From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.3285.1687768616323683607
 for <devel@edk2.groups.io>;
 Mon, 26 Jun 2023 01:36:56 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FLi00KSK;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id D4C6560D30;
	Mon, 26 Jun 2023 08:36:55 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B9CFC433CC;
	Mon, 26 Jun 2023 08:36:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1687768615;
	bh=udlj1EDU2b1WmcwN6CBbH5Bt6nomX5LuAqzMb8tByEo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=FLi00KSK5mAaZkyp3A0OeYiY3fkgGIZJwVc0HsE05wWUJeEAJwGrtkPVEnUegD8cP
	 +npw/aCgrEuT96bBWgv0lkzxQFzUxUp2U2RTUkJAwdmDXS7chX14CVAUJfkE+5Ix9O
	 VtWwnHiowR/4BTtGXuLTrUMkDrwWgTZjMBattUroR4K8EFfT0QZHWNrdYeDhME3iu/
	 azj6925R8NhqzvxCawE4jj/az6eG3ScmWP44V6Qf96UTziSOAtjYEmhl63mjc5ovKC
	 z2ZiGGhD1ACc0oL0Si8Dvyj9gzUIhKN6e3t0Z/b7BypXsFE1+6xVvDshpLGPT7hjIu
	 5SyAQXVSShNOw==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>
Subject: [PATCH 3/3] ArmPkg/OpteeLib: Map shared communication buffer non-executable
Date: Mon, 26 Jun 2023 10:36:44 +0200
Message-Id: <20230626083644.1011698-4-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230626083644.1011698-1-ardb@kernel.org>
References: <20230626083644.1011698-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

The OP-TEE secure OS exposes a non-secure memory region for
communication between the secure OS itself and any clients in the
non-secure firmware. This memory is writable by non-secure and is not
used for code only data, and so it should be mapped non-executable.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmPkg/Library/OpteeLib/Optee.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Opte=
e.c
index 46464f17ef06653e..3acf172b68a2d34c 100644
--- a/ArmPkg/Library/OpteeLib/Optee.c
+++ b/ArmPkg/Library/OpteeLib/Optee.c
@@ -86,7 +86,12 @@ OpteeSharedMemoryRemap (
     return EFI_BUFFER_TOO_SMALL;=0D
   }=0D
 =0D
-  Status =3D ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB,=
 0);=0D
+  Status =3D ArmSetMemoryAttributes (=0D
+             PhysicalAddress,=0D
+             Size,=0D
+             EFI_MEMORY_WB | EFI_MEMORY_XP,=0D
+             0=0D
+             );=0D
   if (EFI_ERROR (Status)) {=0D
     return Status;=0D
   }=0D
--=20
2.39.2