From nobody Sat Dec 21 14:41:26 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+101110+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101110+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1678727871; cv=none; d=zohomail.com; s=zohoarc; b=NOEAT2H8FTTAzIg4BfaL64/2T2oT/DyMC88KPD7swhet4D12ym0uSz3wL8qPgGW5zi8KesksQF/X03EQxSpDXm3AIIzio+42Q1HPhfEPsZiz7iejWJ7Zktw5qtqZ7kZK8GLCrGyN/ENOUB1FkD46jolLnRATTqxJzsnsrpElJHc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1678727871; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=x3htzRHQiGd0bnBhBHH1mRTP0jViV5i9KmVdQDWpMJ0=; b=liW9+FNQ19Johe8OLzXF1ocSptrr+KWHQ6R3UyHGLyMd2A2T1j+/4zmxRRM8gdTGTiRli1B2zLQs5Xyuh7RxmYtt+z3BOv6Smb2meppYKb3VNFjnlsIEL/1ZXR3SCqtMdQ27KN+OSx/xNfFbKlJNGIPHlxpiKMj3F0HgOmzSexU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+101110+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1678727871291957.7559875124965; Mon, 13 Mar 2023 10:17:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wZnEYY1788612xu9zpku1i7M; Mon, 13 Mar 2023 10:17:50 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.25785.1678727870193444924 for ; Mon, 13 Mar 2023 10:17:50 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B6CAF61450; Mon, 13 Mar 2023 17:17:49 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 58B06C4339B; Mon, 13 Mar 2023 17:17:47 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe Subject: [edk2-devel] [PATCH v5 06/38] ArmPkg/ArmMmuLib: Implement EFI_MEMORY_RP using access flag Date: Mon, 13 Mar 2023 18:16:42 +0100 Message-Id: <20230313171714.3866151-7-ardb@kernel.org> In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org> References: <20230313171714.3866151-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: fsA52MEtiX5UZYrVZlCM5BwLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1678727870; bh=5R8N7sliKsXS7Op2fP0UdeDI5gvcLwZQujK7qmm+A8c=; h=Cc:Date:From:Reply-To:Subject:To; b=t6OYN2tog+O3yzTad2CXoZO7hVrE6c5PStTP2Y/mpkNStpiwC/0zPT3ytPDNR8TgpG1 51IMzxy0qHhL3wIwVcQtrFAN5Yu0ltE9BZkQlzJYwHFWEMH3Ky0kQco4ieut7mzduNuLG Bwemr4mukNlMfIIiBQfqLin30JNs8lOeH9g= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1678727871988100010 Content-Type: text/plain; charset="utf-8" Implement support for read-protected memory by wiring it up to the access flag in the page table descriptor. The resulting mapping is implicitly non-writable and non-executable as well, but this is good enough for implementing this attribute, as we never rely on write or execute permissions without read permissions. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 8 ++- ArmPkg/Include/Library/ArmMmuLib.h | 34 ++++++++++++ ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 58 +++++++++++++++++++- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 48 ++++++++++++++++ 4 files changed, 144 insertions(+), 4 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AA= rch64/Mmu.c index 8bb33046e707..8bda11f08a30 100644 --- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c @@ -64,6 +64,10 @@ PageAttributeToGcdAttribute ( } =20 // Determine protection attributes + if ((PageAttributes & TT_AF) =3D=3D 0) { + GcdAttributes |=3D EFI_MEMORY_RP; + } + if (((PageAttributes & TT_AP_MASK) =3D=3D TT_AP_NO_RO) || ((PageAttributes & TT_AP_MASK) =3D=3D TT_AP_RO_RO)) { @@ -301,7 +305,9 @@ EfiAttributeToArmAttribute ( } =20 // Set the access flag to match the block attributes - ArmAttributes |=3D TT_AF; + if ((EfiAttributes & EFI_MEMORY_RP) =3D=3D 0) { + ArmAttributes |=3D TT_AF; + } =20 // Determine protection attributes if ((EfiAttributes & EFI_MEMORY_RO) !=3D 0) { diff --git a/ArmPkg/Include/Library/ArmMmuLib.h b/ArmPkg/Include/Library/Ar= mMmuLib.h index b745e2230e7e..4cf59a1e376b 100644 --- a/ArmPkg/Include/Library/ArmMmuLib.h +++ b/ArmPkg/Include/Library/ArmMmuLib.h @@ -21,6 +21,40 @@ ArmConfigureMmu ( OUT UINTN *TranslationTableSize OPTIONAL ); =20 +/** + Convert a region of memory to read-protected, by clearing the access fla= g. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +EFIAPI +ArmSetMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ); + +/** + Convert a region of memory to read-enabled, by setting the access flag. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +EFIAPI +ArmClearMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ); + EFI_STATUS EFIAPI ArmSetMemoryRegionNoExec ( diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Libr= ary/ArmMmuLib/AArch64/ArmMmuLibCore.c index 764c7d362e2e..6d21a2e41dd1 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -438,7 +438,11 @@ GcdAttributeToPageAttribute ( PageAttributes |=3D TT_AP_NO_RO; } =20 - return PageAttributes | TT_AF; + if ((GcdAttributes & EFI_MEMORY_RP) =3D=3D 0) { + PageAttributes |=3D TT_AF; + } + + return PageAttributes; } =20 EFI_STATUS @@ -459,9 +463,9 @@ ArmSetMemoryAttributes ( // No memory type was set in Attributes, so we are going to update the // permissions only. // - PageAttributes &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK; + PageAttributes &=3D TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF; PageAttributeMask =3D ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK | - TT_PXN_MASK | TT_XN_MASK); + TT_PXN_MASK | TT_XN_MASK | TT_AF); } =20 return UpdateRegionMapping ( @@ -534,6 +538,54 @@ ArmClearMemoryRegionNoExec ( ); } =20 +/** + Convert a region of memory to read-protected, by clearing the access fla= g. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmSetMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryRegionAttribute ( + BaseAddress, + Length, + 0, + ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AF) + ); +} + +/** + Convert a region of memory to read-enabled, by setting the access flag. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmClearMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryRegionAttribute ( + BaseAddress, + Length, + TT_AF, + ~TT_ADDRESS_MASK_BLOCK_ENTRY + ); +} + EFI_STATUS ArmSetMemoryRegionReadOnly ( IN EFI_PHYSICAL_ADDRESS BaseAddress, diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Librar= y/ArmMmuLib/Arm/ArmMmuLibUpdate.c index 23f613f5dbb0..247cf87bf3d3 100644 --- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c +++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c @@ -523,3 +523,51 @@ ArmClearMemoryRegionReadOnly ( TT_DESCRIPTOR_SECTION_AP_MASK ); } + +/** + Convert a region of memory to read-protected, by clearing the access fla= g. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmSetMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryAttributes ( + BaseAddress, + Length, + EFI_MEMORY_RP, + TT_DESCRIPTOR_SECTION_AF + ); +} + +/** + Convert a region of memory to read-enabled, by setting the access flag. + + @param BaseAddress The start of the region. + @param Length The size of the region. + + @retval EFI_SUCCESS The attributes were set successfully. + @retval EFI_OUT_OF_RESOURCES The operation failed due to insufficient m= emory. + +**/ +EFI_STATUS +ArmClearMemoryRegionNoAccess ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length + ) +{ + return SetMemoryAttributes ( + BaseAddress, + Length, + 0, + TT_DESCRIPTOR_SECTION_AF + ); +} --=20 2.39.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101110): https://edk2.groups.io/g/devel/message/101110 Mute This Topic: https://groups.io/mt/97585988/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-