From patchwork Mon Jan  7 07:15:02 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 154873
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp3192718ljp;
 Sun, 6 Jan 2019 23:15:32 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7hY5jL+rX/Jw8/HuZSVoUCuRYDB/KLgvZrY+TvCnGQt20bgqjWIlsddTuJZ9TVPoS69bMh
X-Received: by 2002:a63:ec13:: with SMTP id j19mr9920796pgh.6.1546845332427; 
 Sun, 06 Jan 2019 23:15:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1546845332; cv=none;
 d=google.com; s=arc-20160816;
 b=nw/GJBBZbXM+gYfNJxVKB9IJhlBM1pW3dArdJaICfmtD/e2aRfthALwhPMyZcUFQtd
 KRuhEXQETfrKPqcRw7GGMcJHCBMRSv/A2RXLBA/qmZyr+s9NpKo9E6ne47qdbC2gCkKo
 BctpukMJvI1kPzwZh1KzcxdhU5rYuKovmugdPtP+L1tLj3Y0stVJz5W0zZ7xXyG/V1My
 O7hl6b92jHtaP71OOPSYh4fGgGo4r/nEpdIb51iQU1C70H0M6CSB2eszTVg3ZawmxSiH
 B+UJfD6pXULKh1XXkYCNVfVGuo5bd7NLEh9Bjca02P5hOomNcU+4VBo7XjVMkFlCvOqE
 3vrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help
 :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
 :mime-version:references:in-reply-to:message-id:date:to:from
 :dkim-signature:delivered-to;
 bh=0ZaTEJFV+bv26lu+4Fgq/s0UluU8wHT+YkfZxuR10HI=;
 b=qgCsoUb97pBvYgZHzlnoBVbFlCDvBgxJr07rIFr2yL7XXwT8ZmRAGRVZ0iT16wwDTw
 YF7phzXpsZXobdLlAeRq3JMoZK7/LDir97DLyX+n7olUHwbBAylXCI6kLgPXAv0kt1Ad
 FMD3vqOAgiSmB1b10LZ468vjcvuH6wNGfwuxiwH2/aGxY+niadts+UqvSIKg4aNzpYM3
 ymcU4h4F3nsUiaIpF5buV2zGf1cN0OMCoRjbDvp0r0vp4XYXcqGWwpRBgXAz+Wt0eh1N
 PLAnllRIZMiVtFyb5U+qQ0S9INOXNXw/D0YGKeAoWePiVqXnxsFutfwJmYbvQ0KV4LVe
 XPbw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=ay0Sl0i2; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1])
 by mx.google.com with ESMTPS id
 s12si3151639pgh.395.2019.01.06.23.15.32
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 06 Jan 2019 23:15:32 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender) client-ip=2001:19d0:306:5::1; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=ay0Sl0i2; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 20E70211B1138;
 Sun,  6 Jan 2019 23:15:27 -0800 (PST)
X-Original-To: edk2-devel@lists.01.org
Delivered-To: edk2-devel@lists.01.org
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2a00:1450:4864:20::544; helo=mail-ed1-x544.google.com;
 envelope-from=ard.biesheuvel@linaro.org;
 receiver=edk2-devel@lists.01.org 
Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com
 [IPv6:2a00:1450:4864:20::544])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B6638211B112F
 for <edk2-devel@lists.01.org>; Sun,  6 Jan 2019 23:15:25 -0800 (PST)
Received: by mail-ed1-x544.google.com with SMTP id d39so36889269edb.12
 for <edk2-devel@lists.01.org>; Sun, 06 Jan 2019 23:15:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=Je5vHpyCJ7SSeFxKfHuAMdDuYVQP+0n14sZ2kw0Kvhc=;
 b=ay0Sl0i21740H+9UTn34NNfKtXtMcmIWiy1a9NLpRZeR4APmRw2aGruiPzPDH7NPGJ
 ZIM3MW0FHk36W1Ds+Ur55jvpAbDjvcKFd4mJlu5is0SkVA4uy4hM/dBuyHknCYMIgpO7
 uLO31CmHrBNwyQCIT6ysSlKbR4NBx9cRczzDs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=Je5vHpyCJ7SSeFxKfHuAMdDuYVQP+0n14sZ2kw0Kvhc=;
 b=R3TyjVLyQb3JzmonYovuLGiyiV4gawOT7UmVYoWwutN/ynIUvoPFFQRNXnA6L4l66l
 M9GlyEL02o9ue4Kwt8atHFUwTGH3ksSqATk+mi0ADb1nI1Um58qHsbfTOAKY8uuwOE0s
 9vWIA45RN2KpqM6jVFQycGerTF2hO9V9Gjzf2xkY7oZFe+Vh8dAVj0hQgblZpc2CAyhT
 fMrzDSoAVYRkhQlMSrJx9Ej1jrvzqKPzVAwaXSE/uwNMWSXWPQKBumWdn1NcGWmpfVoN
 NvXWe/jfsmEPVpgP4UMXENP67MtcLv9fdNYy8R9w6XQ95Ty9nUNbvPMKvA6tVyEDTWsQ
 5I1g==
X-Gm-Message-State: AA+aEWaX2fzUqWplettQkLcPjOZMU8wme71HRRLw2l4CtmZ7zWwDMjLK
 nukEOdEPYnipZjU/rZixHPIWB5T040AzZw==
X-Received: by 2002:aa7:d1d7:: with SMTP id
 g23mr52778571edp.217.1546845323904; 
 Sun, 06 Jan 2019 23:15:23 -0800 (PST)
Received: from chuckie.home ([2a01:cb1d:112:6f00:58f2:776e:9e23:a7ca])
 by smtp.gmail.com with ESMTPSA id
 t9sm30263693edd.25.2019.01.06.23.15.22
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 06 Jan 2019 23:15:23 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Date: Mon,  7 Jan 2019 08:15:02 +0100
Message-Id: <20190107071504.2431-4-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190107071504.2431-1-ard.biesheuvel@linaro.org>
References: <20190107071504.2431-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Subject: [edk2] [PATCH 3/5] ArmPkg/ArmMmuLib AARCH64: implement support for
 EFI_MEMORY_RP permissions
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

Wire up the access flag (AF) page table attribute to the EFI_MEMORY_RP
permission attribute, so that attempts to read from such a region will
trigger an access flag fault.

Note that this is a stronger notion than just read protection, since
it now implies that any write or execute attempt is trapped as well.
However, this does not really matter in practice since we never assume
that a read protected page is writable or executable, and StackGuard
and HeapGuard (which are the primary users of this facility) certainly
don't care.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c              |  5 +++--
 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 14 +++++++++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

-- 
2.20.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
index 3e216c7cb235..e62e3fa87112 100644
--- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
+++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c
@@ -223,8 +223,9 @@ EfiAttributeToArmAttribute (
     ArmAttributes = TT_ATTR_INDX_MASK;
   }
 
-  // Set the access flag to match the block attributes
-  ArmAttributes |= TT_AF;
+  if ((EfiAttributes & EFI_MEMORY_RP) == 0) {
+    ArmAttributes |= TT_AF;
+  }
 
   // Determine protection attributes
   if (EfiAttributes & EFI_MEMORY_RO) {
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
index e1fabfcbea14..b59c081a7e49 100644
--- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
+++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
@@ -102,6 +102,10 @@ PageAttributeToGcdAttribute (
     GcdAttributes |= EFI_MEMORY_XP;
   }
 
+  if ((PageAttributes & TT_AF) == 0) {
+    GcdAttributes |= EFI_MEMORY_RP;
+  }
+
   return GcdAttributes;
 }
 
@@ -451,7 +455,11 @@ GcdAttributeToPageAttribute (
     PageAttributes |= TT_AP_RO_RO;
   }
 
-  return PageAttributes | TT_AF;
+  if ((GcdAttributes & EFI_MEMORY_RP) == 0) {
+    PageAttributes |= TT_AF;
+  }
+
+  return PageAttributes;
 }
 
 EFI_STATUS
@@ -474,9 +482,9 @@ ArmSetMemoryAttributes (
     // No memory type was set in Attributes, so we are going to update the
     // permissions only.
     //
-    PageAttributes &= TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK;
+    PageAttributes &= TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF;
     PageAttributeMask = ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK |
-                          TT_PXN_MASK | TT_XN_MASK);
+                          TT_PXN_MASK | TT_XN_MASK | TT_AF);
   }
 
   TranslationTable = ArmGetTTBR0BaseAddress ();