ArmPkg/CpuPei: Implement the memory attributes PPI

Implement the newly defined PPI that permits the PEI core and DXE IPL to
manage memory permissions on ranges of DRAM, for doing things like
mapping the stack non-executable, or granting executable permissions to
shadowed PEIMs.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
This commit is contained in:
Ard Biesheuvel 2023-06-02 17:17:37 +02:00 committed by mergify[bot]
parent 8f5ad634ad
commit 4249829cf2
2 changed files with 80 additions and 0 deletions

View File

@ -3,6 +3,7 @@
Copyright (c) 2006, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 Hewlett Packard Corporation. All rights reserved.<BR> Copyright (c) 2011 Hewlett Packard Corporation. All rights reserved.<BR>
Copyright (c) 2011-2013, ARM Limited. All rights reserved.<BR> Copyright (c) 2011-2013, ARM Limited. All rights reserved.<BR>
Copyright (c) 2023, Google, LLC. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
@ -24,6 +25,7 @@ Abstract:
// The protocols, PPI and GUID definitions for this module // The protocols, PPI and GUID definitions for this module
// //
#include <Ppi/ArmMpCoreInfo.h> #include <Ppi/ArmMpCoreInfo.h>
#include <Ppi/MemoryAttribute.h>
// //
// The Library classes this module consumes // The Library classes this module consumes
@ -34,6 +36,77 @@ Abstract:
#include <Library/PcdLib.h> #include <Library/PcdLib.h>
#include <Library/HobLib.h> #include <Library/HobLib.h>
#include <Library/ArmLib.h> #include <Library/ArmLib.h>
#include <Library/ArmMmuLib.h>
/**
Set the requested memory permission attributes on a region of memory.
BaseAddress and Length must be aligned to EFI_PAGE_SIZE.
Attributes must contain a combination of EFI_MEMORY_RP, EFI_MEMORY_RO and
EFI_MEMORY_XP, and specifies the attributes that must be set for the
region in question. Attributes that are omitted will be cleared from the
region only if they are set in AttributeMask.
AttributeMask must contain a combination of EFI_MEMORY_RP, EFI_MEMORY_RO and
EFI_MEMORY_XP, and specifies the attributes that the call will operate on.
AttributeMask must not be 0x0, and must contain at least the bits set in
Attributes.
@param[in] This The protocol instance pointer.
@param[in] BaseAddress The physical address that is the start address
of a memory region.
@param[in] Length The size in bytes of the memory region.
@param[in] Attributes Memory attributes to set or clear.
@param[in] AttributeMask Mask of memory attributes to operate on.
@retval EFI_SUCCESS The attributes were set for the memory region.
@retval EFI_INVALID_PARAMETER Length is zero.
AttributeMask is zero.
AttributeMask lacks bits set in Attributes.
BaseAddress or Length is not suitably aligned.
@retval EFI_UNSUPPORTED The processor does not support one or more
bytes of the memory resource range specified
by BaseAddress and Length.
The bit mask of attributes is not supported for
the memory resource range specified by
BaseAddress and Length.
@retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due to
lack of system resources.
**/
STATIC
EFI_STATUS
EFIAPI
SetMemoryPermissions (
IN EDKII_MEMORY_ATTRIBUTE_PPI *This,
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINT64 Length,
IN UINT64 Attributes,
IN UINT64 AttributeMask
)
{
if ((Length == 0) ||
(AttributeMask == 0) ||
((AttributeMask & (EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMORY_XP)) == 0) ||
((Attributes & ~AttributeMask) != 0) ||
(((BaseAddress | Length) & EFI_PAGE_MASK) != 0))
{
return EFI_INVALID_PARAMETER;
}
return ArmSetMemoryAttributes (BaseAddress, Length, Attributes, AttributeMask);
}
STATIC CONST EDKII_MEMORY_ATTRIBUTE_PPI mMemoryAttributePpi = {
SetMemoryPermissions
};
STATIC CONST EFI_PEI_PPI_DESCRIPTOR mMemoryAttributePpiDesc = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEdkiiMemoryAttributePpiGuid,
(VOID *)&mMemoryAttributePpi
};
/*++ /*++
@ -79,5 +152,8 @@ InitializeCpuPeim (
} }
} }
Status = PeiServicesInstallPpi (&mMemoryAttributePpiDesc);
ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS; return EFI_SUCCESS;
} }

View File

@ -3,6 +3,7 @@
# #
# This module provides platform specific function to detect boot mode. # This module provides platform specific function to detect boot mode.
# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2023, Google, LLC. All rights reserved.<BR>
# #
# SPDX-License-Identifier: BSD-2-Clause-Patent # SPDX-License-Identifier: BSD-2-Clause-Patent
# #
@ -28,6 +29,7 @@
CpuPei.c CpuPei.c
[Packages] [Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec MdePkg/MdePkg.dec
EmbeddedPkg/EmbeddedPkg.dec EmbeddedPkg/EmbeddedPkg.dec
ArmPkg/ArmPkg.dec ArmPkg/ArmPkg.dec
@ -37,9 +39,11 @@
DebugLib DebugLib
HobLib HobLib
ArmLib ArmLib
ArmMmuLib
[Ppis] [Ppis]
gArmMpCoreInfoPpiGuid gArmMpCoreInfoPpiGuid
gEdkiiMemoryAttributePpiGuid
[Guids] [Guids]
gArmMpCoreInfoGuid gArmMpCoreInfoGuid