]> git.proxmox.com Git - mirror_edk2.git/commitdiff
projects / mirror_edk2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 19bb46c)
ArmPkg/Mmu: set required XN attributes for device mappings
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Wed, 18 Nov 2015 11:51:06 +0000 (11:51 +0000)
committerabiesheuvel <abiesheuvel@Edk2>
Wed, 18 Nov 2015 11:51:06 +0000 (11:51 +0000)
To prevent speculative intruction fetches from MMIO ranges that may
have side effects on reads, the architecture requires device mappings
to be created with the XN or UXN/PXN bits set (for the ARM/EL2 and
EL1&0 translation regimes, respectively.)

Note that, in the ARM case, this involves moving all accesses to a
client domain since permission attributes like XN are ignored from
a manager domain. The use of a client domain is actually mandated
explicitly by the UEFI spec.

Reported-by: Heyi Guo <heyi.guo@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18891 6f19259b-4bc3-4df7-8a09-765794883524

ArmPkg/Include/Chipset/ArmV7Mmu.h patch | blob | blame | history
ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c patch | blob | blame | history
ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c patch | blob | blame | history

diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/ArmV7Mmu.h
index aaa0977205fa8b4550721ec0ca3243a3c5ee950f..e38c5f7b055d0a2e1c997f062920842aa4643141 100644 (file)
--- a/ArmPkg/Include/Chipset/ArmV7Mmu.h
+++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h
@@ -192,6 +192,7 @@
                                                             TT_DESCRIPTOR_SECTION_S_NOT_SHARED                      | \\r
                                                             TT_DESCRIPTOR_SECTION_DOMAIN(0)                         | \\r
                                                             TT_DESCRIPTOR_SECTION_AP_RW_RW                          | \\r
+                                                            TT_DESCRIPTOR_SECTION_XN_MASK                           | \\r
                                                             TT_DESCRIPTOR_SECTION_CACHE_POLICY_SHAREABLE_DEVICE)\r
 #define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure)          (TT_DESCRIPTOR_SECTION_TYPE_SECTION                                                           | \\r
                                                            ((NonSecure) ?  TT_DESCRIPTOR_SECTION_NS : 0)    | \\r
@@ -215,6 +216,7 @@
                                                         TT_DESCRIPTOR_PAGE_NG_GLOBAL                                                      | \\r
                                                         TT_DESCRIPTOR_PAGE_S_NOT_SHARED                                                   | \\r
                                                         TT_DESCRIPTOR_PAGE_AP_RW_RW                                                       | \\r
+                                                        TT_DESCRIPTOR_PAGE_XN_MASK                                                        | \\r
                                                         TT_DESCRIPTOR_PAGE_CACHE_POLICY_SHAREABLE_DEVICE)\r
 #define TT_DESCRIPTOR_PAGE_UNCACHED                (TT_DESCRIPTOR_PAGE_TYPE_PAGE                                                           | \\r
                                                         TT_DESCRIPTOR_PAGE_NG_GLOBAL                                                      | \\r
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
index c8b3d4a121b118bf3b15f7f2890dd3c5aeafc989..377a7858d43616453dd66d5a2e6744839807f5a7 100644 (file)
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
@@ -50,7 +50,10 @@ ArmMemoryAttributeToPageAttribute (
     ASSERT(0);\r
   case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE:\r
   case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE:\r
-    return TT_ATTR_INDX_DEVICE_MEMORY;\r
+    if (ArmReadCurrentEL () == AARCH64_EL2)\r
+      return TT_ATTR_INDX_DEVICE_MEMORY | TT_TABLE_XN;\r
+    else\r
+      return TT_ATTR_INDX_DEVICE_MEMORY | TT_TABLE_UXN | TT_TABLE_PXN;\r
   }\r
 }\r
 \r
diff --git a/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c b/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
index 1287dfb1a9bbe70009815b450c0ea3fe46af80ad..e05a51e0d901c978a646429289225878690eebb5 100644 (file)
--- a/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
+++ b/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
@@ -294,7 +294,7 @@ ArmConfigureMmu (
                              DOMAIN_ACCESS_CONTROL_NONE( 3) |\r
                              DOMAIN_ACCESS_CONTROL_NONE( 2) |\r
                              DOMAIN_ACCESS_CONTROL_NONE( 1) |\r
-                             DOMAIN_ACCESS_CONTROL_MANAGER(0));\r
+                             DOMAIN_ACCESS_CONTROL_CLIENT(0));\r
 \r
   ArmEnableInstructionCache();\r
   ArmEnableDataCache();\r
EFI Development Kit II mirror for PVE