From patchwork Wed Aug 26 13:30:02 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 52728
Return-Path: <patchwork-forward+bncBDYNJBOFRECBBVP762XAKGQEQGPZXKI@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-la0-f71.google.com (mail-la0-f71.google.com
 [209.85.215.71])
 by patches.linaro.org (Postfix) with ESMTPS id 3B28622E9E
 for <linaro@patches.linaro.org>; Wed, 26 Aug 2015 13:32:07 +0000 (UTC)
Received: by labip2 with SMTP id ip2sf14592864lab.1
 for <linaro@patches.linaro.org>; Wed, 26 Aug 2015 06:32:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:subject:date:message-id
 :precedence:list-id:list-unsubscribe:list-archive:list-post
 :list-help:list-subscribe:cc:mime-version:content-type
 :content-transfer-encoding:sender:errors-to:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=qUOeL3bdhgE3cv7rE4q0PbGtYnyeYfYURh2ItIgu7VQ=;
 b=M2KGnjg/QFxhdLi+HatbdEyFcQKpSnrl29kbD8ipntxN7QVB37T1s5TCvfHMGr5S1b
 Yt9zztxumn2SFp/fVw4joNJ0kOlY3Dem0TluOL5MIQEPePV2SjjF4pjxz8XqVYksu/jU
 9bXRjYSRCy4uAwbLIvMgSV3jrrv1RyWaqtgF0OaOGGDAXRqor88m68yVGkIrA6CxuKa8
 Wqkxtt34jV9YWGFuwGO2X24Y7z0nbew6ggwfNkHxUbqIr60cJ2Og2AeRzVvW4z8j7zCQ
 HF5OaPncGEGbtXenx6xl+NUkP4oWrfKwC82kKAxRIQ6e/13gozN9XKnFfS50cj0Mn5yl
 1HMg==
X-Gm-Message-State: ALoCoQmtd7rBISEs4ols/Q8D8Nz78E3c9ahDRT7ODfR7ObyexA0v1hyJz1KxVmCHF6E+9UfOh9lJ
X-Received: by 10.180.11.178 with SMTP id r18mr900639wib.5.1440595925979;
 Wed, 26 Aug 2015 06:32:05 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.36.201 with SMTP id s9ls829249laj.40.gmail; Wed, 26 Aug
 2015 06:32:05 -0700 (PDT)
X-Received: by 10.112.137.164 with SMTP id qj4mr30283157lbb.105.1440595925800; 
 Wed, 26 Aug 2015 06:32:05 -0700 (PDT)
Received: from mail-la0-f41.google.com (mail-la0-f41.google.com.
 [209.85.215.41]) by mx.google.com with ESMTPS id
 t6si18764672lae.163.2015.08.26.06.32.05
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 26 Aug 2015 06:32:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.41 as permitted sender) client-ip=209.85.215.41; 
Received: by labgv11 with SMTP id gv11so51637729lab.2
 for <patchwork-forward@linaro.org>;
 Wed, 26 Aug 2015 06:32:05 -0700 (PDT)
X-Received: by 10.112.131.98 with SMTP id ol2mr31241252lbb.56.1440595925660; 
 Wed, 26 Aug 2015 06:32:05 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.162.200 with SMTP id yc8csp3926533lbb;
 Wed, 26 Aug 2015 06:32:04 -0700 (PDT)
X-Received: by 10.68.219.194 with SMTP id pq2mr1964676pbc.20.1440595923475; 
 Wed, 26 Aug 2015 06:32:03 -0700 (PDT)
Received: from bombadil.infradead.org (bombadil.infradead.org.
 [2001:1868:205::9]) by mx.google.com with ESMTPS id
 en10si38643237pac.97.2015.08.26.06.32.02 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 26 Aug 2015 06:32:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
 designates 2001:1868:205::9 as permitted sender)
 client-ip=2001:1868:205::9; 
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
 by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
 id 1ZUamg-0008Me-Tx; Wed, 26 Aug 2015 13:30:35 +0000
Received: from mail-wi0-f174.google.com ([209.85.212.174])
 by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
 Linux)) id 1ZUame-0008Df-DU for linux-arm-kernel@lists.infradead.org;
 Wed, 26 Aug 2015 13:30:33 +0000
Received: by widdq5 with SMTP id dq5so15502171wid.0
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 26 Aug 2015 06:30:08 -0700 (PDT)
X-Received: by 10.180.20.48 with SMTP id k16mr12957058wie.56.1440595808395; 
 Wed, 26 Aug 2015 06:30:08 -0700 (PDT)
Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net.
 [83.153.85.71]) by smtp.gmail.com with ESMTPSA id
 ja8sm3900126wjb.13.2015.08.26.06.30.06
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Wed, 26 Aug 2015 06:30:07 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-arm-kernel@lists.infradead.org, linux-efi@vger.kernel.org,
 mark.rutland@arm.com, msalter@redhat.com, leif.lindholm@linaro.org,
 catalin.marinas@arm.com, will.deacon@arm.com
Subject: [PATCH v2] arm64/efi: base UEFI mapping permissions on region
 attributes
Date: Wed, 26 Aug 2015 15:30:02 +0200
Message-Id: <1440595802-20359-1-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 1.9.1
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20150826_063032_610398_05EB57C0
X-CRM114-Status: GOOD (  15.72  )
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
 Content analysis details:   (-2.6 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
 low trust [209.85.212.174 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [209.85.212.174 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: ard.biesheuvel@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.41 as permitted sender)
 smtp.mailfrom=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

Currently, we infer the UEFI memory region mapping permissions
from the memory region type (i.e., runtime services code are
mapped RWX and runtime services data mapped RW-). This appears to
work fine but is not entirely UEFI spec compliant. So instead, use
the designated permission attributes to decide how these regions
should be mapped.

Since UEFIv2.5 introduces a new EFI_MEMORY_RO permission attribute,
and redefines EFI_MEMORY_WP as a cacheability attribute, use only
the former as a read-only attribute. For setting the PXN bit, the
corresponding EFI_MEMORY_XP attribute is used.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
Changes since v1:
- rewrote page size and alignment check to be more legible
- use code that is STRICT_MM_TYPECHECKS compliant

Example output of a recent Tianocore build on FVP Foundation model
is attached below.

 arch/arm64/kernel/efi.c | 37 +++++++++++++-------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c
index ab21e0d58278..c8d587f46f3e 100644
--- a/arch/arm64/kernel/efi.c
+++ b/arch/arm64/kernel/efi.c
@@ -235,7 +235,7 @@ static bool __init efi_virtmap_init(void)
 
 	for_each_efi_memory_desc(&memmap, md) {
 		u64 paddr, npages, size;
-		pgprot_t prot;
+		pteval_t prot_val;
 
 		if (!(md->attribute & EFI_MEMORY_RUNTIME))
 			continue;
@@ -247,22 +247,33 @@ static bool __init efi_virtmap_init(void)
 		memrange_efi_to_native(&paddr, &npages);
 		size = npages << PAGE_SHIFT;
 
-		pr_info("  EFI remap 0x%016llx => %p\n",
-			md->phys_addr, (void *)md->virt_addr);
+		if (!is_normal_ram(md))
+			prot_val = PROT_DEVICE_nGnRE;
+		else
+			prot_val = pgprot_val(PAGE_KERNEL_EXEC);
 
 		/*
-		 * Only regions of type EFI_RUNTIME_SERVICES_CODE need to be
-		 * executable, everything else can be mapped with the XN bits
-		 * set.
+		 * On 64 KB granule kernels, only use strict permissions when
+		 * the region does not share a 64 KB page frame with another
+		 * region at either end.
 		 */
-		if (!is_normal_ram(md))
-			prot = __pgprot(PROT_DEVICE_nGnRE);
-		else if (md->type == EFI_RUNTIME_SERVICES_CODE)
-			prot = PAGE_KERNEL_EXEC;
-		else
-			prot = PAGE_KERNEL;
+		if (PAGE_SIZE == EFI_PAGE_SIZE ||
+		    (PAGE_ALIGNED(md->virt_addr) &&
+		     PAGE_ALIGNED(md->phys_addr + md->num_pages * EFI_PAGE_SIZE))) {
+
+			if (md->attribute & EFI_MEMORY_RO)
+				prot_val |= PTE_RDONLY;
+			if (md->attribute & EFI_MEMORY_XP)
+				prot_val |= PTE_PXN;
+		}
+
+		pr_info("  EFI remap 0x%016llx => %p (R%c%c)\n",
+			md->phys_addr, (void *)md->virt_addr,
+			prot_val & PTE_RDONLY ? '-' : 'W',
+			prot_val & PTE_PXN ? '-' : 'X');
 
-		create_pgd_mapping(&efi_mm, paddr, md->virt_addr, size, prot);
+		create_pgd_mapping(&efi_mm, paddr, md->virt_addr, size,
+				   __pgprot(prot_val));
 	}
 	return true;
 }