ArmPkg/AArch64Mmu: don't let table entries inherit XN permission bits

When we split a block entry into a table entry, the UXN/PXN/XN permission
attributes are inherited both by the new table entry and by the new block
entries at the next level down. Unlike the NS bit, which only affects the
next level of lookup, the XN table bits supersede the permissions of the
final translation, and setting the permissions at multiple levels is not
only redundant, it also prevents us from lifting XN restrictions on a
subregion of the original block entry by simply clearing the appropriate
bits at the lowest level.

So drop the code that sets the UXN/PXN/XN bits on the table entries.

Reported-by: "Oliyil Kunnil, Vishal" <vishalo@qti.qualcomm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
index 48ca8271849cc3c3215d0c79d9bfe0bf47a96e69..cf9b7222b47b2d0bbc85414dec01c04ee33f4ca8 100644 (file)
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
@@ -306,13 +306,6 @@ GetBlockEntryListFromAddress (
 \r
         // Convert the block entry attributes into Table descriptor attributes\r
         TableAttributes = TT_TABLE_AP_NO_PERMISSION;\r
-        if (Attributes & TT_PXN_MASK) {\r
-          TableAttributes = TT_TABLE_PXN;\r
-        }\r
-        // XN maps to UXN in the EL1&0 translation regime\r
-        if (Attributes & TT_XN_MASK) {\r
-          TableAttributes = TT_TABLE_XN;\r
-        }\r
         if (Attributes & TT_NS) {\r
           TableAttributes = TT_TABLE_NS;\r
         }\r