From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.46517.1685355469926700772
 for <devel@edk2.groups.io>;
 Mon, 29 May 2023 03:17:50 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GhSWCRFE;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 777F061405;
	Mon, 29 May 2023 10:17:49 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7FB4AC4339E;
	Mon, 29 May 2023 10:17:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1685355468;
	bh=wtW+A1hRMETG4TdaGx2QX+8bDQ2O9TdWj7B/7z7bu2Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=GhSWCRFEQAfm7FXREK80asi7cM7sj52BGFNYUZ9wDlAaQkycz5sxLBAI5D3U0bZuH
	 pkHdxcvlAihX4PpUswQHq/67WGsJ7GMO2mE255uVFbi48voKeMMOtsOSYqySg/v3sY
	 moJKQ/hF//ksOUE1r4481OvZeq6xHTwSQiNs4C/ftNL0rlw7KAu+JcOvAvEVODAYwy
	 +0UYb+9JWUZjhWMgJKu1DJGHZSi0fc8bRRv03nnaM+9yQfCzkharFZKEiVetn7mM2y
	 IqSSmm2rtGyVcO5TX4dUcDAj1rubB3XWDl+V4zSySKk7rvnKtsKpBY7MW+VglVZENs
	 U6QZLetSISsFw==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Ray Ni <ray.ni@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Oliver Smith-Denny <osd@smith-denny.com>,
	Dandan Bi <dandan.bi@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>
Subject: [RFC PATCH 11/11] ArmVirtPkg/ArmVirtQemu: Map all DRAM non-execute by default
Date: Mon, 29 May 2023 12:17:05 +0200
Message-Id: <20230529101705.2476949-12-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230529101705.2476949-1-ardb@kernel.org>
References: <20230529101705.2476949-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Now that both PEI and DXE can deal with memory being mapped non-execute
by default, update the early mapping code to create non-execute mappings
for all of DRAM. While at it, map the NOR flash read-only as well.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/ArmVirtQemu.dsc                                 | 1 +
 ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 4 ++--
 ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf                | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 449e73b9e1329111..7d159f27cfea8790 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -151,6 +151,7 @@ [PcdsFeatureFlag.common]
 [PcdsFixedAtBuild.common]=0D
 !if $(ARCH) =3D=3D AARCH64=0D
   gArmTokenSpaceGuid.PcdVFPEnabled|1=0D
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xE0000000=
00007FD5=0D
 !endif=0D
 =0D
   gArmPlatformTokenSpaceGuid.PcdCPUCoresStackBase|0x4007c000=0D
diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/A=
rmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
index 23bd0fe68ef79d98..1ed5815989594ebd 100644
--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
+++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
@@ -91,7 +91,7 @@ ArmVirtGetMemoryMap (
   VirtualMemoryTable[0].PhysicalBase =3D PcdGet64 (PcdSystemMemoryBase);=0D
   VirtualMemoryTable[0].VirtualBase  =3D VirtualMemoryTable[0].PhysicalBas=
e;=0D
   VirtualMemoryTable[0].Length       =3D *(UINT64 *)GET_GUID_HOB_DATA (Mem=
orySizeHob);=0D
-  VirtualMemoryTable[0].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK;=0D
+  VirtualMemoryTable[0].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK_XP;=0D
 =0D
   DEBUG ((=0D
     DEBUG_INFO,=0D
@@ -115,7 +115,7 @@ ArmVirtGetMemoryMap (
   VirtualMemoryTable[2].PhysicalBase =3D PcdGet64 (PcdFvBaseAddress);=0D
   VirtualMemoryTable[2].VirtualBase  =3D VirtualMemoryTable[2].PhysicalBas=
e;=0D
   VirtualMemoryTable[2].Length       =3D FixedPcdGet32 (PcdFvSize);=0D
-  VirtualMemoryTable[2].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK;=0D
+  VirtualMemoryTable[2].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK_RO;=0D
 =0D
   // End of Table=0D
   ZeroMem (&VirtualMemoryTable[3], sizeof (ARM_MEMORY_REGION_DESCRIPTOR));=
=0D
diff --git a/ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf b/ArmVirtPkg/Memor=
yInitPei/MemoryInitPeim.inf
index 2039f71a0ebecd5d..6e70bf6eaa245b7a 100644
--- a/ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
+++ b/ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
@@ -56,4 +56,4 @@ [FixedPcd]
   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData=0D
 =0D
 [Depex]=0D
-  TRUE=0D
+  gEdkiiMemoryAttributePpiGuid=0D
--=20
2.39.2