From patchwork Wed Mar 1 14:42:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94704 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp1825712qgi; Wed, 1 Mar 2017 06:42:35 -0800 (PST) X-Received: by 10.84.248.79 with SMTP id e15mr10700771pln.133.1488379355425; Wed, 01 Mar 2017 06:42:35 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id b14si4771891pgn.113.2017.03.01.06.42.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2017 06:42:35 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0354B821D4; Wed, 1 Mar 2017 06:42:35 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id F3AFC821D4 for ; Wed, 1 Mar 2017 06:42:32 -0800 (PST) Received: by mail-wm0-x232.google.com with SMTP id u199so38102266wmd.1 for ; Wed, 01 Mar 2017 06:42:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+mzqQMaJ/AUAudad2arLI0sy0YzsWhrOE8F4eXEsFGo=; b=LwL6QDQIsqJq5Y7z3cYb8hfGG4ms8+hxY9np1MpMynHtDcbYbv0JNE6UalqDDGX6Lm 6WQaoKbKPY2f00UlImC6Jj7lBiRwfQATDX4Pw8RyI8FUDAOZ9iWtGE0qkWAe+hzfL5KV 9SwLEAGJ9wuosRU5h7ZDQzAIJwrrN7OEb94FU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+mzqQMaJ/AUAudad2arLI0sy0YzsWhrOE8F4eXEsFGo=; b=Js7uDsiRlga4xpMUqOa8Bcn3cMLFpPi8JuHex1lGaCV2HmzY6nQ++vz/oLrSpWs3LC bydQdYGu9gPFHoCq9Gv+IjHAwG27kNLb3PsOLmvUMMkjNIFcuW/Cx/kod4sXO2zhVaPe P7AhQbdqRo5mDG8IEqKfJnjOEYw5eAN+DR2e0ye8r8nnoWNnc+jJ8XNzAWOWXVYuiBw8 hUijW5u7tHXuHRaRtq0e7GS1WcZ+gJ9in5qbnGK73aUGDDhVKJePd9jS4NhyTERpUp4i u09+Yrmfyhuuj+edQlObEWUhHNbCZYxYwcAVTk9xTxvZZHpsL6JBA60id+A/iqOLb/L0 sIWQ== X-Gm-Message-State: AMke39mz3EYn2ru/U5ia9SYGdEG9e33BCpi5g5SYDG1Kx6unYdZgQHve37SreMvDJyRtbyla X-Received: by 10.28.111.136 with SMTP id c8mr3644809wmi.128.1488379350764; Wed, 01 Mar 2017 06:42:30 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id h75sm6867958wrh.37.2017.03.01.06.42.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:42:30 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Date: Wed, 1 Mar 2017 14:42:21 +0000 Message-Id: <1488379344-16273-2-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 1/4] ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Currently, any range passed to CpuArchProtocol::SetMemoryAttributes is fully broken down into page mappings if the start or the size of the region happens to be misaliged relative to the section size of 1 MB. This is going to hurt when we enable strict memory permissions, given that we remap the entire RAM space non-executable (modulo the code bits) when the CpuArchProtocol is installed. So refactor the code to iterate over the range in a way that ensures that all naturally aligned section sized subregions are not broken up. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 47 ++++++++++++++++---- 1 file changed, 39 insertions(+), 8 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c index 89e429925ba9..046620f79185 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -679,6 +679,7 @@ SetMemoryAttributes ( ) { EFI_STATUS Status; + UINT64 ChunkLength; // // Ignore invocations that only modify permission bits @@ -687,14 +688,44 @@ SetMemoryAttributes ( return EFI_SUCCESS; } - if(((BaseAddress & 0xFFFFF) == 0) && ((Length & 0xFFFFF) == 0)) { - // Is the base and length a multiple of 1 MB? - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): MMU section 0x%x length 0x%x to %lx\n", (UINTN)BaseAddress, (UINTN)Length, Attributes)); - Status = UpdateSectionEntries (BaseAddress, Length, Attributes, VirtualMask); - } else { - // Base and/or length is not a multiple of 1 MB - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): MMU page 0x%x length 0x%x to %lx\n", (UINTN)BaseAddress, (UINTN)Length, Attributes)); - Status = UpdatePageEntries (BaseAddress, Length, Attributes, VirtualMask); + while (Length > 0) { + if ((BaseAddress % TT_DESCRIPTOR_SECTION_SIZE == 0) && + Length >= TT_DESCRIPTOR_SECTION_SIZE) { + + ChunkLength = Length - Length % TT_DESCRIPTOR_SECTION_SIZE; + + DEBUG ((DEBUG_PAGE | DEBUG_INFO, + "SetMemoryAttributes(): MMU section 0x%lx length 0x%lx to %lx\n", + BaseAddress, ChunkLength, Attributes)); + + Status = UpdateSectionEntries (BaseAddress, ChunkLength, Attributes, + VirtualMask); + } else { + + // + // Process page by page until the next section boundary, but only if + // we have more than a section's worth of area to deal with after that. + // + ChunkLength = TT_DESCRIPTOR_SECTION_SIZE - + (BaseAddress % TT_DESCRIPTOR_SECTION_SIZE); + if (ChunkLength + TT_DESCRIPTOR_SECTION_SIZE > Length) { + ChunkLength = Length; + } + + DEBUG ((DEBUG_PAGE | DEBUG_INFO, + "SetMemoryAttributes(): MMU page 0x%lx length 0x%lx to %lx\n", + BaseAddress, ChunkLength, Attributes)); + + Status = UpdatePageEntries (BaseAddress, ChunkLength, Attributes, + VirtualMask); + } + + if (EFI_ERROR (Status)) { + break; + } + + BaseAddress += ChunkLength; + Length -= ChunkLength; } // Flush d-cache so descriptors make it back to uncached memory for subsequent table walks From patchwork Wed Mar 1 14:42:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94705 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp1825724qgi; Wed, 1 Mar 2017 06:42:36 -0800 (PST) X-Received: by 10.84.225.149 with SMTP id u21mr10879451plj.2.1488379356654; Wed, 01 Mar 2017 06:42:36 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id w15si4768838plk.292.2017.03.01.06.42.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2017 06:42:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 37B77821DA; Wed, 1 Mar 2017 06:42:36 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DF830821D4 for ; Wed, 1 Mar 2017 06:42:33 -0800 (PST) Received: by mail-wm0-x231.google.com with SMTP id v186so111962063wmd.0 for ; Wed, 01 Mar 2017 06:42:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=FJd9UMwucWND6VovMoT1bInxF5nsE/+q00L2o47dv+0=; b=Mi3cMYqYpr03Dlnm3L46sdlPauPdli0DZ1kMfUr+dcnznmdCFv6wfAs2h4XxBaPxIL eFTv3niWxftJMZ7gvOzTgIRliyl/KWaJbFOhAbEIJe2PUheqP5qW733DCNim5oiTxrx1 jwfrC8Fwm9XA+KjSjsa2MSK0GTYoa8h5alMvg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=FJd9UMwucWND6VovMoT1bInxF5nsE/+q00L2o47dv+0=; b=YkcX5QRlBSCpnOVggY1MfdYFhTpIcMWd14KpveCAv4nq5k5q8CeEkJqfIelOIoHX45 aLllR8kM/HV0oFjkmOYDDjZVg9hFaBQGoUj+9JGEZjiOa3yL/K+xxUHm7KzaPfrop1nI 5Si7AOY8eXhq1gWjEsHza5Ib20RJt+rLy+lIkgf0ikG0Dvw305jnWlO6irhkQHtyEF+i RXRSKT887H087VSRsDy/dIQ2x/2Av+KhojyaTdGIPWedr/dyMnTgsgpsGxNesh60C55k uBzagFznRK2rgmFktntxNMmy9gkRXqDuy9Tvj0/R4w9v+j21zw4FNFP/ogD7RSrlJ5SW c1dw== X-Gm-Message-State: AMke39nTR2V4VpcBm2+Q8GPjKcbetd1zHomRndwrkQwbNXF1UBd0J1oiJGeV3AER0hNgiEhc X-Received: by 10.28.229.78 with SMTP id c75mr4036749wmh.20.1488379352455; Wed, 01 Mar 2017 06:42:32 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id h75sm6867958wrh.37.2017.03.01.06.42.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:42:31 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Date: Wed, 1 Mar 2017 14:42:22 +0000 Message-Id: <1488379344-16273-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 2/4] ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Page and section entries in the page tables are updated using the helper ArmUpdateTranslationTableEntry(), which cleans the page table entry to the PoC, and invalidates the TLB entry covering the page described by the entry being updated. Since we may be updating section entries, we might be leaving stale TLB entries at this point (for all pages in the section except the first one), which will be invalidated wholesale at the end of SetMemoryAttributes(). At that point, all caches are cleaned *and* invalidated as well. This cache maintenance is costly and unnecessary. The TLB maintenance is only necessary if we updated any section entries, since any page by page entries that have been updated will have been invalidated individually by ArmUpdateTranslationTableEntry(). So drop the clean/invalidate of the caches, and only perform the full TLB flush if UpdateSectionEntries() was called. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c index 046620f79185..fe0ddee447b0 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -680,6 +680,7 @@ SetMemoryAttributes ( { EFI_STATUS Status; UINT64 ChunkLength; + BOOLEAN FlushTlbs; // // Ignore invocations that only modify permission bits @@ -688,6 +689,7 @@ SetMemoryAttributes ( return EFI_SUCCESS; } + FlushTlbs = FALSE; while (Length > 0) { if ((BaseAddress % TT_DESCRIPTOR_SECTION_SIZE == 0) && Length >= TT_DESCRIPTOR_SECTION_SIZE) { @@ -700,6 +702,8 @@ SetMemoryAttributes ( Status = UpdateSectionEntries (BaseAddress, ChunkLength, Attributes, VirtualMask); + + FlushTlbs = TRUE; } else { // @@ -728,16 +732,9 @@ SetMemoryAttributes ( Length -= ChunkLength; } - // Flush d-cache so descriptors make it back to uncached memory for subsequent table walks - // flush and invalidate pages - //TODO: Do we really need to invalidate the caches everytime we change the memory attributes ? - ArmCleanInvalidateDataCache (); - - ArmInvalidateInstructionCache (); - - // Invalidate all TLB entries so changes are synced - ArmInvalidateTlb (); - + if (FlushTlbs) { + ArmInvalidateTlb (); + } return Status; } From patchwork Wed Mar 1 14:42:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94706 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp1825744qgi; Wed, 1 Mar 2017 06:42:39 -0800 (PST) X-Received: by 10.99.127.14 with SMTP id a14mr9256223pgd.64.1488379359163; Wed, 01 Mar 2017 06:42:39 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id g29si4790568plj.102.2017.03.01.06.42.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2017 06:42:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6F317821DC; Wed, 1 Mar 2017 06:42:37 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B9AB4821D8 for ; Wed, 1 Mar 2017 06:42:35 -0800 (PST) Received: by mail-wm0-x234.google.com with SMTP id u199so38103594wmd.1 for ; Wed, 01 Mar 2017 06:42:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=m2n2imfosOcNslejsrZvSriT9FxwW6MGByHquk5IRck=; b=IS7DH77yXU8c1pRFYXrNEh4UsnOf4xqVawIyVEpa21irMQf/D8mvjzwJ/lhBIAmEOg wywczPiTKwf8pPbcHzBLeqQIilnkGYSz7qnXWOUKhHFQQluqBWjTdFuFPglwMfQitqmm sdzu1RjSkIIDyM2g1beTsKFWIE1G2MRBnMxwY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=m2n2imfosOcNslejsrZvSriT9FxwW6MGByHquk5IRck=; b=rxJhAL4Roovb8OPhW/JzenH9QifK4o/4LgxyP9FRwZY4XFAh1+5UqOkC3nT5UZu0K4 t2sFD/QSbtiGPIJY6icDLTy+YPn0N+fg9GZm4EnIHNSdkQyUMjbqSZsfCsGt8sx3MHun Y/Ij9uxW6G4oi6xMmYFLI+n32aAhWILMNeJw5yws+FIX9/ZWxtICXVEAgy9y2lBB10ed dE39qpOGM86uDp121FUlTDoSEt20Edi/gea8R9P5dRKuw3LJIKTlbI/IAyV27MrEp57p NfCfoY755h0C4bK71gzjBUtOWm29A5jMvgXgSRFEMBl6DVWtKz8AnWF1kKwifhNACzAB orBQ== X-Gm-Message-State: AMke39lnOjFm5iEsTuEAnaJ04QyqYld0PEAC3k7/hz1nih5dSH1KMkQd/98IPPaKeI1+JtB3 X-Received: by 10.28.127.13 with SMTP id a13mr3649230wmd.96.1488379354182; Wed, 01 Mar 2017 06:42:34 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id h75sm6867958wrh.37.2017.03.01.06.42.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:42:33 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Date: Wed, 1 Mar 2017 14:42:23 +0000 Message-Id: <1488379344-16273-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 3/4] ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes() X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Enable the use of strict memory permissions on ARM by processing the EFI_MEMORY_RO and EFI_MEMORY_XP rather than ignoring them. As before, calls to CpuArchProtocol::SetMemoryAttributes that only set RO/XP bits will preserve the cacheability attributes. Permissions attributes are not preserved when setting the memory type only: the way the memory permission attributes are defined does not allows for that, and so this situation does not deviate from other architectures. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 151 ++++++++------------ 1 file changed, 62 insertions(+), 89 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c index fe0ddee447b0..6322d301060e 100644 --- a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c @@ -373,50 +373,41 @@ UpdatePageEntries ( // EntryMask: bitmask of values to change (1 = change this value, 0 = leave alone) // EntryValue: values at bit positions specified by EntryMask - EntryMask = TT_DESCRIPTOR_PAGE_TYPE_MASK; - EntryValue = TT_DESCRIPTOR_PAGE_TYPE_PAGE; + EntryMask = TT_DESCRIPTOR_PAGE_TYPE_MASK | TT_DESCRIPTOR_PAGE_AP_MASK; + if ((Attributes & EFI_MEMORY_XP) != 0) { + EntryValue = TT_DESCRIPTOR_PAGE_TYPE_PAGE_XN; + } else { + EntryValue = TT_DESCRIPTOR_PAGE_TYPE_PAGE; + } + // Although the PI spec is unclear on this the GCD guarantees that only // one Attribute bit is set at a time, so we can safely use a switch statement - switch (Attributes) { - case EFI_MEMORY_UC: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // map to strongly ordered - EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_STRONGLY_ORDERED; // TEX[2:0] = 0, C=0, B=0 - break; - - case EFI_MEMORY_WC: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // map to normal non-cachable - EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_NON_CACHEABLE; // TEX [2:0]= 001 = 0x2, B=0, C=0 - break; - - case EFI_MEMORY_WT: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // write through with no-allocate - EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC; // TEX [2:0] = 0, C=1, B=0 - break; - - case EFI_MEMORY_WB: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; - // write back (with allocate) - EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_BACK_ALLOC; // TEX [2:0] = 001, C=1, B=1 - break; - - case EFI_MEMORY_WP: - case EFI_MEMORY_XP: - case EFI_MEMORY_UCE: - // cannot be implemented UEFI definition unclear for ARM - // Cause a page fault if these ranges are accessed. - EntryValue = TT_DESCRIPTOR_PAGE_TYPE_FAULT; - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): setting page %lx with unsupported attribute %x will page fault on access\n", BaseAddress, Attributes)); - break; + if ((Attributes & EFI_MEMORY_UC) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // map to strongly ordered + EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_STRONGLY_ORDERED; // TEX[2:0] = 0, C=0, B=0 + } else if ((Attributes & EFI_MEMORY_WC) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // map to normal non-cachable + EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_NON_CACHEABLE; // TEX [2:0]= 001 = 0x2, B=0, C=0 + } else if ((Attributes & EFI_MEMORY_WT) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // write through with no-allocate + EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC; // TEX [2:0] = 0, C=1, B=0 + } else if ((Attributes & EFI_MEMORY_WB) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK; + // write back (with allocate) + EntryValue |= TT_DESCRIPTOR_PAGE_CACHE_POLICY_WRITE_BACK_ALLOC; // TEX [2:0] = 001, C=1, B=1 + } - default: - return EFI_UNSUPPORTED; + if ((Attributes & EFI_MEMORY_RO) != 0) { + EntryValue |= TT_DESCRIPTOR_PAGE_AP_RO_RO; + } else { + EntryValue |= TT_DESCRIPTOR_PAGE_AP_RW_RW; } // Obtain page table base @@ -515,53 +506,42 @@ UpdateSectionEntries ( // EntryValue: values at bit positions specified by EntryMask // Make sure we handle a section range that is unmapped - EntryMask = TT_DESCRIPTOR_SECTION_TYPE_MASK; + EntryMask = TT_DESCRIPTOR_SECTION_TYPE_MASK | TT_DESCRIPTOR_SECTION_XN_MASK | + TT_DESCRIPTOR_SECTION_AP_MASK; EntryValue = TT_DESCRIPTOR_SECTION_TYPE_SECTION; // Although the PI spec is unclear on this the GCD guarantees that only // one Attribute bit is set at a time, so we can safely use a switch statement - switch(Attributes) { - case EFI_MEMORY_UC: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // map to strongly ordered - EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_STRONGLY_ORDERED; // TEX[2:0] = 0, C=0, B=0 - break; - - case EFI_MEMORY_WC: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // map to normal non-cachable - EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_NON_CACHEABLE; // TEX [2:0]= 001 = 0x2, B=0, C=0 - break; - - case EFI_MEMORY_WT: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // write through with no-allocate - EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC; // TEX [2:0] = 0, C=1, B=0 - break; - - case EFI_MEMORY_WB: - // modify cacheability attributes - EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; - // write back (with allocate) - EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_BACK_ALLOC; // TEX [2:0] = 001, C=1, B=1 - break; - - case EFI_MEMORY_WP: - case EFI_MEMORY_XP: - case EFI_MEMORY_RP: - case EFI_MEMORY_UCE: - // cannot be implemented UEFI definition unclear for ARM - // Cause a page fault if these ranges are accessed. - EntryValue = TT_DESCRIPTOR_SECTION_TYPE_FAULT; - DEBUG ((EFI_D_PAGE, "SetMemoryAttributes(): setting section %lx with unsupported attribute %x will page fault on access\n", BaseAddress, Attributes)); - break; + if ((Attributes & EFI_MEMORY_UC) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // map to strongly ordered + EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_STRONGLY_ORDERED; // TEX[2:0] = 0, C=0, B=0 + } else if ((Attributes & EFI_MEMORY_WC) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // map to normal non-cachable + EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_NON_CACHEABLE; // TEX [2:0]= 001 = 0x2, B=0, C=0 + } else if ((Attributes & EFI_MEMORY_WT) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // write through with no-allocate + EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_THROUGH_NO_ALLOC; // TEX [2:0] = 0, C=1, B=0 + } else if ((Attributes & EFI_MEMORY_WB) != 0) { + // modify cacheability attributes + EntryMask |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK; + // write back (with allocate) + EntryValue |= TT_DESCRIPTOR_SECTION_CACHE_POLICY_WRITE_BACK_ALLOC; // TEX [2:0] = 001, C=1, B=1 + } + if ((Attributes & EFI_MEMORY_RO) != 0) { + EntryValue |= TT_DESCRIPTOR_SECTION_AP_RO_RO; + } else { + EntryValue |= TT_DESCRIPTOR_SECTION_AP_RW_RW; + } - default: - return EFI_UNSUPPORTED; + if ((Attributes & EFI_MEMORY_XP) != 0) { + EntryValue |= TT_DESCRIPTOR_SECTION_XN_MASK; } // obtain page table base @@ -682,13 +662,6 @@ SetMemoryAttributes ( UINT64 ChunkLength; BOOLEAN FlushTlbs; - // - // Ignore invocations that only modify permission bits - // - if ((Attributes & EFI_MEMORY_CACHETYPE_MASK) == 0) { - return EFI_SUCCESS; - } - FlushTlbs = FALSE; while (Length > 0) { if ((BaseAddress % TT_DESCRIPTOR_SECTION_SIZE == 0) && From patchwork Wed Mar 1 14:42:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94707 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp1825774qgi; Wed, 1 Mar 2017 06:42:42 -0800 (PST) X-Received: by 10.84.172.1 with SMTP id m1mr10640251plb.5.1488379361943; Wed, 01 Mar 2017 06:42:41 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id 44si4777341plc.215.2017.03.01.06.42.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2017 06:42:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A8C26821DE; Wed, 1 Mar 2017 06:42:38 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wr0-x22c.google.com (mail-wr0-x22c.google.com [IPv6:2a00:1450:400c:c0c::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 89A2E821DE for ; Wed, 1 Mar 2017 06:42:37 -0800 (PST) Received: by mail-wr0-x22c.google.com with SMTP id u108so31701775wrb.3 for ; Wed, 01 Mar 2017 06:42:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cqStoyENYTEJuv/Y9/D43ASXpL7uT1U1bxskZLitEhk=; b=V0wzhk/G3RQmmNGqIGdvqyrmqkjTXoj3NGxwezW/ku1jygGO22vaiyLbl4OI56hyjr zqtDAiVhvEoNSvvPsBSJfFW35A03i6pQAWD1MpsNZPzDZxeAp6rD8DydF3kgzPkLIzLK ZQRGjTNYKKFEqz7kuE8HWcabaLDDtqRmSfFKc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cqStoyENYTEJuv/Y9/D43ASXpL7uT1U1bxskZLitEhk=; b=MFnanUx5zIqMxTz1R8eCzqmGidNMvBI428Z6XUzC0p8ys1kF1KxyYtW2TGwvnwL+I5 JhXQ/WIEM1k6YuyIvscHlK/S6akjZ+2SSrBszdaQChuJn5ohvqpzLNA1C8HPqUIF33AK dAuA6RaNBly0k95txegOXVGQFE3FXkejtldkdjAidg7KYjoSeO0jRqDC7jQ9bPzbKbOr D/WbrY9bnMFehEKMXcz7zGC5FFvX2CFZkyTcKijtXrGvKVLqnX7rPTiT9KnpaDJcCRAM eXkOdrpmXD5cZU3VF5ksJ2dOkSupC5+vK6te0GQVGaxNUaRhFoxQxlVIWbcGsgYiKLJT Kdtw== X-Gm-Message-State: AMke39lqTsM9vsEvc+0jLc95TWPb6/oWS4dAvkMe09oYWu13/PAmZz2BPekl+zxpHE09gOc2 X-Received: by 10.223.142.201 with SMTP id q67mr7051333wrb.182.1488379355800; Wed, 01 Mar 2017 06:42:35 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id h75sm6867958wrh.37.2017.03.01.06.42.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:42:35 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Date: Wed, 1 Mar 2017 14:42:24 +0000 Message-Id: <1488379344-16273-5-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> References: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 4/4] ArmVirtPkg: enable PE/COFF image and memory protection for ARM platforms X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Like for AARCH64, enable PE/COFF image and NX memory protection for all 32-bit ARM virt platforms. Note that this does not [yet] protect EfiLoaderData regions, due to compatibility issues with GRUB. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: Laszlo Ersek diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index a91b27f13cf2..acfb71d3ff6c 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -18,7 +18,7 @@ [Defines] DEFINE TTY_TERMINAL = FALSE [BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] - GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000 + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 @@ -373,10 +373,6 @@ [PcdsFixedAtBuild.common] gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94} !endif -[PcdsFixedAtBuild.ARM] - gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 - -[PcdsFixedAtBuild.AARCH64] # # Enable strict image permissions for all images. (This applies # only to images that were built with >= 4 KB section alignment.) @@ -390,6 +386,9 @@ [PcdsFixedAtBuild.AARCH64] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 +[PcdsFixedAtBuild.ARM] + gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 + [Components.common] # # Networking stack