From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Wed, 1 Mar 2017 16:31:42 +0000 (+0000)
Subject: ArmPkg/ArmMmuLib ARM: implement memory permission control routines
X-Git-Tag: edk2-stable201903~4454
X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=9f1dcbe8c8b337770e121fea1ef3cb26f43851c9

ArmPkg/ArmMmuLib ARM: implement memory permission control routines

Now that we have the prerequisite functionality available in ArmMmuLib,
wire it up into ArmSetMemoryRegionNoExec, ArmClearMemoryRegionNoExec,
ArmSetMemoryRegionReadOnly and ArmClearMemoryRegionReadOnly. This is
used by the non-executable stack feature that is configured by DxeIpl.

NOTE: The current implementation will not combine RO and XP attributes,
      i.e., setting/clearing a region no-exec will unconditionally
      clear the read-only attribute, and vice versa. Currently, we
      only use ArmSetMemoryRegionNoExec(), so for now, we should be
      able to live with this.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
---

diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c
index 351b6c03a4..b02f6d7fc5 100644
--- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c
+++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c
@@ -37,6 +37,8 @@
 #define ID_MMFR0_SHR_IMP_HW_COHERENT   1
 #define ID_MMFR0_SHR_IGNORED         0xf
 
+#define __EFI_MEMORY_RWX               0    // no restrictions
+
 #define CACHE_ATTRIBUTE_MASK   (EFI_MEMORY_UC | \
                                 EFI_MEMORY_WC | \
                                 EFI_MEMORY_WT | \
@@ -797,7 +799,7 @@ ArmSetMemoryRegionNoExec (
   IN  UINT64                    Length
   )
 {
-  return EFI_UNSUPPORTED;
+  return ArmSetMemoryAttributes (BaseAddress, Length, EFI_MEMORY_XP);
 }
 
 EFI_STATUS
@@ -806,7 +808,7 @@ ArmClearMemoryRegionNoExec (
   IN  UINT64                    Length
   )
 {
-  return EFI_UNSUPPORTED;
+  return ArmSetMemoryAttributes (BaseAddress, Length, __EFI_MEMORY_RWX);
 }
 
 EFI_STATUS
@@ -815,7 +817,7 @@ ArmSetMemoryRegionReadOnly (
   IN  UINT64                    Length
   )
 {
-  return EFI_UNSUPPORTED;
+  return ArmSetMemoryAttributes (BaseAddress, Length, EFI_MEMORY_RO);
 }
 
 EFI_STATUS
@@ -824,7 +826,7 @@ ArmClearMemoryRegionReadOnly (
   IN  UINT64                    Length
   )
 {
-  return EFI_UNSUPPORTED;
+  return ArmSetMemoryAttributes (BaseAddress, Length, __EFI_MEMORY_RWX);
 }
 
 RETURN_STATUS