From patchwork Tue Jun 30 10:17:22 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 50447
Return-Path: <patchwork-forward+bncBDYNJBOFRECBBOO2ZGWAKGQEH6IDBIA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f197.google.com (mail-wi0-f197.google.com
 [209.85.212.197])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 1D79C229DF
 for <linaro@patches.linaro.org>; Tue, 30 Jun 2015 10:19:38 +0000 (UTC)
Received: by wiwz6 with SMTP id z6sf4939787wiw.0
 for <linaro@patches.linaro.org>; Tue, 30 Jun 2015 03:19:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id
 :in-reply-to:references:cc:precedence:list-id:list-unsubscribe
 :list-archive:list-post:list-help:list-subscribe:mime-version
 :content-type:content-transfer-encoding:sender:errors-to
 :x-original-sender:x-original-authentication-results:mailing-list;
 bh=6iPJTn7cCeDSpRjmRzyZvgRDJzZKqLTuuYsplFHEnSM=;
 b=QKPoKGUDtG09UYx2B2jK/S8KAI19DnXV4gIL6Eoic3dGXrE//W9/o/AaflwcR5ZvjF
 pwC4vc1kZMe0liEUl1o+mc0lCtXS7vZzEo6qiYrXC5RHX+R70LiaWXKhea2BuLCOXN0c
 UbLDuQQ9bCFDFanh8atyfAbCcTNWE5mmCHbgs1TbUE6cldJNChggYcLotYmmmj48T+iZ
 Rd5F33wr+4KLxfxkNYvuW9U+5+AUozMCuiWV7MJYq5YiCMFQcbQ5KOneQ72bS8wQIzBE
 Cqvd76Mk6/deRW67C3qkPcQhdTxPD1UuftoBnbBBTbISBEfcEXYDnlXPECfCuXYws9JS
 1AbA==
X-Gm-Message-State: ALoCoQkFU2leq8u88Tbzjfv/ljRyuA1BfhaGLlugTEwPtcDuq9IOtKuUTxeaxrPYN34Y8cYG7pFR
X-Received: by 10.195.18.70 with SMTP id gk6mr12197690wjd.6.1435659577446;
 Tue, 30 Jun 2015 03:19:37 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.5.167 with SMTP id t7ls20083lat.47.gmail;
 Tue, 30 Jun 2015 03:19:37 -0700 (PDT)
X-Received: by 10.152.26.163 with SMTP id m3mr18858164lag.86.1435659577145; 
 Tue, 30 Jun 2015 03:19:37 -0700 (PDT)
Received: from mail-la0-f42.google.com (mail-la0-f42.google.com.
 [209.85.215.42]) by mx.google.com with ESMTPS id
 yr2si27753906lbb.117.2015.06.30.03.19.37
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 30 Jun 2015 03:19:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.42 as permitted sender) client-ip=209.85.215.42; 
Received: by lagc2 with SMTP id c2so7187894lag.3
 for <patchwork-forward@linaro.org>;
 Tue, 30 Jun 2015 03:19:36 -0700 (PDT)
X-Received: by 10.112.126.101 with SMTP id mx5mr19166998lbb.35.1435659576920; 
 Tue, 30 Jun 2015 03:19:36 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.108.230 with SMTP id hn6csp2333889lbb;
 Tue, 30 Jun 2015 03:19:35 -0700 (PDT)
X-Received: by 10.66.157.136 with SMTP id wm8mr27564490pab.117.1435659575116; 
 Tue, 30 Jun 2015 03:19:35 -0700 (PDT)
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 fu16si69464214pdb.173.2015.06.30.03.19.34 for <patch@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 30 Jun 2015 03:19:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 client-ip=2001:1868:205::9; 
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1Z9scP-0004c6-8H; Tue, 30 Jun 2015 10:18:21 +0000
Received: from mail-wi0-f182.google.com ([209.85.212.182])
 by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
 Linux)) id 1Z9sc2-0004R5-4R for linux-arm-kernel@lists.infradead.org;
 Tue, 30 Jun 2015 10:17:59 +0000
Received: by wiga1 with SMTP id a1so93876569wig.0
 for <linux-arm-kernel@lists.infradead.org>;
 Tue, 30 Jun 2015 03:17:35 -0700 (PDT)
X-Received: by 10.194.21.70 with SMTP id t6mr40861977wje.74.1435659455103;
 Tue, 30 Jun 2015 03:17:35 -0700 (PDT)
Received: from localhost.localdomain ([185.13.106.91])
 by mx.google.com with ESMTPSA id
 y19sm16272083wia.15.2015.06.30.03.17.32
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 30 Jun 2015 03:17:34 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org, linux-efi@vger.kernel.org,
 matt.fleming@intel.com, mark.rutland@arm.com
Subject: [PATCH 1/2] arm64/efi: base UEFI mapping permissions on region
 attributes
Date: Tue, 30 Jun 2015 12:17:22 +0200
Message-Id: <1435659443-17625-2-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1435659443-17625-1-git-send-email-ard.biesheuvel@linaro.org>
References: <1435659443-17625-1-git-send-email-ard.biesheuvel@linaro.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20150630_031758_356263_BDE5CD10
X-CRM114-Status: GOOD (  15.75  )
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
 Content analysis details:   (-2.6 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
 low trust [209.85.212.182 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [209.85.212.182 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
Cc: roy.franz@linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 lersek@redhat.com, leif.lindholm@linaro.org, msalter@redhat.com
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: ard.biesheuvel@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.42 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

Currently, we infer the UEFI memory region mapping permissions
from the memory region type (i.e., runtime services code are
mapped RWX and runtime services data mapped RW-). This appears to
work fine but is not entirely UEFI spec compliant. So instead, use
the designated permission attributes to decide how these regions
should be mapped.

Since UEFIv2.5 introduces a new EFI_MEMORY_RO permission attribute,
and redefines EFI_MEMORY_WP as a cacheability attribute, use only
the former as a read-only attribute. For setting the PXN bit, the
corresponding EFI_MEMORY_XP attribute is used.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/kernel/efi.c | 32 +++++++++++++-------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c
index ab21e0d58278..5dcab58d5d30 100644
--- a/arch/arm64/kernel/efi.c
+++ b/arch/arm64/kernel/efi.c
@@ -247,20 +247,30 @@ static bool __init efi_virtmap_init(void)
 		memrange_efi_to_native(&paddr, &npages);
 		size = npages << PAGE_SHIFT;
 
-		pr_info("  EFI remap 0x%016llx => %p\n",
-			md->phys_addr, (void *)md->virt_addr);
-
-		/*
-		 * Only regions of type EFI_RUNTIME_SERVICES_CODE need to be
-		 * executable, everything else can be mapped with the XN bits
-		 * set.
-		 */
 		if (!is_normal_ram(md))
 			prot = __pgprot(PROT_DEVICE_nGnRE);
-		else if (md->type == EFI_RUNTIME_SERVICES_CODE)
-			prot = PAGE_KERNEL_EXEC;
 		else
-			prot = PAGE_KERNEL;
+			prot = PAGE_KERNEL_EXEC;
+
+		/*
+		 * On 64 KB granule kernels, only use strict permissions when
+		 * the region does not share a 64 KB page frame with another
+		 * region at either end.
+		 */
+		if (!IS_ENABLED(CONFIG_ARM64_64K_PAGES) ||
+		    !(md->virt_addr % PAGE_SIZE ||
+		      (md->phys_addr + md->num_pages * EFI_PAGE_SIZE) % PAGE_SIZE)) {
+
+			if (md->attribute & EFI_MEMORY_RO)
+				prot |= __pgprot(PTE_RDONLY);
+			if (md->attribute & EFI_MEMORY_XP)
+				prot |= __pgprot(PTE_PXN);
+		}
+
+		pr_info("  EFI remap 0x%016llx => %p (R%c%c)\n",
+			md->phys_addr, (void *)md->virt_addr,
+			prot & __pgprot(PTE_RDONLY) ? '-' : 'W',
+			prot & __pgprot(PTE_PXN) ? '-' : 'X');
 
 		create_pgd_mapping(&efi_mm, paddr, md->virt_addr, size, prot);
 	}