From patchwork Fri Jun 15 12:42:28 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Graf <agraf@suse.de>
X-Patchwork-Id: 138686
Delivered-To: patch@linaro.org
Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp804474lji;
 Fri, 15 Jun 2018 05:50:00 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLWCCS3obbWfW5O5wPOP8cw6QwuwIb+BL+Ygthz2PR9OIeFmspfsUqECZa7rDlIHsTRscsw
X-Received: by 2002:a50:b6bc:: with SMTP id
 d57-v6mr1825518ede.250.1529067000051; 
 Fri, 15 Jun 2018 05:50:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1529067000; cv=none;
 d=google.com; s=arc-20160816;
 b=CUpWcVMbd3oIWaGILsYCj4dDzsP54JelBwl7euX4PdqxNjIeOGuJLSOvLQ1WiIRU7/
 8RZNUd9L/tPKGPVE6kg/0Xo98gYZlrjWYqPY9XFVeektdFH5SAjSxCY/0H/90a8otVQ+
 M5Kzx5oSgoFHZ+0XMkouM3MxfaCVa33Rwu+oKQ3uBEVjThj2XFX9Z6Uf6OtPy2bsdgZV
 VEj7vU+9thEbRi686tajSrNpfYV6jLUUmRdHRxIhF9VgM7gLQeDy8bhQFQBuONfokgMF
 cH3IbDvO3aiqSBYhJ14Gtjgqdkh6mjSEgCuqutimOjxREuKnXxfXSS2IS0a9LRPgqj5k
 FMKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:cc:references:in-reply-to:message-id
 :date:to:from:arc-authentication-results;
 bh=NhCH80twytFmgIBZiSayc+VQzKNYQ/LlTahNS8gEchc=;
 b=mWcFSFkf7SKEjP8u8KRwmTw7RfFL3FUdJLUa6aTEh4KT4+hfTaMIwjsU/4E8fIRP0R
 xySJticWOkXW9lPbx4NBpAQCz09zJiz2XrBB9ACYH3rZ71O35P4mwhg+VaHVZpxxD68X
 Ymi9zUdFDzCr89rHzHBImxZOzHniROJONIYSr35GCeQt/luOhJYyZGqQx73yKksBEF+a
 2XU0W5GbOA1tokWxpxzu7XD/D6TxL4dulWfsGEifmK3FIGj0TaJGTGFoT0Agfv58T1Hw
 4ZWMewK/Nr+YRSpsZ4IoQAvV9P5RrxbG/VH+szBRa/7HPmdCThuk3SXWnqpfgeNKRZ5m
 geAw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id
 b11-v6si5300147edi.277.2018.06.15.05.49.59; 
 Fri, 15 Jun 2018 05:50:00 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by lists.denx.de (Postfix, from userid 105)
 id 97DBDC21F19; Fri, 15 Jun 2018 12:48:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable
 autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id C7B22C21F7D;
 Fri, 15 Jun 2018 12:42:46 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id EADA3C21EA6; Fri, 15 Jun 2018 12:42:34 +0000 (UTC)
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
 by lists.denx.de (Postfix) with ESMTPS id EB78CC21EB1
 for <u-boot@lists.denx.de>; Fri, 15 Jun 2018 12:42:31 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext-too.suse.de [195.135.220.254])
 by mx2.suse.de (Postfix) with ESMTP id 47568AF91;
 Fri, 15 Jun 2018 12:42:31 +0000 (UTC)
From: Alexander Graf <agraf@suse.de>
To: u-boot@lists.denx.de
Date: Fri, 15 Jun 2018 14:42:28 +0200
Message-Id: <20180615124229.35310-17-agraf@suse.de>
X-Mailer: git-send-email 2.12.3
In-Reply-To: <20180615124229.35310-1-agraf@suse.de>
References: <20180615124229.35310-1-agraf@suse.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [U-Boot] [PATCH v3 16/17] sandbox: Allow to execute from RAM
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

With efi_loader, we may want to execute payload from RAM. By default,
permissions on the RAM region don't allow us to execute from there though.

So whenever we get into the efi_loader case, let's mark RAM as executable.
That way we still protect normal cases, but allow for efi binaries to
directly get executed from within RAM.

For this, we hook into the already existing allow_unaligned() call which
also transitions the system over into semantics required by the UEFI
specification.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 arch/sandbox/cpu/cpu.c | 10 ++++++++++
 arch/sandbox/cpu/os.c  | 23 +++++++++++++++++++++++
 include/os.h           | 19 +++++++++++++++++++
 3 files changed, 52 insertions(+)

diff --git a/arch/sandbox/cpu/cpu.c b/arch/sandbox/cpu/cpu.c
index b20894b806..944f104899 100644
--- a/arch/sandbox/cpu/cpu.c
+++ b/arch/sandbox/cpu/cpu.c
@@ -162,3 +162,13 @@ void longjmp(jmp_buf jmp, int ret)
 	while (1)
 		;
 }
+
+void allow_unaligned(void)
+{
+	int r;
+
+	r = os_mprotect(gd->arch.ram_buf, gd->ram_size,
+			OS_PROT_READ | OS_PROT_WRITE | OS_PROT_EXEC);
+
+	assert(!r);
+}
diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c
index 5839932b00..81206ba0d2 100644
--- a/arch/sandbox/cpu/os.c
+++ b/arch/sandbox/cpu/os.c
@@ -183,6 +183,29 @@ void *os_realloc(void *ptr, size_t length)
 	return buf;
 }
 
+int os_mprotect(void *ptr, size_t length, int prot)
+{
+	struct os_mem_hdr *hdr = ptr;
+	int p = 0;
+
+	if ((uintptr_t)ptr & sizeof(*hdr)) {
+		/*
+		 * We got an unaligned pointer, probably a return value
+		 * from os_malloc()
+		 */
+		ptr = &hdr[-1];
+	}
+
+	if (prot & OS_PROT_READ)
+		p |= PROT_READ;
+	if (prot & OS_PROT_WRITE)
+		p |= PROT_WRITE;
+	if (prot & OS_PROT_EXEC)
+		p |= PROT_EXEC;
+
+	return mprotect(ptr, length, p);
+}
+
 void os_usleep(unsigned long usec)
 {
 	usleep(usec);
diff --git a/include/os.h b/include/os.h
index c8e0f52d30..d451e12064 100644
--- a/include/os.h
+++ b/include/os.h
@@ -157,6 +157,25 @@ void os_free(void *ptr);
 void *os_realloc(void *ptr, size_t length);
 
 /**
+ * Modify protection of a memory region
+ *
+ * This function changes the memory protection scheme of a given memory
+ * region. Using it you can for example allow execution of memory that
+ * would otherwise prohibit it.
+ *
+ * \param ptr		Pointer to memory region to modify
+ * \param length	New length for memory block
+ * \param prot		New protection scheme (ORed OS_PROT_ values)
+ * \return 0 on success, -1 otherwise.
+ */
+int os_mprotect(void *ptr, size_t length, int prot);
+
+/* Defines for "prot" in os_mprotect() */
+#define OS_PROT_READ	0x1
+#define OS_PROT_WRITE	0x2
+#define OS_PROT_EXEC	0x4
+
+/**
  * Access to the usleep function of the os
  *
  * \param usec Time to sleep in micro seconds