BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3223
In the current design, memory protection is not available till CpuDxe
is loaded. To resolve this, introduce CpuArchLib to move the
CPU Architectural initialization to DxeCore.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Vitaly Cheptsov <vit9696@protonmail.com>
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
ArmFfaLibCommonInit will return EFI_UNSUPPORTED when there is no FFA
supported on the platform. This is expected behavior. However, the return
of error code will incur program asserts.
This change fixed the non-FFA path for the Standalone MM instance.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This commit oves StackCheckLib from a NULL lib to an instance of
StackCheckLib. This requires every entry point to add a library
dependency on StackCheckLib. It also requires every SEC module
to have a dependency on StackCheckLib because there is no
standard SEC entry point.
It allows for greater flexibility for a platform to apply stack
cookies and simplifies DSC logic.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
ArmDisassemblerLib is used to pretty print the instruction that
triggered an unhandled exception, but it was never implemented for
AARCH64, and according to the existing file comment, Thumb2 support
(which is used predominantly when building EDK2 for 32-bit ARM due to
its smaller size) is incomplete.
The DEBUG diagnostics that are produced on an unhandled exception are
generally sufficient to dump the entire executable that triggered it,
and so this disassembly is of limited value, especially because it
doesn't work on AARCH64.
So let's start getting rid of it, by dropping references to it in code
and in the various .INF and .DSC files. Once out-of-tree platforms have
been allowed to catch up, we can remove the library implementation and
its class definition entirely.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
There were several bugs in the vector table relocation code which means
it can't really have been used by anyone on AArch64 in the last decade or
so. So delete the support code from the library, as well as the
ArmRelocateExceptionLib.inf file.
This gets rid of PcdDebuggerExceptionSupport (including a duff reference
in CpuDxe), PcdCpuVectorBaseAddress and PcdRelocateVectorTable.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
ArmGicArchLib is no longer use so remove all remaining references and
implementations.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
StandaloneMmCpu driver is only used for Arm architecture and
StandaloneMmCoreEntryPointLib for Arm has specific implementation with
StandaloneMmCpu driver.
Move StandaloneMmCpu Driver and StandaloneMmCoreEntryPointLib for Arm
to ArmPkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
The StandaloneMm implementation for Arm sets up the stack in
the early startup code using the data section reserved in the
assembly code.
When TF-A loads the StandaloneMM binary in the DRAM it maps
the entire StandaloneMM memory region as Read Only.
Therefore, the initial startup assembly code updates the mem
permissions of the stack region to Read Write.
However, when the StandaloneMmCore is loaded the function
UpdateMmFoundationPeCoffPermissions() starts applying the
memory permissions based on the PE COFF sections as below:
A. If the section is not executable, it first removes the
executable permission of the section by calling TextUpdate().
TextUpdate() is the StandaloneMM MMU library function
ArmSetMemoryRegionNoExec().
B. It then checks if the section is writable, and if it is
it calls ReadWriteUpdater(), which invokes the StandaloneMM
MMU library function ArmClearMemoryRegionReadOnly() to make
the section writable.
However, this results in the stack being made read-only
between A and B. To understand this please see the following
flow.
1. TF-A sets the entire StandaloneMM region as Read Only.
2. The stack is reserved in the data section by the early
assembly entry point code.
+--------------------+ <--- Start of Data Section
| |
| Data Section |
| |
| +----------------+ | <--- Stack region
| | Stack | |
| +----------------+ |
| |
+--------------------+
3. The StanaloneMM early entry point code updates the
attributes of the stack to Read Write.
4. When UpdateMmFoundationPeCoffPermissions() sets the
permission of the data section to remove the Execute
attribute, it calls ArmSetMemoryRegionNoExec().
5. The ArmSetMemoryRegionNoExec() implementation gets the
attributes of the first granule which is at the start
of the data section, then clears the execute permission
and applies the attribute for the entire data section.
6. Since TF-A has mapped the entire section as read only
the first granule of the data section is read only and
therefore the stack region attributes are changed to
Read Only no execute.
7. Since the stack is read only after point A any updates
to the stack result in an exception.
To resolve this issue with update the library with FF-A v1.2,
get/set memory permission per page unit.
Links: https://developer.arm.com/documentation/den0140/latest/ [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
