Implement support for read-protected memory by wiring it up to the
access flag in the page table descriptor. The resulting mapping is
implicitly non-writable and non-executable as well, but this is good
enough for implementing this attribute, as we never rely on write or
execute permissions without read permissions.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 8 ++-
ArmPkg/Include/Library/ArmMmuLib.h | 34 ++++++++++++
ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 58 +++++++++++++++++++-
ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 48 ++++++++++++++++
4 files changed, 144 insertions(+), 4 deletions(-)
diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
index 8bb33046e707..8bda11f08a30 100644
--- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
+++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
@@ -64,6 +64,10 @@ PageAttributeToGcdAttribute (
}
// Determine protection attributes
+ if ((PageAttributes & TT_AF) == 0) {
+ GcdAttributes |= EFI_MEMORY_RP;
+ }
+
if (((PageAttributes & TT_AP_MASK) == TT_AP_NO_RO) ||
((PageAttributes & TT_AP_MASK) == TT_AP_RO_RO))
{
@@ -301,7 +305,9 @@ EfiAttributeToArmAttribute (
}
// Set the access flag to match the block attributes
- ArmAttributes |= TT_AF;
+ if ((EfiAttributes & EFI_MEMORY_RP) == 0) {
+ ArmAttributes |= TT_AF;
+ }
// Determine protection attributes
if ((EfiAttributes & EFI_MEMORY_RO) != 0) {
diff --git a/ArmPkg/Include/Library/ArmMmuLib.h b/ArmPkg/Include/Library/ArmMmuLib.h
index b745e2230e7e..4cf59a1e376b 100644
--- a/ArmPkg/Include/Library/ArmMmuLib.h
+++ b/ArmPkg/Include/Library/ArmMmuLib.h
@@ -21,6 +21,40 @@ ArmConfigureMmu (
OUT UINTN *TranslationTableSize OPTIONAL
);
+/**
+ Convert a region of memory to read-protected, by clearing the access flag.
+
+ @param BaseAddress The start of the region.
+ @param Length The size of the region.
+
+ @retval EFI_SUCCESS The attributes were set successfully.
+ @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient memory.
+
+**/
+EFI_STATUS
+EFIAPI
+ArmSetMemoryRegionNoAccess (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ );
+
+/**
+ Convert a region of memory to read-enabled, by setting the access flag.
+
+ @param BaseAddress The start of the region.
+ @param Length The size of the region.
+
+ @retval EFI_SUCCESS The attributes were set successfully.
+ @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient memory.
+
+**/
+EFI_STATUS
+EFIAPI
+ArmClearMemoryRegionNoAccess (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ );
+
EFI_STATUS
EFIAPI
ArmSetMemoryRegionNoExec (
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
index 764c7d362e2e..6d21a2e41dd1 100644
--- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
+++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
@@ -438,7 +438,11 @@ GcdAttributeToPageAttribute (
PageAttributes |= TT_AP_NO_RO;
}
- return PageAttributes | TT_AF;
+ if ((GcdAttributes & EFI_MEMORY_RP) == 0) {
+ PageAttributes |= TT_AF;
+ }
+
+ return PageAttributes;
}
EFI_STATUS
@@ -459,9 +463,9 @@ ArmSetMemoryAttributes (
// No memory type was set in Attributes, so we are going to update the
// permissions only.
//
- PageAttributes &= TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK;
+ PageAttributes &= TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF;
PageAttributeMask = ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK |
- TT_PXN_MASK | TT_XN_MASK);
+ TT_PXN_MASK | TT_XN_MASK | TT_AF);
}
return UpdateRegionMapping (
@@ -534,6 +538,54 @@ ArmClearMemoryRegionNoExec (
);
}
+/**
+ Convert a region of memory to read-protected, by clearing the access flag.
+
+ @param BaseAddress The start of the region.
+ @param Length The size of the region.
+
+ @retval EFI_SUCCESS The attributes were set successfully.
+ @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient memory.
+
+**/
+EFI_STATUS
+ArmSetMemoryRegionNoAccess (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ )
+{
+ return SetMemoryRegionAttribute (
+ BaseAddress,
+ Length,
+ 0,
+ ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AF)
+ );
+}
+
+/**
+ Convert a region of memory to read-enabled, by setting the access flag.
+
+ @param BaseAddress The start of the region.
+ @param Length The size of the region.
+
+ @retval EFI_SUCCESS The attributes were set successfully.
+ @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient memory.
+
+**/
+EFI_STATUS
+ArmClearMemoryRegionNoAccess (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ )
+{
+ return SetMemoryRegionAttribute (
+ BaseAddress,
+ Length,
+ TT_AF,
+ ~TT_ADDRESS_MASK_BLOCK_ENTRY
+ );
+}
+
EFI_STATUS
ArmSetMemoryRegionReadOnly (
IN EFI_PHYSICAL_ADDRESS BaseAddress,
diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c
index 23f613f5dbb0..247cf87bf3d3 100644
--- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c
+++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c
@@ -523,3 +523,51 @@ ArmClearMemoryRegionReadOnly (
TT_DESCRIPTOR_SECTION_AP_MASK
);
}
+
+/**
+ Convert a region of memory to read-protected, by clearing the access flag.
+
+ @param BaseAddress The start of the region.
+ @param Length The size of the region.
+
+ @retval EFI_SUCCESS The attributes were set successfully.
+ @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient memory.
+
+**/
+EFI_STATUS
+ArmSetMemoryRegionNoAccess (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ )
+{
+ return SetMemoryAttributes (
+ BaseAddress,
+ Length,
+ EFI_MEMORY_RP,
+ TT_DESCRIPTOR_SECTION_AF
+ );
+}
+
+/**
+ Convert a region of memory to read-enabled, by setting the access flag.
+
+ @param BaseAddress The start of the region.
+ @param Length The size of the region.
+
+ @retval EFI_SUCCESS The attributes were set successfully.
+ @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient memory.
+
+**/
+EFI_STATUS
+ArmClearMemoryRegionNoAccess (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ )
+{
+ return SetMemoryAttributes (
+ BaseAddress,
+ Length,
+ 0,
+ TT_DESCRIPTOR_SECTION_AF
+ );
+}
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101110): https://edk2.groups.io/g/devel/message/101110
Mute This Topic: https://groups.io/mt/97585988/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-