From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.16817.1676301533108320915
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:18:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HnLxqQK2;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 8CCBD61019;
	Mon, 13 Feb 2023 15:18:52 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A2DDC4339E;
	Mon, 13 Feb 2023 15:18:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1676301532;
	bh=sr3YhLwg/vHI0wdmmQP2+aoo1nk7L6td5gu8BxrekJ0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=HnLxqQK2cRzvOGlEcQeGUlXu7uEyiViAWf2TaermbkgnLL/RGOY+FTGfsnw/Hjgmx
	 k6NoVrOij12jHHlJMRFUKxL+hvepWb0OZ9zKDpjwZ+HsKtUiR1hakGTV+uDUGqXPEP
	 B9uwhXNKsTBvZFnvnOKQ/4ic0h8m14Mv+02ykI7GZ0YwEE5WjqMbc1RHsSHjEOiPXV
	 GPZvwBL/qTLpb3JPZTsoYG92KauiL6XNT1+vyGKmXptKp8yWC74q+xusI5yKiHGElG
	 kPsdOdob96yeg6EyhrICHu847l/bk3w4LdKO00MXkYbp+J/+X1XM/CivUqXXID3nMC
	 A1IEzi0NnTzPg==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Peter Jones <pjones@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [RFC 08/13] ArmPkg: Implement ArmSetMemoryOverrideLib
Date: Mon, 13 Feb 2023 16:18:05 +0100
Message-Id: <20230213151810.2301480-9-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org>
References: <20230213151810.2301480-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Implement the ARM version of a NULL class library that can be overlaid
on top of the DXE core to equip it right from its launch with an
implementation of the CPU arch protocol member that sets type and
permission attributes on memory regions.

This bridges the gap between dispatch of DXE core and dispatch of the
DXE driver that implements the CPU arch protocol, removing the need to
rely on memory mappings that are writable and executable at the same
time.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c   | 56 ++=
++++++++++++++++++
 ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf | 25 ++=
+++++++
 2 files changed, 81 insertions(+)

diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib=
.c b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c
new file mode 100644
index 000000000000..d2a9bc96be35
--- /dev/null
+++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c
@@ -0,0 +1,56 @@
+/** @file=0D
+  Copyright (c) 2023, Google LLC. All rights reserved.=0D
+=0D
+  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <PiDxe.h>=0D
+=0D
+#include <Library/ArmMmuLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Protocol/Cpu.h>=0D
+=0D
+extern EFI_CPU_SET_MEMORY_ATTRIBUTES  gCpuSetMemoryAttributes;=0D
+=0D
+STATIC UINTN  mRecursionLevel;=0D
+=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+EarlyArmSetMemoryAttributes (=0D
+  IN  EFI_CPU_ARCH_PROTOCOL  *This,=0D
+  IN  EFI_PHYSICAL_ADDRESS   BaseAddress,=0D
+  IN  UINT64                 Length,=0D
+  IN  UINT64                 Attributes=0D
+  )=0D
+{=0D
+  EFI_STATUS  Status;=0D
+=0D
+  // There are cases where the use of strict memory permissions may trigge=
r=0D
+  // unbounded recursion in the page table code. This happens when setting=
=0D
+  // memory permissions results in a page table split and therefore a page=
=0D
+  // allocation, which could trigger a recursive invocation of this functi=
on.=0D
+  ASSERT (mRecursionLevel < 2);=0D
+=0D
+  mRecursionLevel++;=0D
+=0D
+  Status =3D ArmSetMemoryAttributes (=0D
+             BaseAddress,=0D
+             Length,=0D
+             Attributes=0D
+             );=0D
+=0D
+  mRecursionLevel--;=0D
+  return Status;=0D
+}=0D
+=0D
+RETURN_STATUS=0D
+EFIAPI=0D
+ArmSetMemoryOverrideLibConstructor (=0D
+  VOID=0D
+  )=0D
+{=0D
+  gCpuSetMemoryAttributes =3D EarlyArmSetMemoryAttributes;=0D
+=0D
+  return RETURN_SUCCESS;=0D
+}=0D
diff --git a/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib=
.inf b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf
new file mode 100644
index 000000000000..f07da3dd2d15
--- /dev/null
+++ b/ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.inf
@@ -0,0 +1,25 @@
+#/** @file=0D
+#  Copyright (c) 2023, Google LLC. All rights reserved.=0D
+#=0D
+#  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+#**/=0D
+=0D
+[Defines]=0D
+  INF_VERSION                    =3D 1.29=0D
+  BASE_NAME                      =3D ArmSetMemoryOverrideLib=0D
+  FILE_GUID                      =3D 849a43c0-6ad9-428e-8a5a-e090f7853bd3=
=0D
+  MODULE_TYPE                    =3D BASE=0D
+  VERSION_STRING                 =3D 1.0=0D
+  LIBRARY_CLASS                  =3D NULL|DXE_CORE=0D
+  CONSTRUCTOR                    =3D ArmSetMemoryOverrideLibConstructor=0D
+=0D
+[Sources.common]=0D
+  ArmSetMemoryOverrideLib.c=0D
+=0D
+[Packages]=0D
+  ArmPkg/ArmPkg.dec=0D
+  MdePkg/MdePkg.dec=0D
+=0D
+[LibraryClasses]=0D
+  ArmMmuLib=0D
+  DebugLib=0D
--=20
2.39.1