From patchwork Mon Jun 18 15:23:13 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Graf <agraf@suse.de>
X-Patchwork-Id: 139023
Delivered-To: patch@linaro.org
Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp4092408lji;
 Mon, 18 Jun 2018 08:34:07 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKJAHFdV36faG9of5sLfsOkKOT3qj1xOhECvFDIjVCW5ojxgynw4DnDnIWei8XQ96XldYiUG
X-Received: by 2002:a50:94ce:: with SMTP id
 t14-v6mr11592001eda.146.1529336046976; 
 Mon, 18 Jun 2018 08:34:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1529336046; cv=none;
 d=google.com; s=arc-20160816;
 b=roV63Uft9uEN2HUPsgE6b8iqsxlr6tcZvfxiWR5OvvYZmvkz5+RXJNJzjC1EPWT7Gi
 ilGDV5di50d+JV74DqOFlEqJo0PsMOnRCv6KkJA+bRnAsoCJRNLwTH8zgomEBZqD5EhC
 +opShIpSSfhPHJOssUVweA3CsADaSujKOLHCsoNW8YEhHaHTHIUuksOw5QweDyyM91Kv
 6ssfg3GCMNwuIxg3FiDcBmybZtySACvs9teLzwCdi8B66OV0sEylJ4zE1p8gFKL1B1Qh
 R8zmaaSmdOxy/Si/wGCsfSgko+650dk+VPLaSmtlSGLREn1ZXpw/FEfAvvWGAo44l73x
 UdNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:cc:references:in-reply-to:message-id
 :date:to:from:arc-authentication-results;
 bh=WRRAKHlnRGoDQe4f68ax5XyV4+kUFKEeuavOw+O6bkg=;
 b=ok2pZqb0KqpaIitfv11F8plgzuHzqU/ht8kopUkbjJ9O7FrCkQfIWHxJLyGCQEpnlf
 jyvFmJSr48jm0PgEZTohqALP5uylX7/WGJ9KZ1YGT8QNbjMQ9SOQ3MDkiww0mFSaGBK+
 FPjKIV/GtuctBguPqaEM1uCtqLHNuksbg+LdSX7gsWW4Wb/RXEDtlSpnFPQHjq16IFuE
 ssEFITKzKfCRSgzsaFyIiHwwEpW6r1AEWaO8j/7BGkbbT72j14t9BfIiYFKAQzhkANqw
 +0WWnsadrBQFi2OHVgsGOwt7GKsegD7L2z/ngclmxJsdyf+ZVvUKG8iC8oIPTUwaleRi
 jlQA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id
 q8-v6si6483002edg.352.2018.06.18.08.34.06; 
 Mon, 18 Jun 2018 08:34:06 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by lists.denx.de (Postfix, from userid 105)
 id 99419C21F2B; Mon, 18 Jun 2018 15:28:49 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable
 autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id 83B85C21F94;
 Mon, 18 Jun 2018 15:23:34 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id 7C829C21DFD; Mon, 18 Jun 2018 15:23:18 +0000 (UTC)
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
 by lists.denx.de (Postfix) with ESMTPS id 1C0B1C21DFA
 for <u-boot@lists.denx.de>; Mon, 18 Jun 2018 15:23:18 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (charybdis-ext-too.suse.de [195.135.220.254])
 by mx2.suse.de (Postfix) with ESMTP id 7964AAF82;
 Mon, 18 Jun 2018 15:23:17 +0000 (UTC)
From: Alexander Graf <agraf@suse.de>
To: u-boot@lists.denx.de
Date: Mon, 18 Jun 2018 17:23:13 +0200
Message-Id: <20180618152315.34233-20-agraf@suse.de>
X-Mailer: git-send-email 2.12.3
In-Reply-To: <20180618152315.34233-1-agraf@suse.de>
References: <20180618152315.34233-1-agraf@suse.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Subject: [U-Boot] [PATCH v4 19/21] sandbox: Allow to execute from RAM
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

With efi_loader, we may want to execute payloads from RAM. By default,
permissions on the RAM region don't allow us to execute from there though.

So whenever we get into the efi_loader case, let's mark RAM as executable.
That way we still protect normal cases, but allow for efi binaries to
directly get executed from within RAM.

For this, we hook into the already existing allow_unaligned() call which
also transitions the system over into semantics required by the UEFI
specification.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 arch/sandbox/cpu/cpu.c | 14 ++++++++++++++
 arch/sandbox/cpu/os.c  | 14 ++++++++++++++
 include/os.h           | 19 +++++++++++++++++++
 3 files changed, 47 insertions(+)

diff --git a/arch/sandbox/cpu/cpu.c b/arch/sandbox/cpu/cpu.c
index 9087026d71..641b66a0a7 100644
--- a/arch/sandbox/cpu/cpu.c
+++ b/arch/sandbox/cpu/cpu.c
@@ -192,3 +192,17 @@ void efi_add_known_memory(void)
 }
 
 #endif
+
+#if CONFIG_IS_ENABLED(EFI_LOADER)
+
+void allow_unaligned(void)
+{
+	int r;
+
+	r = os_mprotect(gd->arch.ram_buf, gd->ram_size,
+			OS_PROT_READ | OS_PROT_WRITE | OS_PROT_EXEC);
+
+	assert(!r);
+}
+
+#endif
diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c
index 9cfdc9f31f..9fa79a8843 100644
--- a/arch/sandbox/cpu/os.c
+++ b/arch/sandbox/cpu/os.c
@@ -183,6 +183,20 @@ void *os_realloc(void *ptr, size_t length)
 	return buf;
 }
 
+int os_mprotect(void *ptr, size_t length, int prot)
+{
+	int p = 0;
+
+	if (prot & OS_PROT_READ)
+		p |= PROT_READ;
+	if (prot & OS_PROT_WRITE)
+		p |= PROT_WRITE;
+	if (prot & OS_PROT_EXEC)
+		p |= PROT_EXEC;
+
+	return mprotect(ptr, length, p);
+}
+
 void os_usleep(unsigned long usec)
 {
 	usleep(usec);
diff --git a/include/os.h b/include/os.h
index c8e0f52d30..d451e12064 100644
--- a/include/os.h
+++ b/include/os.h
@@ -157,6 +157,25 @@ void os_free(void *ptr);
 void *os_realloc(void *ptr, size_t length);
 
 /**
+ * Modify protection of a memory region
+ *
+ * This function changes the memory protection scheme of a given memory
+ * region. Using it you can for example allow execution of memory that
+ * would otherwise prohibit it.
+ *
+ * \param ptr		Pointer to memory region to modify
+ * \param length	New length for memory block
+ * \param prot		New protection scheme (ORed OS_PROT_ values)
+ * \return 0 on success, -1 otherwise.
+ */
+int os_mprotect(void *ptr, size_t length, int prot);
+
+/* Defines for "prot" in os_mprotect() */
+#define OS_PROT_READ	0x1
+#define OS_PROT_WRITE	0x2
+#define OS_PROT_EXEC	0x4
+
+/**
  * Access to the usleep function of the os
  *
  * \param usec Time to sleep in micro seconds