From nobody Fri Nov 1 03:32:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152295172826331.873842088217316; Thu, 5 Apr 2018 11:08:48 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2D7B62268525C; Thu, 5 Apr 2018 11:08:16 -0700 (PDT) Received: from cam-smtp0.cambridge.arm.com (fw-tnat.cambridge.arm.com [217.140.96.140]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3A1A6226C7C4A for ; Thu, 5 Apr 2018 11:08:12 -0700 (PDT) Received: from E107875.Emea.Arm.com (e107875.emea.arm.com [10.10.1.104]) by cam-smtp0.cambridge.arm.com (8.13.8/8.13.8) with ESMTP id w35I88qq027787; Thu, 5 Apr 2018 19:08:10 +0100 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=217.140.96.140; helo=cam-smtp0.cambridge.arm.com; envelope-from=girish.pathak@arm.com; receiver=edk2-devel@lists.01.org From: Girish Pathak To: edk2-devel@lists.01.org Date: Thu, 5 Apr 2018 19:08:00 +0100 Message-Id: <20180405180803.33684-15-girish.pathak@arm.com> X-Mailer: git-send-email 2.13.3.windows.1 In-Reply-To: <20180405180803.33684-1-girish.pathak@arm.com> References: <20180405180803.33684-1-girish.pathak@arm.com> Subject: [edk2] [PATCH edk2-platforms v4 14/17] ARM/VExpressPkg: Set EFI_MEMORY_XP flag on GOP framebuffer X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nd@arm.com, ard.biesheuvel@linaro.org, leif.lindholm@linaro.org, Stephanie.Hughes-Fitt@arm.com, Arvind.Chauhan@arm.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The framebuffer memory is set with flag EFI_MEMORY_WC (uncached, unbuffered) which causes framebuffer memory with eXecute bit set. Framebuffer memory having executable bit set is a security hazard. This fix adds EFI_MEMORY_XP flag to avoid this. Unfortunately function gDS->SetMemorySpaceAttributes() causes assertion due to unsupported EFI_MEMORY_XP type. Therefore this fix replaces gDS->SetMemorySpaceAttributes() with Cpu->SetMemoryAttributes(). Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Girish Pathak Signed-off-by: Evan Lloyd --- Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVExpress.c = | 24 ++++++++++++++------ Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVExpressLib.i= nf | 1 - Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111LcdArmVExpres= s.c | 24 ++++++++++++++------ Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111LcdArmVExpres= sLib.inf | 1 - 4 files changed, 34 insertions(+), 16 deletions(-) diff --git a/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmV= Express.c b/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVE= xpress.c index f1c497f4b3474e32626bcfce0398432319eae72f..711f036d74b6544e54ec073a354= e9fc6f36db5e2 100644 --- a/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVExpress= .c +++ b/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVExpress= .c @@ -17,11 +17,11 @@ #include #include #include -#include #include #include #include =20 +#include #include #include =20 @@ -159,6 +159,7 @@ LcdPlatformGetVram ( { EFI_STATUS Status; EFI_ALLOCATE_TYPE AllocationType; + EFI_CPU_ARCH_PROTOCOL *Cpu; =20 ASSERT (VramBaseAddress !=3D NULL); ASSERT (VramSize !=3D NULL); @@ -185,13 +186,22 @@ LcdPlatformGetVram ( return Status; } =20 - // Mark the VRAM as write-combining. - // The VRAM is inside the DRAM, which is cacheable. - Status =3D gDS->SetMemorySpaceAttributes ( - *VramBaseAddress, - *VramSize, - EFI_MEMORY_WC + // Ensure the Cpu architectural protocol is already installed + Status =3D gBS->LocateProtocol ( + &gEfiCpuArchProtocolGuid, + NULL, + (VOID **)&Cpu ); + if (!EFI_ERROR (Status)) { + // The VRAM is inside the DRAM, which is cacheable. + // Mark the VRAM as write-combining (uncached) and non-executable. + Status =3D Cpu->SetMemoryAttributes ( + Cpu, + *VramBaseAddress, + *VramSize, + EFI_MEMORY_WC | EFI_MEMORY_XP + ); + } if (EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); gBS->FreePages (*VramBaseAddress, EFI_SIZE_TO_PAGES (*VramSize)); diff --git a/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmV= ExpressLib.inf b/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcd= ArmVExpressLib.inf index 9b0d358846bf367d7f9ff6f5d3fdffc204864528..c7b1b7fae77cbbf82b3a0768e76= 54a96719f5e7a 100644 --- a/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVExpress= Lib.inf +++ b/Platform/ARM/VExpressPkg/Library/HdLcdArmVExpressLib/HdLcdArmVExpress= Lib.inf @@ -33,7 +33,6 @@ [Packages] [LibraryClasses] ArmPlatformSysConfigLib BaseLib - DxeServicesTableLib =20 [Protocols] gEfiEdidDiscoveredProtocolGuid # Produced diff --git a/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111L= cdArmVExpress.c b/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/P= L111LcdArmVExpress.c index 50a53d3fff5065b0fcec5a5332dcc63e344328c3..bcf4f6593c071b652695ec46368= 7ac2fe84ffa73 100644 --- a/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111LcdArmVE= xpress.c +++ b/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111LcdArmVE= xpress.c @@ -17,10 +17,10 @@ #include #include #include -#include #include #include =20 +#include #include #include =20 @@ -212,6 +212,7 @@ LcdPlatformGetVram ( ) { EFI_STATUS Status; + EFI_CPU_ARCH_PROTOCOL *Cpu; =20 ASSERT (VramBaseAddress !=3D NULL); ASSERT (VramSize !=3D NULL); @@ -241,13 +242,22 @@ LcdPlatformGetVram ( return Status; } =20 - // Mark the VRAM as write-combining. - // The VRAM is inside the DRAM, which is cacheable. - Status =3D gDS->SetMemorySpaceAttributes ( - *VramBaseAddress, - *VramSize, - EFI_MEMORY_WC + // Ensure the Cpu architectural protocol is already installed + Status =3D gBS->LocateProtocol ( + &gEfiCpuArchProtocolGuid, + NULL, + (VOID **)&Cpu ); + if (!EFI_ERROR (Status)) { + // The VRAM is inside the DRAM, which is cacheable. + // Mark the VRAM as write-combining (uncached) and non-executable. + Status =3D Cpu->SetMemoryAttributes ( + Cpu, + *VramBaseAddress, + *VramSize, + EFI_MEMORY_WC | EFI_MEMORY_XP + ); + } if (EFI_ERROR (Status)) { ASSERT_EFI_ERROR (Status); gBS->FreePages (*VramBaseAddress, EFI_SIZE_TO_PAGES (*VramSize)); diff --git a/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111L= cdArmVExpressLib.inf b/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpress= Lib/PL111LcdArmVExpressLib.inf index 2bf14f999e633a55abd572daaac1e80ae2e648eb..b1fa100def0dd774fec50cb04a6= 38a89b95de575 100644 --- a/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111LcdArmVE= xpressLib.inf +++ b/Platform/ARM/VExpressPkg/Library/PL111LcdArmVExpressLib/PL111LcdArmVE= xpressLib.inf @@ -33,7 +33,6 @@ [Packages] [LibraryClasses] ArmPlatformSysConfigLib BaseLib - DxeServicesTableLib =20 [Protocols] gEfiEdidDiscoveredProtocolGuid # Produced --=20 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel