From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (EUR04-VI1-obe.outbound.protection.outlook.com [40.107.8.57]) by mx.groups.io with SMTP id smtpd.web12.289.1614273090537048871 for ; Thu, 25 Feb 2021 09:11:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=i4XO2EZD; spf=pass (domain: arm.com, ip: 40.107.8.57, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i2t4DOgGrntPzEXKAKX7NPwYp2VbtV3TtELWbrDmPUs=; b=i4XO2EZDs5R+qy+EOCS47PmAUrcCRtlJbriLHxXQ97joXaO5FS3BR0Uskir12WSWE5hJyDDEQnRHLmbv9lvm4Isna+wmntgZbi4WjtvanDlIqf86rSiKvaS2vITugs0yu5FjMCRUl3vVxHDr9YN2BxWP++maC+e0zbr++p9AbgQ= Received: from DB6P18901CA0010.EURP189.PROD.OUTLOOK.COM (2603:10a6:4:16::20) by AM6PR08MB3207.eurprd08.prod.outlook.com (2603:10a6:209:42::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Thu, 25 Feb 2021 17:11:26 +0000 Received: from DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:16:cafe::6b) by DB6P18901CA0010.outlook.office365.com (2603:10a6:4:16::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Thu, 25 Feb 2021 17:11:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT042.mail.protection.outlook.com (10.152.21.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Thu, 25 Feb 2021 17:11:26 +0000 Received: ("Tessian outbound 9eff4099a602:v71"); Thu, 25 Feb 2021 17:11:26 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 1836ae79b67e3f9a X-CR-MTA-TID: 64aa7808 Received: from d1749eae85f8.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 34C92800-D002-4A2B-A5D9-7B92545F726B.1; Thu, 25 Feb 2021 17:11:17 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d1749eae85f8.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 25 Feb 2021 17:11:17 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TmdLKLS45yA8AHq+SKRQc6P2SfRF2XW5YopmWOf3nsXeFko+QZG4zR/DBpJoer1L/kWse5iHotBrE2W6sAkkQkm36Vn1PgdxVgV3QNNlhz4Fka6fXNPFfrkGFWqSxyUHg8FrMK58htc3u9dmHGdcRRrsGjKHeP17n+Jnd7aC35g5hrA8JaRcL5y3eeGi8ZQrwoVs8VbH5FMpovh/ZJawLwHeAnI9anOfd5obGxNP4xYzmeBY7vB33AfP+IUIveoIo0SMHY0iV1dA5O6WqHvRCzXDXIPNNpkVz/Zy6QElXvVrNqVzp4nP2E3lYo1Lm6iWzJslBAk5jArB2Jtrl2JI3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i2t4DOgGrntPzEXKAKX7NPwYp2VbtV3TtELWbrDmPUs=; b=c7HcOK0T58SU5yaM8gV8kY4cimQa/BlStZ48Exte+AJ/3gSKoW8H8mAaF+q7U4sayxyjzoLdccv43gqlKITVSpNQ11rRS8DQLWfpk5ZbXQ8WsPfFq1PPXfrD0zkNN6B6Nssb5RpAUHCCgkcCFAXSFg9HMfbXly9uVoxFCcUiuIFQW4GvXEeNAoCGF1NEA3ZjqUPIzKTmivYHZ+RyTNCJh+WrvJbRi1SSRJ2fo3/bmBcvFMCBR1pXfFm2VWfA/g9uY9eZu4bwPihPVj/xo7o3KSTqfunEH3lj21DiYCD4AwlVZ3gaSbleg1HE51Sr1wq/VIdL4RtfDc9gMuLp/Tuxmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i2t4DOgGrntPzEXKAKX7NPwYp2VbtV3TtELWbrDmPUs=; b=i4XO2EZDs5R+qy+EOCS47PmAUrcCRtlJbriLHxXQ97joXaO5FS3BR0Uskir12WSWE5hJyDDEQnRHLmbv9lvm4Isna+wmntgZbi4WjtvanDlIqf86rSiKvaS2vITugs0yu5FjMCRUl3vVxHDr9YN2BxWP++maC+e0zbr++p9AbgQ= Received: from MR2P264CA0069.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:31::33) by AM9PR08MB6641.eurprd08.prod.outlook.com (2603:10a6:20b:306::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.20; Thu, 25 Feb 2021 17:11:15 +0000 Received: from VE1EUR03FT053.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:31:cafe::9d) by MR2P264CA0069.outlook.office365.com (2603:10a6:500:31::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.31 via Frontend Transport; Thu, 25 Feb 2021 17:11:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; Received: from nebula.arm.com (40.67.248.234) by VE1EUR03FT053.mail.protection.outlook.com (10.152.19.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3890.19 via Frontend Transport; Thu, 25 Feb 2021 17:11:14 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Thu, 25 Feb 2021 17:11:12 +0000 Received: from E107187.Arm.com (10.57.11.151) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2044.4 via Frontend Transport; Thu, 25 Feb 2021 17:11:11 +0000 From: "Sami Mujawar" To: CC: Sami Mujawar , , , , , , Subject: [PATCH v2 1/1] ArmPkg: Fix uninitialised variable in ArmMmuStandaloneMmLib Date: Thu, 25 Feb 2021 17:11:10 +0000 Message-ID: <20210225171110.41324-1-sami.mujawar@arm.com> X-Mailer: git-send-email 2.11.0.windows.3 MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 65a70efe-3f43-4e7d-d89e-08d8d9b06263 X-MS-TrafficTypeDiagnostic: AM9PR08MB6641:|AM6PR08MB3207: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:6790;OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 8t6lyLJcGhmaEwqxrIOPdS0uj7xh4o4j22TOoZx/YRCALhQYoDH3aMgRnWgKg6S3QSHaNrT9XEJ5J+20Ye/Q7jc4M6D7pssCaghi9gT5a4tjHSfAyFDjcHUztlkNY7ZGxQzwXmXr+4hTe9Cu22+u3Y3OLrmzHBIGCA0jYY2jXLDMDzqKL+YJfea7kmmoUiKOOqlPKXGTIbmBWGbQ64+uzU8rccBdsw0U8NTetTDrgykKknyf7tgywDQwTmhKUMOpz/5XiKIB9lDuvOp53D63gxm2r3KJKwjmvFAeetYMO3uFx9tBszbE+U1jGkgAzHaKtcHvkIL0d60SBsFlPDZbEiVrp+CMB3FbDGyAeoG7ZD7vq8u9nnI5Fgu9rXFFwLNZWUJ7JCLiY5SIx/8dAAZx7WfhKAM6PO3Bs0ejbwfuJnrMy0UBPG0cdjfrSz2aXpHjymrXgmvV05dADbrv6+SUzBkUnNurUkWEzOQvrfcw1JKnPxvOoxR46hToN133FwOyMazaTz+eYBm3HmMUl0iI0RvnsnZYtxpNrtfUu9nZz8IEO2NbUL8MfB3438laH0d63aBriIumB+r8OUnyU1I2MEXenoal3cfuQn/+c3eRYjPGYB8+0cDJ8IHJ/WeLADqoeei/LZ0qGUYcB8zEXrjPSRwR5WbfUxKyYK+3W35qs3kT1un1KqknpVmiqB9JGMCRChDox8PfmVQpm32SzRisUwog/ZuybY99SNg0/lBz0iIO+Ho3dWbmr6uLwQKhC2SD X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(6029001)(4636009)(346002)(376002)(136003)(396003)(39840400004)(36840700001)(46966006)(70206006)(70586007)(82310400003)(6916009)(4326008)(1076003)(47076005)(30864003)(36756003)(7696005)(426003)(36860700001)(54906003)(86362001)(186003)(478600001)(26005)(966005)(81166007)(8936002)(356005)(316002)(336012)(8676002)(2906002)(5660300002)(83380400001)(2616005)(19627235002)(44832011)(36900700001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR08MB6641 Return-Path: Sami.Mujawar@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 2f47d598-3db0-4ad1-034c-08d8d9b05bb9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: T/eTnjJUqgknhta/8KcxOKOfkDUUZT58pYJa2ZJAkz7NkYyBbFfbrgwPate+fdWmeoyEoYGRLNNkLx4lQIaNPKyE67NPvwUosu+YpuTZ8lk2szldMhxJQo+8nEc1SoU+X7xeWBJdnICHSmJfyEbRuSW7Mh683sLDueucvmbYPii5RzyUQVKw/FmvQAz1hUR5+hbEDIFAyY82F6SEWnbQj1zMc43tNazlHfdkvxbs7EKJ18T9cso+ZxXSKYGYGj2k9anhZ8vC7xhwx4jNIzVYFmwm8qVmO6py244IXkOwJD9yt+GrvUud7QuB7M0xaHHHQ3/IF6zs7KB36fPEdOB9ME/mldXFHE7EecjeQ4eytdt2/kuz1vV5upg/khsZO8ffNFeb62BzxjYFntSaM8ruLgizuhpklyusjiEpta1cPuBIOdrzdShQvGp7JTaCmdLwGQL4gTCDFzHqPXNaHYPOPKiwZ9Kvoq/HGP7lguY0WqF44hbGgoVP6eHxhVaVd5AFHQopC1o1b8wl/gmYA0XayqYWW0tsrdcZgZEE4SMG5evrW2aVg3dVuuA4dAI6gimJK2HGVUk4/N9bstn44SoW8v+xiXzzRf/c711gVvtZJTdrtpFdhOAnyHWHD5h/5ycQ6rV5aCJXBv92sihRjc5SqMHhn5itqKWIOSejnbyofkoyVd1cKXMOBwIuxzq7gLEWNtTjHp1A7JDDiGITJmvEubcK6Sqe356yq5WgfiKe/ys= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(6029001)(4636009)(46966006)(36840700001)(2906002)(36860700001)(36756003)(966005)(8676002)(7696005)(44832011)(6916009)(8936002)(426003)(2616005)(30864003)(47076005)(5660300002)(4326008)(70206006)(86362001)(70586007)(54906003)(186003)(19627235002)(498600001)(336012)(26005)(81166007)(83380400001)(82310400003)(1076003);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2021 17:11:26.1017 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 65a70efe-3f43-4e7d-d89e-08d8d9b06263 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT042.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3207 Content-Type: text/plain The following patches added support for StandaloneMM using FF-A: 9da5ee116a28 ArmPkg: Allow FF-A calls to set memory region's attributes 0e43e02b9bd8 ArmPkg: Allow FF-A calls to get memory region's attributes However, in the error handling logic for the Get/Set Memory attributes, the CLANG compiler reports that a status variable could be used without initialisation. This issue is a false positive and is not seen with GCC. The Get/Set Memory attributes operation is atomic and therefore an FFA_INTERRUPT or FFA_SUCCESS response is not expected in response to FFA_MSG_SEND_DIRECT_REQ. So the remaining cases that could occur are: - the target sends FFA_MSG_SEND_DIRECT_RESP with a success or failure code. or - FFA_MSG_SEND_DIRECT_REQ transmission failure. Therefore, - reorder the error handling conditions such that it prevents the uninitialised variable issue being flagged by CLANG. - move the repetitive code to a static helper function and add documentation at the appropriate places. - fix error handling in functions that invoke GetMemoryPermissions(). Signed-off-by: Sami Mujawar --- The changes can be seen at: https://github.com/samimujawar/edk2/tree/1657_stmm_ffa_fix_unused_var_v2 Notes: v2: - Move common code to a static helper function. [LEIF] - Updated based on review feedback. Also refactored, [SAMI] added documentation, and made some general improvements. ArmPkg/Library/StandaloneMmMmuLib/AArch64/ArmMmuStandaloneMmLib.c | 365 +++++++++++--------- 1 file changed, 200 insertions(+), 165 deletions(-) diff --git a/ArmPkg/Library/StandaloneMmMmuLib/AArch64/ArmMmuStandaloneMmLib.c b/ArmPkg/Library/StandaloneMmMmuLib/AArch64/ArmMmuStandaloneMmLib.c index a30369af9c91fb8045dfec7a68e2bd072706d101..5f453d18e4156b1e076f503de7c56ada411aaa25 100644 --- a/ArmPkg/Library/StandaloneMmMmuLib/AArch64/ArmMmuStandaloneMmLib.c +++ b/ArmPkg/Library/StandaloneMmMmuLib/AArch64/ArmMmuStandaloneMmLib.c @@ -1,10 +1,15 @@ /** @file -* File managing the MMU for ARMv8 architecture in S-EL0 -* -* Copyright (c) 2017 - 2021, Arm Limited. All rights reserved.
-* -* SPDX-License-Identifier: BSD-2-Clause-Patent -* + File managing the MMU for ARMv8 architecture in S-EL0 + + Copyright (c) 2017 - 2021, Arm Limited. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Reference(s): + - [1] SPM based on the MM interface. + (https://trustedfirmware-a.readthedocs.io/en/latest/components/ + secure-partition-manager-mm.html) + - [2] Arm Firmware Framework for Armv8-A, DEN0077A, version 1.0 + (https://developer.arm.com/documentation/den0077/a) **/ #include @@ -19,6 +24,126 @@ #include #include +/** Send memory permission request to target. + + @param [in, out] SvcArgs Pointer to SVC arguments to send. On + return it contains the response parameters. + @param [out] RetVal Pointer to return the response value. + + @retval EFI_SUCCESS Request successfull. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_NOT_READY Callee is busy or not in a state to handle + this request. + @retval EFI_UNSUPPORTED This function is not implemented by the + callee. + @retval EFI_ABORTED Message target ran into an unexpected error + and has aborted. + @retval EFI_ACCESS_DENIED Access denied. + @retval EFI_OUT_OF_RESOURCES Out of memory to perform operation. +**/ +STATIC +EFI_STATUS +SendMemoryPermissionRequest ( + IN OUT ARM_SVC_ARGS *SvcArgs, + OUT INT32 *RetVal + ) +{ + if ((SvcArgs == NULL) || (RetVal == NULL)) { + return EFI_INVALID_PARAMETER; + } + + ArmCallSvc (SvcArgs); + if (FeaturePcdGet (PcdFfaEnable)) { + // Get/Set memory attributes is an atomic call, with + // StandaloneMm at S-EL0 being the caller and the SPM + // core being the callee. Thus there won't be a + // FFA_INTERRUPT or FFA_SUCCESS response to the Direct + // Request sent above. This will have to be considered + // for other Direct Request calls which are not atomic + // We therefore check only for Direct Response by the + // callee. + if (SvcArgs->Arg0 == ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP_AARCH64) { + // A Direct Response means FF-A success + // Now check the payload for errors + // The callee sends back the return value + // in Arg3 + *RetVal = SvcArgs->Arg3; + } else { + // If Arg0 is not a Direct Response, that means we + // have an FF-A error. We need to check Arg2 for the + // FF-A error code. + // See [2], Table 10.8: FFA_ERROR encoding. + *RetVal = SvcArgs->Arg2; + switch (*RetVal) { + case ARM_FFA_SPM_RET_INVALID_PARAMETERS: + return EFI_INVALID_PARAMETER; + + case ARM_FFA_SPM_RET_DENIED: + return EFI_ACCESS_DENIED; + + case ARM_FFA_SPM_RET_NOT_SUPPORTED: + return EFI_UNSUPPORTED; + + case ARM_FFA_SPM_RET_BUSY: + return EFI_NOT_READY; + + case ARM_FFA_SPM_RET_ABORTED: + return EFI_ABORTED; + + default: + // Undefined error code received. + ASSERT (0); + return EFI_INVALID_PARAMETER; + } + } + } else { + *RetVal = SvcArgs->Arg0; + } + + // Check error response from Callee. + if (*RetVal & BIT31) { + // Bit 31 set means there is an error retured + // See [1], Section 13.5.5.1 MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64 and + // Section 13.5.5.2 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. + switch (*RetVal) { + case ARM_SVC_SPM_RET_NOT_SUPPORTED: + return EFI_UNSUPPORTED; + + case ARM_SVC_SPM_RET_INVALID_PARAMS: + return EFI_INVALID_PARAMETER; + + case ARM_SVC_SPM_RET_DENIED: + return EFI_ACCESS_DENIED; + + case ARM_SVC_SPM_RET_NO_MEMORY: + return EFI_OUT_OF_RESOURCES; + + default: + // Undefined error code received. + ASSERT (0); + return EFI_INVALID_PARAMETER; + } + } + + return EFI_SUCCESS; +} + +/** Request the permission attributes of a memory region from S-EL0. + + @param [in] BaseAddress Base address for the memory region. + @param [out] MemoryAttributes Pointer to return the memory attributes. + + @retval EFI_SUCCESS Request successfull. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_NOT_READY Callee is busy or not in a state to handle + this request. + @retval EFI_UNSUPPORTED This function is not implemented by the + callee. + @retval EFI_ABORTED Message target ran into an unexpected error + and has aborted. + @retval EFI_ACCESS_DENIED Access denied. + @retval EFI_OUT_OF_RESOURCES Out of memory to perform operation. +**/ STATIC EFI_STATUS GetMemoryPermissions ( @@ -26,179 +151,89 @@ GetMemoryPermissions ( OUT UINT32 *MemoryAttributes ) { + EFI_STATUS Status; INT32 Ret; - ARM_SVC_ARGS GetMemoryPermissionsSvcArgs; - BOOLEAN FfaEnabled; + ARM_SVC_ARGS SvcArgs; - ZeroMem (&GetMemoryPermissionsSvcArgs, sizeof (ARM_SVC_ARGS)); - - FfaEnabled = FeaturePcdGet (PcdFfaEnable); - if (FfaEnabled) { - GetMemoryPermissionsSvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ_AARCH64; - GetMemoryPermissionsSvcArgs.Arg1 = ARM_FFA_DESTINATION_ENDPOINT_ID; - GetMemoryPermissionsSvcArgs.Arg2 = 0; - GetMemoryPermissionsSvcArgs.Arg3 = ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES_AARCH64; - GetMemoryPermissionsSvcArgs.Arg4 = BaseAddress; - } else { - GetMemoryPermissionsSvcArgs.Arg0 = ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES_AARCH64; - GetMemoryPermissionsSvcArgs.Arg1 = BaseAddress; - GetMemoryPermissionsSvcArgs.Arg2 = 0; - GetMemoryPermissionsSvcArgs.Arg3 = 0; + if (MemoryAttributes == NULL) { + return EFI_INVALID_PARAMETER; } - *MemoryAttributes = 0; - ArmCallSvc (&GetMemoryPermissionsSvcArgs); - if (FfaEnabled) { - // Getting memory attributes is an atomic call, with - // StandaloneMm at S-EL0 being the caller and the SPM - // core being the callee. Thus there won't be a - // FFA_INTERRUPT or FFA_SUCCESS response to the Direct - // Request sent above. This will have to be considered - // for other Direct Request calls which are not atomic - // We therefore check only for Direct Response by the - // callee. - if (GetMemoryPermissionsSvcArgs.Arg0 != - ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP_AARCH64) { - // If Arg0 is not a Direct Response, that means we - // have an FF-A error. We need to check Arg2 for the - // FF-A error code. - Ret = GetMemoryPermissionsSvcArgs.Arg2; - switch (Ret) { - case ARM_FFA_SPM_RET_INVALID_PARAMETERS: - - return EFI_INVALID_PARAMETER; - - case ARM_FFA_SPM_RET_DENIED: - return EFI_NOT_READY; - - case ARM_FFA_SPM_RET_NOT_SUPPORTED: - return EFI_UNSUPPORTED; - - case ARM_FFA_SPM_RET_BUSY: - return EFI_NOT_READY; - - case ARM_FFA_SPM_RET_ABORTED: - return EFI_ABORTED; - } - } else if (GetMemoryPermissionsSvcArgs.Arg0 == - ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP_AARCH64) { - // A Direct Response means FF-A success - // Now check the payload for errors - // The callee sends back the return value - // in Arg3 - Ret = GetMemoryPermissionsSvcArgs.Arg3; - } + // Prepare the message parameters. + // See [1], Section 13.5.5.1 MM_SP_MEMORY_ATTRIBUTES_GET_AARCH64. + ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS)); + if (FeaturePcdGet (PcdFfaEnable)) { + // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ. + SvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ_AARCH64; + SvcArgs.Arg1 = ARM_FFA_DESTINATION_ENDPOINT_ID; + SvcArgs.Arg2 = 0; + SvcArgs.Arg3 = ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES_AARCH64; + SvcArgs.Arg4 = BaseAddress; } else { - Ret = GetMemoryPermissionsSvcArgs.Arg0; + SvcArgs.Arg0 = ARM_SVC_ID_SP_GET_MEM_ATTRIBUTES_AARCH64; + SvcArgs.Arg1 = BaseAddress; + SvcArgs.Arg2 = 0; + SvcArgs.Arg3 = 0; } - if (Ret & BIT31) { - // Bit 31 set means there is an error retured - switch (Ret) { - case ARM_SVC_SPM_RET_INVALID_PARAMS: - return EFI_INVALID_PARAMETER; - - case ARM_SVC_SPM_RET_NOT_SUPPORTED: - return EFI_UNSUPPORTED; - } - } else { - *MemoryAttributes = Ret; + Status = SendMemoryPermissionRequest (&SvcArgs, &Ret); + if (EFI_ERROR (Status)) { + *MemoryAttributes = 0; + return Status; } - return EFI_SUCCESS; + *MemoryAttributes = Ret; + return Status; } +/** Set the permission attributes of a memory region from S-EL0. + + @param [in] BaseAddress Base address for the memory region. + @param [in] Length Length of the memory region. + @param [in] Permissions Memory access controls attributes. + + @retval EFI_SUCCESS Request successfull. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_NOT_READY Callee is busy or not in a state to handle + this request. + @retval EFI_UNSUPPORTED This function is not implemented by the + callee. + @retval EFI_ABORTED Message target ran into an unexpected error + and has aborted. + @retval EFI_ACCESS_DENIED Access denied. + @retval EFI_OUT_OF_RESOURCES Out of memory to perform operation. +**/ STATIC EFI_STATUS RequestMemoryPermissionChange ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, - IN UINTN Permissions + IN UINT32 Permissions ) { INT32 Ret; - BOOLEAN FfaEnabled; - ARM_SVC_ARGS ChangeMemoryPermissionsSvcArgs; - - ZeroMem (&ChangeMemoryPermissionsSvcArgs, sizeof (ARM_SVC_ARGS)); - - FfaEnabled = FeaturePcdGet (PcdFfaEnable); - - if (FfaEnabled) { - ChangeMemoryPermissionsSvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ_AARCH64; - ChangeMemoryPermissionsSvcArgs.Arg1 = ARM_FFA_DESTINATION_ENDPOINT_ID; - ChangeMemoryPermissionsSvcArgs.Arg2 = 0; - ChangeMemoryPermissionsSvcArgs.Arg3 = ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES_AARCH64; - ChangeMemoryPermissionsSvcArgs.Arg4 = BaseAddress; - ChangeMemoryPermissionsSvcArgs.Arg5 = EFI_SIZE_TO_PAGES (Length); - ChangeMemoryPermissionsSvcArgs.Arg6 = Permissions; - } else { - ChangeMemoryPermissionsSvcArgs.Arg0 = ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES_AARCH64; - ChangeMemoryPermissionsSvcArgs.Arg1 = BaseAddress; - ChangeMemoryPermissionsSvcArgs.Arg2 = EFI_SIZE_TO_PAGES (Length); - ChangeMemoryPermissionsSvcArgs.Arg3 = Permissions; - } - - ArmCallSvc (&ChangeMemoryPermissionsSvcArgs); - - if (FfaEnabled) { - // Setting memory attributes is an atomic call, with - // StandaloneMm at S-EL0 being the caller and the SPM - // core being the callee. Thus there won't be a - // FFA_INTERRUPT or FFA_SUCCESS response to the Direct - // Request sent above. This will have to be considered - // for other Direct Request calls which are not atomic - // We therefore check only for Direct Response by the - // callee. - if (ChangeMemoryPermissionsSvcArgs.Arg0 != - ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP_AARCH64) { - // If Arg0 is not a Direct Response, that means we - // have an FF-A error. We need to check Arg2 for the - // FF-A error code. - Ret = ChangeMemoryPermissionsSvcArgs.Arg2; - switch (Ret) { - case ARM_FFA_SPM_RET_INVALID_PARAMETERS: - return EFI_INVALID_PARAMETER; - - case ARM_FFA_SPM_RET_DENIED: - return EFI_NOT_READY; - - case ARM_FFA_SPM_RET_NOT_SUPPORTED: - return EFI_UNSUPPORTED; - - case ARM_FFA_SPM_RET_BUSY: - return EFI_NOT_READY; - - case ARM_FFA_SPM_RET_ABORTED: - return EFI_ABORTED; - } - } else if (ChangeMemoryPermissionsSvcArgs.Arg0 == - ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP_AARCH64) { - // A Direct Response means FF-A success - // Now check the payload for errors - // The callee sends back the return value - // in Arg3 - Ret = ChangeMemoryPermissionsSvcArgs.Arg3; - } + ARM_SVC_ARGS SvcArgs; + + // Prepare the message parameters. + // See [1], Section 13.5.5.2 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. + ZeroMem (&SvcArgs, sizeof (ARM_SVC_ARGS)); + if (FeaturePcdGet (PcdFfaEnable)) { + // See [2], Section 10.2 FFA_MSG_SEND_DIRECT_REQ. + SvcArgs.Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_REQ_AARCH64; + SvcArgs.Arg1 = ARM_FFA_DESTINATION_ENDPOINT_ID; + SvcArgs.Arg2 = 0; + SvcArgs.Arg3 = ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES_AARCH64; + SvcArgs.Arg4 = BaseAddress; + SvcArgs.Arg5 = EFI_SIZE_TO_PAGES (Length); + SvcArgs.Arg6 = Permissions; } else { - Ret = ChangeMemoryPermissionsSvcArgs.Arg0; - } - - switch (Ret) { - case ARM_SVC_SPM_RET_NOT_SUPPORTED: - return EFI_UNSUPPORTED; - - case ARM_SVC_SPM_RET_INVALID_PARAMS: - return EFI_INVALID_PARAMETER; - - case ARM_SVC_SPM_RET_DENIED: - return EFI_ACCESS_DENIED; - - case ARM_SVC_SPM_RET_NO_MEMORY: - return EFI_BAD_BUFFER_SIZE; + SvcArgs.Arg0 = ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES_AARCH64; + SvcArgs.Arg1 = BaseAddress; + SvcArgs.Arg2 = EFI_SIZE_TO_PAGES (Length); + SvcArgs.Arg3 = Permissions; } - return EFI_SUCCESS; + return SendMemoryPermissionRequest (&SvcArgs, &Ret); } EFI_STATUS @@ -212,7 +247,7 @@ ArmSetMemoryRegionNoExec ( UINT32 CodePermission; Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes); - if (Status != EFI_INVALID_PARAMETER) { + if (!EFI_ERROR (Status)) { CodePermission = SET_MEM_ATTR_CODE_PERM_XN << SET_MEM_ATTR_CODE_PERM_SHIFT; return RequestMemoryPermissionChange ( BaseAddress, @@ -220,7 +255,7 @@ ArmSetMemoryRegionNoExec ( MemoryAttributes | CodePermission ); } - return EFI_INVALID_PARAMETER; + return Status; } EFI_STATUS @@ -234,7 +269,7 @@ ArmClearMemoryRegionNoExec ( UINT32 CodePermission; Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes); - if (Status != EFI_INVALID_PARAMETER) { + if (!EFI_ERROR (Status)) { CodePermission = SET_MEM_ATTR_CODE_PERM_XN << SET_MEM_ATTR_CODE_PERM_SHIFT; return RequestMemoryPermissionChange ( BaseAddress, @@ -242,7 +277,7 @@ ArmClearMemoryRegionNoExec ( MemoryAttributes & ~CodePermission ); } - return EFI_INVALID_PARAMETER; + return Status; } EFI_STATUS @@ -256,7 +291,7 @@ ArmSetMemoryRegionReadOnly ( UINT32 DataPermission; Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes); - if (Status != EFI_INVALID_PARAMETER) { + if (!EFI_ERROR (Status)) { DataPermission = SET_MEM_ATTR_DATA_PERM_RO << SET_MEM_ATTR_DATA_PERM_SHIFT; return RequestMemoryPermissionChange ( BaseAddress, @@ -264,7 +299,7 @@ ArmSetMemoryRegionReadOnly ( MemoryAttributes | DataPermission ); } - return EFI_INVALID_PARAMETER; + return Status; } EFI_STATUS @@ -278,7 +313,7 @@ ArmClearMemoryRegionReadOnly ( UINT32 PermissionRequest; Status = GetMemoryPermissions (BaseAddress, &MemoryAttributes); - if (Status != EFI_INVALID_PARAMETER) { + if (!EFI_ERROR (Status)) { PermissionRequest = SET_MEM_ATTR_MAKE_PERM_REQUEST (SET_MEM_ATTR_DATA_PERM_RW, MemoryAttributes); return RequestMemoryPermissionChange ( @@ -287,5 +322,5 @@ ArmClearMemoryRegionReadOnly ( PermissionRequest ); } - return EFI_INVALID_PARAMETER; + return Status; } -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'