To prevent speculative intruction fetches from MMIO ranges that may
have side effects on reads, the architecture requires device mappings
to be created with the XN or UXN/PXN bits set (for the ARM/EL2 and
EL1&0 translation regimes, respectively.)
Note that, in the ARM case, this involves moving all accesses to a
client domain since permission attributes like XN are ignored from
a manager domain. The use of a client domain is actually mandated
explicitly by the UEFI spec.
Reported-by: Heyi Guo <heyi.guo@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18891
6f19259b-4bc3-4df7-8a09-
765794883524
TT_DESCRIPTOR_SECTION_S_NOT_SHARED | \\r
TT_DESCRIPTOR_SECTION_DOMAIN(0) | \\r
TT_DESCRIPTOR_SECTION_AP_RW_RW | \\r
+ TT_DESCRIPTOR_SECTION_XN_MASK | \\r
TT_DESCRIPTOR_SECTION_CACHE_POLICY_SHAREABLE_DEVICE)\r
#define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure) (TT_DESCRIPTOR_SECTION_TYPE_SECTION | \\r
((NonSecure) ? TT_DESCRIPTOR_SECTION_NS : 0) | \\r
TT_DESCRIPTOR_PAGE_NG_GLOBAL | \\r
TT_DESCRIPTOR_PAGE_S_NOT_SHARED | \\r
TT_DESCRIPTOR_PAGE_AP_RW_RW | \\r
+ TT_DESCRIPTOR_PAGE_XN_MASK | \\r
TT_DESCRIPTOR_PAGE_CACHE_POLICY_SHAREABLE_DEVICE)\r
#define TT_DESCRIPTOR_PAGE_UNCACHED (TT_DESCRIPTOR_PAGE_TYPE_PAGE | \\r
TT_DESCRIPTOR_PAGE_NG_GLOBAL | \\r
ASSERT(0);\r
case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE:\r
case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE:\r
- return TT_ATTR_INDX_DEVICE_MEMORY;\r
+ if (ArmReadCurrentEL () == AARCH64_EL2)\r
+ return TT_ATTR_INDX_DEVICE_MEMORY | TT_TABLE_XN;\r
+ else\r
+ return TT_ATTR_INDX_DEVICE_MEMORY | TT_TABLE_UXN | TT_TABLE_PXN;\r
}\r
}\r
\r
DOMAIN_ACCESS_CONTROL_NONE( 3) |\r
DOMAIN_ACCESS_CONTROL_NONE( 2) |\r
DOMAIN_ACCESS_CONTROL_NONE( 1) |\r
- DOMAIN_ACCESS_CONTROL_MANAGER(0));\r
+ DOMAIN_ACCESS_CONTROL_CLIENT(0));\r
\r
ArmEnableInstructionCache();\r
ArmEnableDataCache();\r