From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <sughosh.ganu@arm.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=217.140.101.70; helo=foss.arm.com;
envelope-from=sughosh.ganu@arm.com; receiver=edk2-devel@lists.01.org
Received: from foss.arm.com (foss.arm.com [217.140.101.70])
by ml01.01.org (Postfix) with ESMTP id D544220D7ADFC
for <edk2-devel@lists.01.org>; Fri, 20 Jul 2018 05:38:50 -0700 (PDT)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B5F357A9;
Fri, 20 Jul 2018 05:38:50 -0700 (PDT)
Received: from usa.arm.com (a074948-lin.blr.arm.com [10.162.4.138])
by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 2F8713F246;
Fri, 20 Jul 2018 05:38:48 -0700 (PDT)
From: Sughosh Ganu <sughosh.ganu@arm.com>
To: edk2-devel@lists.01.org
Cc: Leif Lindholm <leif.lindholm@linaro.com>,
Achin Gupta <achin.gupta@arm.com>, Sughosh Ganu <sughosh.ganu@arm.com>
Date: Fri, 20 Jul 2018 18:08:20 +0530
Message-Id: <1532090300-5250-8-git-send-email-sughosh.ganu@arm.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1532090300-5250-1-git-send-email-sughosh.ganu@arm.com>
References: <1532090300-5250-1-git-send-email-sughosh.ganu@arm.com>
Subject: [PATCH v2 7/7] ArmPkg: Extra action to update permissions for S-ELO MM Image
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
<mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
<mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 12:38:51 -0000
From: Achin Gupta <achin.gupta@arm.com>
The Standalone MM drivers runs in S-EL0 in AArch64 on ARM Standard
Platforms and is deployed during SEC phase. The memory allocated to
the Standalone MM drivers should be marked as RO+X.
During PE/COFF Image section parsing, this patch implements extra
action "UpdatePeCoffPermissions" to request the privileged firmware in
EL3 to update the permissions.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
---
ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf | 7 +
ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c | 171 +++++++++++++++++++-
2 files changed, 176 insertions(+), 2 deletions(-)
diff --git a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf
index c1f717e5bda1..38bf3993ae99 100644
--- a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf
+++ b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf
@@ -33,7 +33,14 @@ [Sources.common]
DebugPeCoffExtraActionLib.c
[Packages]
+ ArmPkg/ArmPkg.dec
MdePkg/MdePkg.dec
+ StandaloneMmPkg/StandaloneMmPkg.dec
+
+[FeaturePcd]
+ gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable
[LibraryClasses]
+ ArmMmuLib
DebugLib
+ PcdLib
diff --git a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c
index f298e58cdfca..8e621de4a87a 100644
--- a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c
+++ b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c
@@ -15,14 +15,165 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <PiDxe.h>
-#include <Library/PeCoffLib.h>
+#include <Library/ArmMmuLib.h>
#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PeCoffLib.h>
#include <Library/PeCoffExtraActionLib.h>
#include <Library/PrintLib.h>
+typedef RETURN_STATUS (*REGION_PERMISSION_UPDATE_FUNC) (
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length
+ );
+
+STATIC
+RETURN_STATUS
+UpdatePeCoffPermissions (
+ IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,
+ IN REGION_PERMISSION_UPDATE_FUNC NoExecUpdater,
+ IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater
+ )
+{
+ RETURN_STATUS Status;
+ EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;
+ EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData;
+ UINTN Size;
+ UINTN ReadSize;
+ UINT32 SectionHeaderOffset;
+ UINTN NumberOfSections;
+ UINTN Index;
+ EFI_IMAGE_SECTION_HEADER SectionHeader;
+ PE_COFF_LOADER_IMAGE_CONTEXT TmpContext;
+ EFI_PHYSICAL_ADDRESS Base;
+
+ //
+ // We need to copy ImageContext since PeCoffLoaderGetImageInfo ()
+ // will mangle the ImageAddress field
+ //
+ CopyMem (&TmpContext, ImageContext, sizeof (TmpContext));
+
+ if (TmpContext.PeCoffHeaderOffset == 0) {
+ Status = PeCoffLoaderGetImageInfo (&TmpContext);
+ if (RETURN_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR,
+ "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n",
+ __FUNCTION__, Status));
+ return Status;
+ }
+ }
+
+ if (TmpContext.IsTeImage &&
+ TmpContext.ImageAddress == ImageContext->ImageAddress) {
+ DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__,
+ ImageContext->ImageAddress));
+ return RETURN_SUCCESS;
+ }
+
+ if (TmpContext.SectionAlignment < EFI_PAGE_SIZE) {
+ //
+ // The sections need to be at least 4 KB aligned, since that is the
+ // granularity at which we can tighten permissions. So just clear the
+ // noexec permissions on the entire region.
+ //
+ if (!TmpContext.IsTeImage) {
+ DEBUG ((DEBUG_WARN,
+ "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",
+ __FUNCTION__, ImageContext->ImageAddress, TmpContext.SectionAlignment));
+ }
+ Base = ImageContext->ImageAddress & ~(EFI_PAGE_SIZE - 1);
+ Size = ImageContext->ImageAddress - Base + ImageContext->ImageSize;
+ return NoExecUpdater (Base, ALIGN_VALUE (Size, EFI_PAGE_SIZE));
+ }
+
+ //
+ // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much
+ // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic
+ // determines if this is a PE32 or PE32+ image. The magic is in the same
+ // location in both images.
+ //
+ Hdr.Union = &HdrData;
+ Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);
+ ReadSize = Size;
+ Status = TmpContext.ImageRead (TmpContext.Handle,
+ TmpContext.PeCoffHeaderOffset, &Size, Hdr.Pe32);
+ if (RETURN_ERROR (Status) || (Size != ReadSize)) {
+ DEBUG ((DEBUG_ERROR,
+ "%a: TmpContext.ImageRead () failed (Status = %r)\n",
+ __FUNCTION__, Status));
+ return Status;
+ }
+
+ ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);
+
+ SectionHeaderOffset = TmpContext.PeCoffHeaderOffset + sizeof (UINT32) +
+ sizeof (EFI_IMAGE_FILE_HEADER);
+ NumberOfSections = (UINTN)(Hdr.Pe32->FileHeader.NumberOfSections);
+
+ switch (Hdr.Pe32->OptionalHeader.Magic) {
+ case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:
+ SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;
+ break;
+ case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:
+ SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;
+ break;
+ default:
+ ASSERT (FALSE);
+ }
+
+ //
+ // Iterate over the sections
+ //
+ for (Index = 0; Index < NumberOfSections; Index++) {
+ //
+ // Read section header from file
+ //
+ Size = sizeof (EFI_IMAGE_SECTION_HEADER);
+ ReadSize = Size;
+ Status = TmpContext.ImageRead (TmpContext.Handle, SectionHeaderOffset,
+ &Size, &SectionHeader);
+ if (RETURN_ERROR (Status) || (Size != ReadSize)) {
+ DEBUG ((DEBUG_ERROR,
+ "%a: TmpContext.ImageRead () failed (Status = %r)\n",
+ __FUNCTION__, Status));
+ return Status;
+ }
+
+ Base = TmpContext.ImageAddress + SectionHeader.VirtualAddress;
+
+ if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) {
+
+ if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) == 0 &&
+ TmpContext.ImageType != EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER) {
+
+ DEBUG ((DEBUG_INFO,
+ "%a: Mapping section %d of image at 0x%lx with RO-XN permissions and size 0x%x\n",
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));
+ ReadOnlyUpdater (Base, SectionHeader.Misc.VirtualSize);
+ } else {
+ DEBUG ((DEBUG_WARN,
+ "%a: Mapping section %d of image at 0x%lx with RW-XN permissions and size 0x%x\n",
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));
+ }
+ } else {
+ DEBUG ((DEBUG_INFO,
+ "%a: Mapping section %d of image at 0x%lx with RO-XN permissions and size 0x%x\n",
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));
+ ReadOnlyUpdater (Base, SectionHeader.Misc.VirtualSize);
+
+ DEBUG ((DEBUG_INFO,
+ "%a: Mapping section %d of image at 0x%lx with RO-X permissions and size 0x%x\n",
+ __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize));
+ NoExecUpdater (Base, SectionHeader.Misc.VirtualSize);
+ }
+
+ SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER);
+ }
+ return RETURN_SUCCESS;
+}
/**
If the build is done on cygwin the paths are cygpaths.
@@ -83,6 +234,14 @@ PeCoffLoaderRelocateImageExtraAction (
CHAR8 Temp[512];
#endif
+ if (PcdGetBool(PcdStandaloneMmEnable) == TRUE) {
+ UpdatePeCoffPermissions (
+ ImageContext,
+ ArmClearMemoryRegionNoExec,
+ ArmSetMemoryRegionReadOnly
+ );
+ }
+
if (ImageContext->PdbPointer) {
#ifdef __CC_ARM
#if (__ARMCC_VERSION < 500000)
@@ -125,6 +284,14 @@ PeCoffLoaderUnloadImageExtraAction (
CHAR8 Temp[512];
#endif
+ if (PcdGetBool(PcdStandaloneMmEnable) == TRUE) {
+ UpdatePeCoffPermissions (
+ ImageContext,
+ ArmSetMemoryRegionNoExec,
+ ArmClearMemoryRegionReadOnly
+ );
+ }
+
if (ImageContext->PdbPointer) {
#ifdef __CC_ARM
// Print out the command for the RVD debugger to load symbols for this image
--
2.7.4