From nobody Mon Sep 16 19:14:07 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101110+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101110+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1678727871; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NOEAT2H8FTTAzIg4BfaL64/2T2oT/DyMC88KPD7swhet4D12ym0uSz3wL8qPgGW5zi8KesksQF/X03EQxSpDXm3AIIzio+42Q1HPhfEPsZiz7iejWJ7Zktw5qtqZ7kZK8GLCrGyN/ENOUB1FkD46jolLnRATTqxJzsnsrpElJHc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1678727871;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=x3htzRHQiGd0bnBhBHH1mRTP0jViV5i9KmVdQDWpMJ0=;
	b=liW9+FNQ19Johe8OLzXF1ocSptrr+KWHQ6R3UyHGLyMd2A2T1j+/4zmxRRM8gdTGTiRli1B2zLQs5Xyuh7RxmYtt+z3BOv6Smb2meppYKb3VNFjnlsIEL/1ZXR3SCqtMdQ27KN+OSx/xNfFbKlJNGIPHlxpiKMj3F0HgOmzSexU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101110+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1678727871291957.7559875124965;
 Mon, 13 Mar 2023 10:17:51 -0700 (PDT)
Return-Path: <bounce+27952+101110+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id wZnEYY1788612xu9zpku1i7M;
 Mon, 13 Mar 2023 10:17:50 -0700
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.25785.1678727870193444924
 for <devel@edk2.groups.io>;
 Mon, 13 Mar 2023 10:17:50 -0700
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id B6CAF61450;
	Mon, 13 Mar 2023 17:17:49 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 58B06C4339B;
	Mon, 13 Mar 2023 17:17:47 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [edk2-devel] [PATCH v5 06/38] ArmPkg/ArmMmuLib: Implement
 EFI_MEMORY_RP using access flag
Date: Mon, 13 Mar 2023 18:16:42 +0100
Message-Id: <20230313171714.3866151-7-ardb@kernel.org>
In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org>
References: <20230313171714.3866151-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: fsA52MEtiX5UZYrVZlCM5BwLx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1678727870;
 bh=5R8N7sliKsXS7Op2fP0UdeDI5gvcLwZQujK7qmm+A8c=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=t6OYN2tog+O3yzTad2CXoZO7hVrE6c5PStTP2Y/mpkNStpiwC/0zPT3ytPDNR8TgpG1
 51IMzxy0qHhL3wIwVcQtrFAN5Yu0ltE9BZkQlzJYwHFWEMH3Ky0kQco4ieut7mzduNuLG
 Bwemr4mukNlMfIIiBQfqLin30JNs8lOeH9g=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1678727871988100010
Content-Type: text/plain; charset="utf-8"

Implement support for read-protected memory by wiring it up to the
access flag in the page table descriptor. The resulting mapping is
implicitly non-writable and non-executable as well, but this is good
enough for implementing this attribute, as we never rely on write or
execute permissions without read permissions.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c              |  8 ++-
 ArmPkg/Include/Library/ArmMmuLib.h               | 34 ++++++++++++
 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 58 +++++++++++++++++++-
 ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c   | 48 ++++++++++++++++
 4 files changed, 144 insertions(+), 4 deletions(-)

diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AA=
rch64/Mmu.c
index 8bb33046e707..8bda11f08a30 100644
--- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
+++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
@@ -64,6 +64,10 @@ PageAttributeToGcdAttribute (
   }
=20
   // Determine protection attributes
+  if ((PageAttributes & TT_AF) =3D=3D 0) {
+    GcdAttributes |=3D EFI_MEMORY_RP;
+  }
+
   if (((PageAttributes & TT_AP_MASK) =3D=3D TT_AP_NO_RO) ||
       ((PageAttributes & TT_AP_MASK) =3D=3D TT_AP_RO_RO))
   {
@@ -301,7 +305,9 @@ EfiAttributeToArmAttribute (
   }
=20
   // Set the access flag to match the block attributes
-  ArmAttributes |=3D TT_AF;
+  if ((EfiAttributes & EFI_MEMORY_RP) =3D=3D 0) {
+    ArmAttributes |=3D TT_AF;
+  }
=20
   // Determine protection attributes
   if ((EfiAttributes & EFI_MEMORY_RO) !=3D 0) {
diff --git a/ArmPkg/Include/Library/ArmMmuLib.h b/ArmPkg/Include/Library/Ar=
mMmuLib.h
index b745e2230e7e..4cf59a1e376b 100644
--- a/ArmPkg/Include/Library/ArmMmuLib.h
+++ b/ArmPkg/Include/Library/ArmMmuLib.h
@@ -21,6 +21,40 @@ ArmConfigureMmu (
   OUT UINTN                         *TranslationTableSize  OPTIONAL
   );
=20
+/**
+  Convert a region of memory to read-protected, by clearing the access fla=
g.
+
+  @param  BaseAddress           The start of the region.
+  @param  Length                The size of the region.
+
+  @retval EFI_SUCCESS           The attributes were set successfully.
+  @retval EFI_OUT_OF_RESOURCES  The operation failed due to insufficient m=
emory.
+
+**/
+EFI_STATUS
+EFIAPI
+ArmSetMemoryRegionNoAccess (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length
+  );
+
+/**
+  Convert a region of memory to read-enabled, by setting the access flag.
+
+  @param  BaseAddress           The start of the region.
+  @param  Length                The size of the region.
+
+  @retval EFI_SUCCESS           The attributes were set successfully.
+  @retval EFI_OUT_OF_RESOURCES  The operation failed due to insufficient m=
emory.
+
+**/
+EFI_STATUS
+EFIAPI
+ArmClearMemoryRegionNoAccess (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length
+  );
+
 EFI_STATUS
 EFIAPI
 ArmSetMemoryRegionNoExec (
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr=
ary/ArmMmuLib/AArch64/ArmMmuLibCore.c
index 764c7d362e2e..6d21a2e41dd1 100644
--- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
+++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
@@ -438,7 +438,11 @@ GcdAttributeToPageAttribute (
     PageAttributes |=3D TT_AP_NO_RO;
   }
=20
-  return PageAttributes | TT_AF;
+  if ((GcdAttributes & EFI_MEMORY_RP) =3D=3D 0) {
+    PageAttributes |=3D TT_AF;
+  }
+
+  return PageAttributes;
 }
=20
 EFI_STATUS
@@ -459,9 +463,9 @@ ArmSetMemoryAttributes (
     // No memory type was set in Attributes, so we are going to update the
     // permissions only.
     //
-    PageAttributes   &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK;
+    PageAttributes   &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF;
     PageAttributeMask =3D ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK |
-                          TT_PXN_MASK | TT_XN_MASK);
+                          TT_PXN_MASK | TT_XN_MASK | TT_AF);
   }
=20
   return UpdateRegionMapping (
@@ -534,6 +538,54 @@ ArmClearMemoryRegionNoExec (
            );
 }
=20
+/**
+  Convert a region of memory to read-protected, by clearing the access fla=
g.
+
+  @param  BaseAddress           The start of the region.
+  @param  Length                The size of the region.
+
+  @retval EFI_SUCCESS           The attributes were set successfully.
+  @retval EFI_OUT_OF_RESOURCES  The operation failed due to insufficient m=
emory.
+
+**/
+EFI_STATUS
+ArmSetMemoryRegionNoAccess (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length
+  )
+{
+  return SetMemoryRegionAttribute (
+           BaseAddress,
+           Length,
+           0,
+           ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AF)
+           );
+}
+
+/**
+  Convert a region of memory to read-enabled, by setting the access flag.
+
+  @param  BaseAddress           The start of the region.
+  @param  Length                The size of the region.
+
+  @retval EFI_SUCCESS           The attributes were set successfully.
+  @retval EFI_OUT_OF_RESOURCES  The operation failed due to insufficient m=
emory.
+
+**/
+EFI_STATUS
+ArmClearMemoryRegionNoAccess (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length
+  )
+{
+  return SetMemoryRegionAttribute (
+           BaseAddress,
+           Length,
+           TT_AF,
+           ~TT_ADDRESS_MASK_BLOCK_ENTRY
+           );
+}
+
 EFI_STATUS
 ArmSetMemoryRegionReadOnly (
   IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar=
y/ArmMmuLib/Arm/ArmMmuLibUpdate.c
index 23f613f5dbb0..247cf87bf3d3 100644
--- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c
+++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c
@@ -523,3 +523,51 @@ ArmClearMemoryRegionReadOnly (
            TT_DESCRIPTOR_SECTION_AP_MASK
            );
 }
+
+/**
+  Convert a region of memory to read-protected, by clearing the access fla=
g.
+
+  @param  BaseAddress           The start of the region.
+  @param  Length                The size of the region.
+
+  @retval EFI_SUCCESS           The attributes were set successfully.
+  @retval EFI_OUT_OF_RESOURCES  The operation failed due to insufficient m=
emory.
+
+**/
+EFI_STATUS
+ArmSetMemoryRegionNoAccess (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length
+  )
+{
+  return SetMemoryAttributes (
+           BaseAddress,
+           Length,
+           EFI_MEMORY_RP,
+           TT_DESCRIPTOR_SECTION_AF
+           );
+}
+
+/**
+  Convert a region of memory to read-enabled, by setting the access flag.
+
+  @param  BaseAddress           The start of the region.
+  @param  Length                The size of the region.
+
+  @retval EFI_SUCCESS           The attributes were set successfully.
+  @retval EFI_OUT_OF_RESOURCES  The operation failed due to insufficient m=
emory.
+
+**/
+EFI_STATUS
+ArmClearMemoryRegionNoAccess (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length
+  )
+{
+  return SetMemoryAttributes (
+           BaseAddress,
+           Length,
+           0,
+           TT_DESCRIPTOR_SECTION_AF
+           );
+}
--=20
2.39.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101110): https://edk2.groups.io/g/devel/message/101110
Mute This Topic: https://groups.io/mt/97585988/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-