From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::544; helo=mail-ed1-x544.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B6638211B112F for ; Sun, 6 Jan 2019 23:15:25 -0800 (PST) Received: by mail-ed1-x544.google.com with SMTP id d39so36889269edb.12 for ; Sun, 06 Jan 2019 23:15:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Je5vHpyCJ7SSeFxKfHuAMdDuYVQP+0n14sZ2kw0Kvhc=; b=ay0Sl0i21740H+9UTn34NNfKtXtMcmIWiy1a9NLpRZeR4APmRw2aGruiPzPDH7NPGJ ZIM3MW0FHk36W1Ds+Ur55jvpAbDjvcKFd4mJlu5is0SkVA4uy4hM/dBuyHknCYMIgpO7 uLO31CmHrBNwyQCIT6ysSlKbR4NBx9cRczzDs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Je5vHpyCJ7SSeFxKfHuAMdDuYVQP+0n14sZ2kw0Kvhc=; b=R3TyjVLyQb3JzmonYovuLGiyiV4gawOT7UmVYoWwutN/ynIUvoPFFQRNXnA6L4l66l M9GlyEL02o9ue4Kwt8atHFUwTGH3ksSqATk+mi0ADb1nI1Um58qHsbfTOAKY8uuwOE0s 9vWIA45RN2KpqM6jVFQycGerTF2hO9V9Gjzf2xkY7oZFe+Vh8dAVj0hQgblZpc2CAyhT fMrzDSoAVYRkhQlMSrJx9Ej1jrvzqKPzVAwaXSE/uwNMWSXWPQKBumWdn1NcGWmpfVoN NvXWe/jfsmEPVpgP4UMXENP67MtcLv9fdNYy8R9w6XQ95Ty9nUNbvPMKvA6tVyEDTWsQ 5I1g== X-Gm-Message-State: AA+aEWaX2fzUqWplettQkLcPjOZMU8wme71HRRLw2l4CtmZ7zWwDMjLK nukEOdEPYnipZjU/rZixHPIWB5T040AzZw== X-Google-Smtp-Source: AFSGD/V0B2Kp/hKsoPZ1trILJOmKH82SHMUvIk9f2myeyF66dc1fe/9RvX/nC4nR274xUryNvarRbA== X-Received: by 2002:aa7:d1d7:: with SMTP id g23mr52778571edp.217.1546845323904; Sun, 06 Jan 2019 23:15:23 -0800 (PST) Received: from chuckie.home ([2a01:cb1d:112:6f00:58f2:776e:9e23:a7ca]) by smtp.gmail.com with ESMTPSA id t9sm30263693edd.25.2019.01.06.23.15.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 06 Jan 2019 23:15:23 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Mon, 7 Jan 2019 08:15:02 +0100 Message-Id: <20190107071504.2431-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190107071504.2431-1-ard.biesheuvel@linaro.org> References: <20190107071504.2431-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Subject: [PATCH 3/5] ArmPkg/ArmMmuLib AARCH64: implement support for EFI_MEMORY_RP permissions X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2019 07:15:26 -0000 Content-Transfer-Encoding: 8bit Wire up the access flag (AF) page table attribute to the EFI_MEMORY_RP permission attribute, so that attempts to read from such a region will trigger an access flag fault. Note that this is a stronger notion than just read protection, since it now implies that any write or execute attempt is trapped as well. However, this does not really matter in practice since we never assume that a read protected page is writable or executable, and StackGuard and HeapGuard (which are the primary users of this facility) certainly don't care. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 5 +++-- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 14 +++++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c index 3e216c7cb235..e62e3fa87112 100644 --- a/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c +++ b/ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c @@ -223,8 +223,9 @@ EfiAttributeToArmAttribute ( ArmAttributes = TT_ATTR_INDX_MASK; } - // Set the access flag to match the block attributes - ArmAttributes |= TT_AF; + if ((EfiAttributes & EFI_MEMORY_RP) == 0) { + ArmAttributes |= TT_AF; + } // Determine protection attributes if (EfiAttributes & EFI_MEMORY_RO) { diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c index e1fabfcbea14..b59c081a7e49 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -102,6 +102,10 @@ PageAttributeToGcdAttribute ( GcdAttributes |= EFI_MEMORY_XP; } + if ((PageAttributes & TT_AF) == 0) { + GcdAttributes |= EFI_MEMORY_RP; + } + return GcdAttributes; } @@ -451,7 +455,11 @@ GcdAttributeToPageAttribute ( PageAttributes |= TT_AP_RO_RO; } - return PageAttributes | TT_AF; + if ((GcdAttributes & EFI_MEMORY_RP) == 0) { + PageAttributes |= TT_AF; + } + + return PageAttributes; } EFI_STATUS @@ -474,9 +482,9 @@ ArmSetMemoryAttributes ( // No memory type was set in Attributes, so we are going to update the // permissions only. // - PageAttributes &= TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK; + PageAttributes &= TT_AP_MASK | TT_UXN_MASK | TT_PXN_MASK | TT_AF; PageAttributeMask = ~(TT_ADDRESS_MASK_BLOCK_ENTRY | TT_AP_MASK | - TT_PXN_MASK | TT_XN_MASK); + TT_PXN_MASK | TT_XN_MASK | TT_AF); } TranslationTable = ArmGetTTBR0BaseAddress (); -- 2.20.1