UINT64 BlockEntryMask - ) -{ - return UpdateRegionMapping ( - BaseAddress, - Length, - Attributes, - BlockEntryMask, - ArmGetTTBR0BaseAddress (), - TRUE - ); -} - -EFI_STATUS -ArmSetMemoryRegionNoExec ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - UINT64 Val; - - if (ArmReadCurrentEL () =3D=3D AARCH64_EL1) { - Val =3D TT_PXN_MASK | TT_UXN_MASK; - } else { - Val =3D TT_XN_MASK; - } - - return SetMemoryRegionAttribute ( - BaseAddress, - Length, - Val, - ~TT_ADDRESS_MASK_BLOCK_ENTRY - ); -} - -EFI_STATUS -ArmClearMemoryRegionNoExec ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - UINT64 Mask; - - // XN maps to UXN in the EL1&0 translation regime - Mask =3D ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_PXN_MASK | TT_XN_MASK); - - return SetMemoryRegionAttribute ( - BaseAddress, - Length, - 0, - Mask - ); -} - -/** - Convert a region of memory to read-protected, by clearing the access fla= g. - - @param BaseAddress The start of the region. - @param Length The size of the region. - - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. - -**/ -EFI_STATUS -ArmSetMemoryRegionNoAccess ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryRegionAttribute ( - BaseAddress, - Length, - 0, - ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AF) - ); -} - -/** - Convert a region of memory to read-enabled, by setting the access flag. - - @param BaseAddress The start of the region. - @param Length The size of the region. - - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. - -**/ -EFI_STATUS -ArmClearMemoryRegionNoAccess ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryRegionAttribute ( - BaseAddress, - Length, - TT_AF, - ~TT_ADDRESS_MASK_BLOCK_ENTRY - ); -} - -EFI_STATUS -ArmSetMemoryRegionReadOnly ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryRegionAttribute ( - BaseAddress, - Length, - TT_AP_NO_RO, - ~TT_ADDRESS_MASK_BLOCK_ENTRY - ); -} - -EFI_STATUS -ArmClearMemoryRegionReadOnly ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryRegionAttribute ( - BaseAddress, - Length, - TT_AP_NO_RW, - ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK) - ); -} - EFI_STATUS EFIAPI ArmConfigureMmu ( diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 61405965a73eaeb8..548ee1303870782a 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -544,107 +544,3 @@ ArmSetMemoryAttributes ( TtEntryMask ); } - -EFI_STATUS -ArmSetMemoryRegionNoExec ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryAttributes ( - BaseAddress, - Length, - EFI_MEMORY_XP, - TT_DESCRIPTOR_SECTION_XN_MASK - ); -} - -EFI_STATUS -ArmClearMemoryRegionNoExec ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryAttributes ( - BaseAddress, - Length, - 0, - TT_DESCRIPTOR_SECTION_XN_MASK - ); -} - -EFI_STATUS -ArmSetMemoryRegionReadOnly ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryAttributes ( - BaseAddress, - Length, - EFI_MEMORY_RO, - TT_DESCRIPTOR_SECTION_AP_MASK - ); -} - -EFI_STATUS -ArmClearMemoryRegionReadOnly ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryAttributes ( - BaseAddress, - Length, - 0, - TT_DESCRIPTOR_SECTION_AP_MASK - ); -} - -/** - Convert a region of memory to read-protected, by clearing the access fla= g. - - @param BaseAddress The start of the region. - @param Length The size of the region. - - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. - -**/ -EFI_STATUS -ArmSetMemoryRegionNoAccess ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryAttributes ( - BaseAddress, - Length, - EFI_MEMORY_RP, - TT_DESCRIPTOR_SECTION_AF - ); -} - -/** - Convert a region of memory to read-enabled, by setting the access flag. - - @param BaseAddress The start of the region. - @param Length The size of the region. - - @retval EFI_SUCCESS The attributes were set successfully. - @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. - -**/ -EFI_STATUS -ArmClearMemoryRegionNoAccess ( - IN EFI_PHYSICAL_ADDRESS BaseAddress, - IN UINT64 Length - ) -{ - return SetMemoryAttributes ( - BaseAddress, - Length, - 0, - TT_DESCRIPTOR_SECTION_AF - ); -} --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106349): https://edk2.groups.io/g/devel/message/106349 Mute This Topic: https://groups.io/mt/99783774/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 18:17:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106350+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106350+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1687768617; cv=none; d=zohomail.com; s=zohoarc; b=ZPYZAJ9AIOad7qqbt7YoSw0y0U6XC5j1wG4CETnlbQQf1Pcs0ixgSqhmIQcjGYuoWzdDiG37o5tasVMnDAE6/TYpVa8BZYI4ISVpNmrxZBqR2Kn/GghvNqD3cLhzuJsyn0U17MBAE4JsTshmYmiX66XSGZs16xbJDkBTuWAUqsM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1687768617; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=PMn2APq0RtW02UrO7c0WmsRUSgArP5Ws/rxHDZt1vy4=; b=mVxP5ua0nOnEGv6K7YdLEkprAjUJurVI9BYhJYYzJyFqvdGGikUIxpzAeQxi0DDJt+tZeimpUChpb+WWZ+6ZGcmkEArggDCFpf43t7re3NSVbQFFdoTCEwgM/zzs31EHqlD8XuHBperhtuKULP3BTzt/etCUOK0d9annM9W4cOA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106350+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16877686171618.212123543203234; Mon, 26 Jun 2023 01:36:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id DaqDYY1788612xps5H3Flxyn; Mon, 26 Jun 2023 01:36:56 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.3285.1687768616323683607 for ; Mon, 26 Jun 2023 01:36:56 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D4C6560D30; Mon, 26 Jun 2023 08:36:55 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B9CFC433CC; Mon, 26 Jun 2023 08:36:54 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Sami Mujawar , Leif Lindholm Subject: [edk2-devel] [PATCH 3/3] ArmPkg/OpteeLib: Map shared communication buffer non-executable Date: Mon, 26 Jun 2023 10:36:44 +0200 Message-Id: <20230626083644.1011698-4-ardb@kernel.org> In-Reply-To: <20230626083644.1011698-1-ardb@kernel.org> References: <20230626083644.1011698-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: aHipGIHAtGqgO3uqXpPbiss1x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1687768616; bh=mMnBArCZmoWE1SIuGNd/4TPos04LlpWv3k+WjuNBI+s=; h=Cc:Date:From:Reply-To:Subject:To; b=Pz8sS6u6kDqFC13VEPHEchc5R1D8zfpQpSM4AlK8cr0a66t7mqATFBkPg3l5CuGnyYi RwHwa5Ff7KRdSiBLq7UlMkItABEBMRKHUgzvfrPi4iQ5eqsgCnzdEh756/tGAxbo4rMFP /KeAnPTQAaqYPY1ZHCrX/xiFIi8jWkSN0cg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1687768618700100013 Content-Type: text/plain; charset="utf-8" The OP-TEE secure OS exposes a non-secure memory region for communication between the secure OS itself and any clients in the non-secure firmware. This memory is writable by non-secure and is not used for code only data, and so it should be mapped non-executable. Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm --- ArmPkg/Library/OpteeLib/Optee.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Opte= e.c index 46464f17ef06653e..3acf172b68a2d34c 100644 --- a/ArmPkg/Library/OpteeLib/Optee.c +++ b/ArmPkg/Library/OpteeLib/Optee.c @@ -86,7 +86,12 @@ OpteeSharedMemoryRemap ( return EFI_BUFFER_TOO_SMALL; } =20 - Status =3D ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB,= 0); + Status =3D ArmSetMemoryAttributes ( + PhysicalAddress, + Size, + EFI_MEMORY_WB | EFI_MEMORY_XP, + 0 + ); if (EFI_ERROR (Status)) { return Status; } --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106350): https://edk2.groups.io/g/devel/message/106350 Mute This Topic: https://groups.io/mt/99783775/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-