X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=ArmVirtPkg%2FHighMemDxe%2FHighMemDxe.c;h=aa3f5f6d8956c4d8ca28ef1b6dcc9cb9973a9d65;hp=f70978f6414fc80c0325feb7afa42339ae4699f6;hb=76c09700edc67686b29662e81a3ca7d947594ce5;hpb=413edd470932d8e542325fa205b1e4f5e163a85c diff --git a/ArmVirtPkg/HighMemDxe/HighMemDxe.c b/ArmVirtPkg/HighMemDxe/HighMemDxe.c index f70978f641..aa3f5f6d89 100644 --- a/ArmVirtPkg/HighMemDxe/HighMemDxe.c +++ b/ArmVirtPkg/HighMemDxe/HighMemDxe.c @@ -20,6 +20,7 @@ #include #include +#include #include EFI_STATUS @@ -29,20 +30,26 @@ InitializeHighMemDxe ( IN EFI_SYSTEM_TABLE *SystemTable ) { - FDT_CLIENT_PROTOCOL *FdtClient; - EFI_STATUS Status, FindNodeStatus; - INT32 Node; - CONST UINT32 *Reg; - UINT32 RegSize; - UINTN AddressCells, SizeCells; - UINT64 CurBase; - UINT64 CurSize; - UINT64 Attributes; + FDT_CLIENT_PROTOCOL *FdtClient; + EFI_CPU_ARCH_PROTOCOL *Cpu; + EFI_STATUS Status, FindNodeStatus; + INT32 Node; + CONST UINT32 *Reg; + UINT32 RegSize; + UINTN AddressCells, SizeCells; + UINT64 CurBase; + UINT64 CurSize; + UINT64 Attributes; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; Status = gBS->LocateProtocol (&gFdtClientProtocolGuid, NULL, (VOID **)&FdtClient); ASSERT_EFI_ERROR (Status); + Status = gBS->LocateProtocol (&gEfiCpuArchProtocolGuid, NULL, + (VOID **)&Cpu); + ASSERT_EFI_ERROR (Status); + // // Check for memory node and add the memory spaces except the lowest one // @@ -67,7 +74,14 @@ InitializeHighMemDxe ( } RegSize -= (AddressCells + SizeCells) * sizeof (UINT32); - if (PcdGet64 (PcdSystemMemoryBase) != CurBase) { + Status = gDS->GetMemorySpaceDescriptor (CurBase, &GcdDescriptor); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_WARN, + "%a: Region 0x%lx - 0x%lx not found in the GCD memory space map\n", + __FUNCTION__, CurBase, CurBase + CurSize - 1)); + continue; + } + if (GcdDescriptor.GcdMemoryType == EfiGcdMemoryTypeNonExistent) { Status = gDS->AddMemorySpace (EfiGcdMemoryTypeSystemMemory, CurBase, CurSize, EFI_MEMORY_WB); @@ -78,13 +92,24 @@ InitializeHighMemDxe ( continue; } + Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize, + EFI_MEMORY_WB); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_WARN, + "%a: gDS->SetMemorySpaceAttributes() failed on region 0x%lx - 0x%lx (%r)\n", + __FUNCTION__, CurBase, CurBase + CurSize - 1, Status)); + } + + // + // Due to the ambiguous nature of the RO/XP GCD memory space attributes, + // it is impossible to add a memory space with the XP attribute in a way + // that does not result in the XP attribute being set on *all* UEFI + // memory map entries that are carved from it, including code regions + // that require executable permissions. // - // Take care not to strip any permission attributes that will have been - // set by DxeCore on the region we just added if a strict permission - // policy is in effect for EfiConventionalMemory regions. - // Unfortunately, we cannot interrogate the GCD memory space map for - // those permissions, since they are not recorded there (for historical - // reasons), so check the policy directly. + // So instead, we never set the RO/XP attributes in the GCD memory space + // capabilities or attribute fields, and apply any protections directly + // on the page table mappings by going through the cpu arch protocol. // Attributes = EFI_MEMORY_WB; if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & @@ -92,7 +117,7 @@ InitializeHighMemDxe ( Attributes |= EFI_MEMORY_XP; } - Status = gDS->SetMemorySpaceAttributes (CurBase, CurSize, Attributes); + Status = Cpu->SetMemoryAttributes (Cpu, CurBase, CurSize, Attributes); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR,