From patchwork Tue Mar 14 19:58:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 95311 Delivered-To: patch@linaro.org Received: by 10.140.89.134 with SMTP id v6csp8161qgd; Tue, 14 Mar 2017 12:58:30 -0700 (PDT) X-Received: by 10.98.252.211 with SMTP id e202mr45736125pfh.118.1489521510867; Tue, 14 Mar 2017 12:58:30 -0700 (PDT) Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id e5si37202plk.213.2017.03.14.12.58.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Mar 2017 12:58:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 29C25803DB; Tue, 14 Mar 2017 12:58:30 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A403F803DA for ; Tue, 14 Mar 2017 12:58:28 -0700 (PDT) Received: by mail-wr0-x230.google.com with SMTP id g10so131187921wrg.2 for ; Tue, 14 Mar 2017 12:58:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=yu84FKuy8VUEPu8brwm+ZXuNk6Wycbx2IcyGcaPugdg=; b=i+GxhcLLWCpUFzm/kRpObJuwYyxqgeTlA+AS5GWXiJoRZdBnk2iXQ1z8NL/m8iOXzy 5mFnThKxyRCouGl8EAH6Jr/xJldiP53OItBsz3mwWlRAvSIx5ryL+1UvlR4n70GysFcQ ctHkJM1VpocvvqrK4wZ7zWqKE9P9Ht+lfvAIk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=yu84FKuy8VUEPu8brwm+ZXuNk6Wycbx2IcyGcaPugdg=; b=rNnLyWUGbmd2E13sh3XeAR5Br0A1bQp0OQRiZNqLl5EEKpa4R6HksB/SM1rKFoZoHi PDq2/xOWvVAUUhWMHE8WmPukZ0aCJPqg4NthQY+3fa/g0ipMYTV48gF9PzFxSDqjj+JB 9nmvKn4UgI/ccwM5EwXyXQv2DQ3Ox3bLN9npXp4lIeOfWgnTRcfwFI6ft0B0bFcqN8+W K9XdvLreVaqnLWBIivbr7075FsmTUAJDxzO/YhtAqW//xWEXcs/bo2uZUDtzoo5s0iGK 5R1d55Npwnsc/xkj1oSm8LjQxEbT6jrpjepGrrlEx5J/uc8W0r63bdu2wJELava2PJoy Xzgw== X-Gm-Message-State: AMke39mCaHbE3MCSjxqOSpVgyMzbeNznoxbOsZpy1+kN7CNi3pM9p/YyQ/mrnqygqchtQDTU X-Received: by 10.223.165.138 with SMTP id g10mr36172856wrc.105.1489521506821; Tue, 14 Mar 2017 12:58:26 -0700 (PDT) Received: from localhost.localdomain ([197.130.229.126]) by smtp.gmail.com with ESMTPSA id p185sm16665869wme.20.2017.03.14.12.58.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Mar 2017 12:58:25 -0700 (PDT) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, ryan.harkin@linaro.org Date: Tue, 14 Mar 2017 19:58:15 +0000 Message-Id: <1489521495-2961-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [PATCH] ArmPkg/UncachedMemoryAllocationLib: set XP bit via CPU arch protocol X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Commit e7b24ec9785d ("ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable") adds code that manipulates the GCD memory space attributes of a newly allocated uncached region without checking whether this region expose these attributes in its capabilities mask. Given that the intent is to remove executable permissions from the region, this is a fairly pointless exercise to begin with, regardless of whether it is correct or not. The reason is that RO/XP memory attributes in the GCD memory space map or the UEFI memory map are completely disconnected from the actual mapping permissions used in the page tables. So instead, invoke the CPU arch protocol directly, and add the non-exec attributes in the page tables directly. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c | 36 ++++++++++++++++---- ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.inf | 8 ++++- 2 files changed, 36 insertions(+), 8 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: Leif Lindholm Tested-by: Ryan Harkin diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c index b4fbfbcb362b..2530175bab7a 100644 --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.c @@ -27,6 +27,10 @@ #include #include +#include + +STATIC EFI_CPU_ARCH_PROTOCOL *mCpu; + VOID * UncachedInternalAllocatePages ( IN EFI_MEMORY_TYPE MemoryType, @@ -150,15 +154,19 @@ AllocatePagesFromList ( Status = gDS->GetMemorySpaceDescriptor (Memory, &Descriptor); if (EFI_ERROR (Status)) { - gBS->FreePages (Memory, Pages); - return Status; + goto FreePages; } Status = gDS->SetMemorySpaceAttributes (Memory, EFI_PAGES_TO_SIZE (Pages), - EFI_MEMORY_WC | EFI_MEMORY_XP); + EFI_MEMORY_WC); if (EFI_ERROR (Status)) { - gBS->FreePages (Memory, Pages); - return Status; + goto FreePages; + } + + Status = mCpu->SetMemoryAttributes (mCpu, Memory, EFI_PAGES_TO_SIZE (Pages), + EFI_MEMORY_XP); + if (EFI_ERROR (Status)) { + goto FreePages; } InvalidateDataCacheRange ((VOID *)(UINTN)Memory, EFI_PAGES_TO_SIZE (Pages)); @@ -166,8 +174,8 @@ AllocatePagesFromList ( NewNode = AllocatePool (sizeof (FREE_PAGE_NODE)); if (NewNode == NULL) { ASSERT (FALSE); - gBS->FreePages (Memory, Pages); - return EFI_OUT_OF_RESOURCES; + Status = EFI_OUT_OF_RESOURCES; + goto FreePages; } NewNode->Base = Memory; @@ -181,6 +189,10 @@ AllocatePagesFromList ( *Allocation = NewNode->Allocation; return EFI_SUCCESS; + +FreePages: + gBS->FreePages (Memory, Pages); + return Status; } /** @@ -238,6 +250,16 @@ FreePagesFromList ( */ EFI_STATUS EFIAPI +UncachedMemoryAllocationLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return gBS->LocateProtocol (&gEfiCpuArchProtocolGuid, NULL, (VOID **)&mCpu); +} + +EFI_STATUS +EFIAPI UncachedMemoryAllocationLibDestructor ( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable diff --git a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.inf b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.inf index d7a0f2f792a1..c637430c9020 100644 --- a/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.inf +++ b/ArmPkg/Library/UncachedMemoryAllocationLib/UncachedMemoryAllocationLib.inf @@ -22,7 +22,7 @@ [Defines] MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = UncachedMemoryAllocationLib - + CONSTRUCTOR = UncachedMemoryAllocationLibConstructor DESTRUCTOR = UncachedMemoryAllocationLibDestructor [Sources.common] @@ -42,3 +42,9 @@ [LibraryClasses] [Pcd] gArmTokenSpaceGuid.PcdArmFreeUncachedMemorySizeThreshold + +[Protocols] + gEfiCpuArchProtocolGuid + +[Depex] + gEfiCpuArchProtocolGuid