From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.13537.1685025077145265617
 for <devel@edk2.groups.io>;
 Thu, 25 May 2023 07:31:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZDMhbqwa;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id AD34864623;
	Thu, 25 May 2023 14:31:16 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9298EC4339B;
	Thu, 25 May 2023 14:31:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1685025076;
	bh=mbuLv5GY0lQ+sJwO9bmjuHKhz3PsQ9KdPmvSaat5K0c=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ZDMhbqwa5MonszojXQ+5HXXDt/+R8KLYAkEDlq2Drno8AjN6k+ubTD85m9Rxcg4UN
	 GW0Qi5DteRU0yzUU1xfJBKTyiqLf0AqQVBNj9oNTBCug6M7/lEM37c/9prhuo6yb7z
	 sIA3UERtGP8YRRigE5WowBAKQ5fnszzUfsM1f0UZxa1U0r05KsAScafC7PrYMYsi3R
	 eeLSzILWC9TfX5DddZU9OaVI4DknzzIXumMBCW6NkIBamp2V5bAib3vejaS0hHZ77X
	 WAhrrViKonK87TaTo6bgq6NdrqOadc0X8bkMEI6KSMy++nTozDlVi7ew8bjV/9k5LN
	 nkuXGUgRcQb2g==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Ray Ni <ray.ni@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Oliver Smith-Denny <osd@smith-denny.com>,
	Dandan Bi <dandan.bi@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sunil V L <sunilvl@ventanamicro.com>,
	Andrei Warkentin <andrei.warkentin@intel.com>
Subject: [RFC PATCH 06/10] ArmPkg/CpuPei: Implement the memory attributes PPI
Date: Thu, 25 May 2023 16:30:37 +0200
Message-Id: <20230525143041.1172989-7-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230525143041.1172989-1-ardb@kernel.org>
References: <20230525143041.1172989-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Implement the newly defined PPI that permits the PEI core and DXE IPL to
manage memory permissions on ranges of DRAM, for doing things like
mapping the stack non-executable, or granting executable permissions to
shadowed PEIMs.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmPkg/Drivers/CpuPei/CpuPei.c   | 78 ++++++++++++++++++--
 ArmPkg/Drivers/CpuPei/CpuPei.inf |  4 +
 2 files changed, 74 insertions(+), 8 deletions(-)

diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.c b/ArmPkg/Drivers/CpuPei/CpuPei.c
index 85ef5ec07b9fdafa..d5996673260544c8 100644
--- a/ArmPkg/Drivers/CpuPei/CpuPei.c
+++ b/ArmPkg/Drivers/CpuPei/CpuPei.c
@@ -3,17 +3,10 @@
 Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>=0D
 Copyright (c) 2011 Hewlett Packard Corporation. All rights reserved.<BR>=0D
 Copyright (c) 2011-2013, ARM Limited. All rights reserved.<BR>=0D
+Copyright (c) 2023, Google, LLC. All rights reserved.<BR>=0D
 =0D
 SPDX-License-Identifier: BSD-2-Clause-Patent=0D
 =0D
-Module Name:=0D
-=0D
-  MemoryInit.c=0D
-=0D
-Abstract:=0D
-=0D
-  PEIM to provide fake memory init=0D
-=0D
 **/=0D
 =0D
 //=0D
@@ -24,6 +17,7 @@ Module Name:
 // The protocols, PPI and GUID definitions for this module=0D
 //=0D
 #include <Ppi/ArmMpCoreInfo.h>=0D
+#include <Ppi/MemoryAttribute.h>=0D
 =0D
 //=0D
 // The Library classes this module consumes=0D
@@ -34,6 +28,71 @@ Module Name:
 #include <Library/PcdLib.h>=0D
 #include <Library/HobLib.h>=0D
 #include <Library/ArmLib.h>=0D
+#include <Library/ArmMmuLib.h>=0D
+=0D
+/**=0D
+  Set the requested memory permission attributes on a region of memory.=0D
+=0D
+  BaseAddress and Length must be aligned to EFI_PAGE_SIZE.=0D
+=0D
+  Both SetMask and ClearMask may contain any combination of EFI_MEMORY_RP,=
=0D
+  EFI_MEMORY_RO and EFI_MEMORY_XP, with the following restrictions:=0D
+  - each constant may appear in either SetMask or ClearMask, but not in bo=
th;=0D
+  - SetMask or ClearMask may be 0x0, but not both.=0D
+=0D
+  @param[in]  This            The protocol instance pointer.=0D
+  @param[in]  BaseAddress     The physical address that is the start addre=
ss of=0D
+                              a memory region.=0D
+  @param[in]  Length          The size in bytes of the memory region.=0D
+  @param[in]  SetMask         Mask of memory attributes to set.=0D
+  @param[in]  ClearMask       Mask of memory attributes to clear.=0D
+=0D
+  @retval EFI_SUCCESS           The attributes were set for the memory reg=
ion.=0D
+  @retval EFI_INVALID_PARAMETER Length is zero.=0D
+                                Invalid combination of SetMask and ClearMa=
sk.=0D
+                                BaseAddress or Length is not suitably alig=
ned.=0D
+  @retval EFI_UNSUPPORTED       The processor does not support one or more=
=0D
+                                bytes of the memory resource range specifi=
ed=0D
+                                by BaseAddress and Length.=0D
+                                The bit mask of attributes is not supporte=
d for=0D
+                                the memory resource range specified by=0D
+                                BaseAddress and Length.=0D
+  @retval EFI_OUT_OF_RESOURCES  Requested attributes cannot be applied due=
 to=0D
+                                lack of system resources.=0D
+=0D
+**/=0D
+STATIC=0D
+EFI_STATUS=0D
+EFIAPI=0D
+SetMemoryPermissions (=0D
+  IN  EDKII_MEMORY_ATTRIBUTE_PPI  *This,=0D
+  IN  EFI_PHYSICAL_ADDRESS        BaseAddress,=0D
+  IN  UINT64                      Length,=0D
+  IN  UINT64                      SetMask,=0D
+  IN  UINT64                      ClearMask=0D
+  )=0D
+{=0D
+  if ((Length =3D=3D 0) ||=0D
+      ((SetMask & ClearMask) !=3D 0) ||=0D
+      (((SetMask | ClearMask) & (EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMOR=
Y_XP)) =3D=3D 0) ||=0D
+      (((SetMask | ClearMask) & ~(UINT64)(EFI_MEMORY_RP | EFI_MEMORY_RO | =
EFI_MEMORY_XP)) !=3D 0) ||=0D
+      (((BaseAddress | Length) & EFI_PAGE_MASK) !=3D 0))=0D
+  {=0D
+    return EFI_INVALID_PARAMETER;=0D
+  }=0D
+=0D
+  return ArmSetMemoryAttributes (BaseAddress, Length, SetMask, SetMask | C=
learMask);=0D
+}=0D
+=0D
+STATIC CONST EDKII_MEMORY_ATTRIBUTE_PPI  mMemoryAttributePpi =3D {=0D
+  SetMemoryPermissions=0D
+};=0D
+=0D
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR  mMemoryAttributePpiDesc =3D {=0D
+  (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),=0D
+  &gEdkiiMemoryAttributePpiGuid,=0D
+  (VOID *)&mMemoryAttributePpi=0D
+};=0D
 =0D
 /*++=0D
 =0D
@@ -79,5 +138,8 @@ InitializeCpuPeim (
     }=0D
   }=0D
 =0D
+  Status =3D PeiServicesInstallPpi (&mMemoryAttributePpiDesc);=0D
+  ASSERT_EFI_ERROR (Status);=0D
+=0D
   return EFI_SUCCESS;=0D
 }=0D
diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.inf b/ArmPkg/Drivers/CpuPei/CpuPe=
i.inf
index 648f27adf9402435..2ca4f795c62de394 100644
--- a/ArmPkg/Drivers/CpuPei/CpuPei.inf
+++ b/ArmPkg/Drivers/CpuPei/CpuPei.inf
@@ -3,6 +3,7 @@
 #=0D
 # This module provides platform specific function to detect boot mode.=0D
 # Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>=0D
+# Copyright (c) 2023, Google, LLC. All rights reserved.<BR>=0D
 #=0D
 #  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
 #=0D
@@ -28,6 +29,7 @@ [Sources]
   CpuPei.c=0D
 =0D
 [Packages]=0D
+  MdeModulePkg/MdeModulePkg.dec=0D
   MdePkg/MdePkg.dec=0D
   EmbeddedPkg/EmbeddedPkg.dec=0D
   ArmPkg/ArmPkg.dec=0D
@@ -37,9 +39,11 @@ [LibraryClasses]
   DebugLib=0D
   HobLib=0D
   ArmLib=0D
+  ArmMmuLib=0D
 =0D
 [Ppis]=0D
   gArmMpCoreInfoPpiGuid=0D
+  gEdkiiMemoryAttributePpiGuid=0D
 =0D
 [Guids]=0D
   gArmMpCoreInfoGuid=0D
--=20
2.39.2