ArmVirtPkg/HighMemDxe: use CPU arch protocol to apply memprotect policy
[mirror_edk2.git] / ArmVirtPkg / HighMemDxe / HighMemDxe.c
CommitLineData
68312710
SZ
1/** @file\r
2* High memory node enumeration DXE driver for ARM Virtual Machines\r
3*\r
490acf89 4* Copyright (c) 2015-2016, Linaro Ltd. All rights reserved.\r
68312710
SZ
5*\r
6* This program and the accompanying materials are licensed and made available\r
7* under the terms and conditions of the BSD License which accompanies this\r
8* distribution. The full text of the license may be found at\r
9* http://opensource.org/licenses/bsd-license.php\r
10*\r
11* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR\r
13* IMPLIED.\r
14*\r
15**/\r
16\r
17#include <Library/BaseLib.h>\r
68312710 18#include <Library/DebugLib.h>\r
68312710 19#include <Library/DxeServicesTableLib.h>\r
490acf89
AB
20#include <Library/PcdLib.h>\r
21#include <Library/UefiBootServicesTableLib.h>\r
22\r
60bd1e12 23#include <Protocol/Cpu.h>\r
490acf89 24#include <Protocol/FdtClient.h>\r
68312710
SZ
25\r
26EFI_STATUS\r
27EFIAPI\r
28InitializeHighMemDxe (\r
29 IN EFI_HANDLE ImageHandle,\r
30 IN EFI_SYSTEM_TABLE *SystemTable\r
31 )\r
32{\r
490acf89 33 FDT_CLIENT_PROTOCOL *FdtClient;\r
60bd1e12 34 EFI_CPU_ARCH_PROTOCOL *Cpu;\r
490acf89
AB
35 EFI_STATUS Status, FindNodeStatus;\r
36 INT32 Node;\r
37 CONST UINT32 *Reg;\r
38 UINT32 RegSize;\r
39 UINTN AddressCells, SizeCells;\r
40 UINT64 CurBase;\r
41 UINT64 CurSize;\r
413edd47 42 UINT64 Attributes;\r
68312710 43\r
490acf89
AB
44 Status = gBS->LocateProtocol (&gFdtClientProtocolGuid, NULL,\r
45 (VOID **)&FdtClient);\r
46 ASSERT_EFI_ERROR (Status);\r
68312710 47\r
60bd1e12
AB
48 Status = gBS->LocateProtocol (&gEfiCpuArchProtocolGuid, NULL,\r
49 (VOID **)&Cpu);\r
50 ASSERT_EFI_ERROR (Status);\r
51\r
68312710 52 //\r
490acf89 53 // Check for memory node and add the memory spaces except the lowest one\r
68312710 54 //\r
490acf89
AB
55 for (FindNodeStatus = FdtClient->FindMemoryNodeReg (FdtClient, &Node,\r
56 (CONST VOID **) &Reg, &AddressCells,\r
57 &SizeCells, &RegSize);\r
58 !EFI_ERROR (FindNodeStatus);\r
59 FindNodeStatus = FdtClient->FindNextMemoryNodeReg (FdtClient, Node,\r
60 &Node, (CONST VOID **) &Reg, &AddressCells,\r
61 &SizeCells, &RegSize)) {\r
62 ASSERT (AddressCells <= 2);\r
63 ASSERT (SizeCells <= 2);\r
68312710 64\r
490acf89
AB
65 while (RegSize > 0) {\r
66 CurBase = SwapBytes32 (*Reg++);\r
67 if (AddressCells > 1) {\r
68 CurBase = (CurBase << 32) | SwapBytes32 (*Reg++);\r
69 }\r
70 CurSize = SwapBytes32 (*Reg++);\r
71 if (SizeCells > 1) {\r
72 CurSize = (CurSize << 32) | SwapBytes32 (*Reg++);\r
73 }\r
74 RegSize -= (AddressCells + SizeCells) * sizeof (UINT32);\r
68312710 75\r
490acf89
AB
76 if (PcdGet64 (PcdSystemMemoryBase) != CurBase) {\r
77 Status = gDS->AddMemorySpace (EfiGcdMemoryTypeSystemMemory, CurBase,\r
78 CurSize, EFI_MEMORY_WB);\r
68312710 79\r
490acf89
AB
80 if (EFI_ERROR (Status)) {\r
81 DEBUG ((EFI_D_ERROR,\r
82 "%a: Failed to add System RAM @ 0x%lx - 0x%lx (%r)\n",\r
83 __FUNCTION__, CurBase, CurBase + CurSize - 1, Status));\r
84 continue;\r
85 }\r
68312710 86\r
60bd1e12
AB
87 Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize,\r
88 EFI_MEMORY_WB);\r
89 if (EFI_ERROR (Status)) {\r
90 DEBUG ((DEBUG_WARN,\r
91 "%a: gDS->SetMemorySpaceAttributes() failed on region 0x%lx - 0x%lx (%r)\n",\r
92 __FUNCTION__, CurBase, CurBase + CurSize - 1, Status));\r
93 }\r
94\r
95 //\r
96 // Due to the ambiguous nature of the RO/XP GCD memory space attributes,\r
97 // it is impossible to add a memory space with the XP attribute in a way\r
98 // that does not result in the XP attribute being set on *all* UEFI\r
99 // memory map entries that are carved from it, including code regions\r
100 // that require executable permissions.\r
413edd47 101 //\r
60bd1e12
AB
102 // So instead, we never set the RO/XP attributes in the GCD memory space\r
103 // capabilities or attribute fields, and apply any protections directly\r
104 // on the page table mappings by going through the cpu arch protocol.\r
413edd47
AB
105 //\r
106 Attributes = EFI_MEMORY_WB;\r
107 if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) &\r
108 (1U << (UINT32)EfiConventionalMemory)) != 0) {\r
109 Attributes |= EFI_MEMORY_XP;\r
110 }\r
111\r
60bd1e12 112 Status = Cpu->SetMemoryAttributes (Cpu, CurBase, CurSize, Attributes);\r
68312710 113\r
490acf89
AB
114 if (EFI_ERROR (Status)) {\r
115 DEBUG ((EFI_D_ERROR,\r
116 "%a: Failed to set System RAM @ 0x%lx - 0x%lx attribute (%r)\n",\r
117 __FUNCTION__, CurBase, CurBase + CurSize - 1, Status));\r
118 } else {\r
119 DEBUG ((EFI_D_INFO, "%a: Add System RAM @ 0x%lx - 0x%lx\n",\r
120 __FUNCTION__, CurBase, CurBase + CurSize - 1));\r
68312710
SZ
121 }\r
122 }\r
123 }\r
124 }\r
125\r
126 return EFI_SUCCESS;\r
127}\r