Commit 61a7b0ec63 ("ArmPkg/Gic: force GIC driver to run before CPU arch
protocol driver", 2018-02-06) explains why CpuDxe should be dispatched
after ArmGicDxe.
To implement the ordering, we should use a regular protocol depex rather
than the less flexible AFTER opcode. ArmGicDxe installs
gHardwareInterruptProtocolGuid and gHardwareInterrupt2ProtocolGuid as one
of the last actions on its entry point stack; either of those is OK for
CpuDxe to wait for.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Steve Capper <steve.capper@linaro.org>
Cc: Supreeth Venkatesh <Supreeth.Venkatesh@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Steve Capper <steve.capper@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
"ArmGicDxe.inf" currently does not document how the protocols in the
[Protocols] section are used. Such comments help us analyze behavior, so
let's add them now.
- gHardwareInterruptProtocolGuid and gHardwareInterrupt2ProtocolGuid are
always produced on the InterruptDxeInitialize() -> (GicV2DxeInitialize()
| GicV3DxeInitialize()) -> InstallAndRegisterInterruptService() call
path.
- gEfiCpuArchProtocolGuid is consumed in the CpuArchEventProtocolNotify()
protocol notify callback. (Technically this is "conditional"; however
the firmware cannot work without architectural protocols, so we can call
it unconditional.)
While at it, drop the gArmGicDxeFileGuid comment from FILE_GUID; we're
going to make that GUID uninteresting soon.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Steve Capper <steve.capper@linaro.org>
Cc: Supreeth Venkatesh <Supreeth.Venkatesh@arm.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Steve Capper <steve.capper@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
If timer interrupt is level sensitive, reloading timer compare
register has a side effect of clearing GIC pending status, so a "ISB"
is needed to make sure this instruction is executed before enabling
CPU IRQ, or else we may get spurious timer interrupts.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The generic timer driver only EOIs the timer interrupt if
the ISTATUS bit is set. This is completely fine if you pretend
that spurious interrupts do not exist. But as a matter of fact,
they do, and the first one will leave the interrupt activated
at the GIC level, making sure that no other interrupt can make
it anymore.
Making sure that each interrupt Ack is paired with an EOI is the
way to go. Oh, and enabling the interrupt each time it is taken
is completely pointless. We entered this function for a good
reason...
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Introduce CRT assembly replacements for __rt_sdiv, __rt_udiv,
__rt_udiv64, __rt_sdiv64, __rt_srsh (by reusing the RVCT code)
as well as memcpy and memset.
For MSFT compatibility, some of the code needs to be explicitly
forced to ARM, and the /oldit assembly flag needs to be added.
Also, while RVCT_ASM_EXPORT macro invocations have been removed,
the replacement code is designed to be as close as possible to
the one that would have been generated if using the macros.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Pete Batard <pete@akeo.ie>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Currently, the GIC driver has a static dependency on the CPU arch protocol
driver, so it can register its IRQ handler at init time. This means there
is a window between dispatch of the CPU driver and dispatch of the GIC
driver where any unexpected GIC state may trigger an interrupt which we
are not set up to handle yet. Note that this is even the case if we enter
UEFI with interrupts disabled at the CPU, given that any TPL manipulation
involving TPL_HIGH_LEVEL will unconditionally enable IRQs at the CPU side
regardless of whether they were enabled to begin with (but only as soon as
the CPU arch protocol is actually installed)
So let's reorder the GIC driver with the CPU driver, and let it run its
initialization that puts the GIC into a known state before enabling
interrupts. Move its installation of its IRQ handler to a protocol notify
callback on the CPU arch protocol so that it runs as soon as it becomes
available.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Marc Zyngier <marc.zyngier@arm.com>
gEfiDebugSupportPeriodicCallbackProtocolGuid and
PcdCpuDxeProduceDebugSupport are referred to from CpuDxe.
Delete references from .inf and .h.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
This currently isn't needed by anything in the edk2 tree but
it's useful for externally maintained platforms which have
to set this register e.g. to disable alignment aborts.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
From what I can see this bug dates back to the commit from 2011 where
support for this was added: 2cf4b60895
The first problem is that PopulateLevel2PageTable overflows the
translation table buffer because it doesn't verify that the size
actually fits within one level 2 page table.
The second problem is that the loop in FillTranslationTable doesn't
care about the PhysicalBase or the RemainLength and always substracts
one section size from RemainLength.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Add a missing newline to the version string output that is displayed
on the serial console, or the next line will be appended to it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
If gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString is set to
a non-empty string, print it to the console at boot. Note that this
is independent of DEBUG/RELEASE or graphical vs serial console,
although we do attempt to stay clear of the logo and progress bar
in graphical mode, by printing it top center.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
This patch add implementation of following new API introduced into
CpuExceptionHandlerLib. Since this lib hasn't support Stack Guard
and stack switch, the new method just calls original
InitializeCpuExceptionHandlers.
EFI_STATUS
EFIAPI
InitializeCpuExceptionHandlersEx (
IN EFI_VECTOR_HANDOFF_INFO *VectorInfo OPTIONAL,
IN CPU_EXCEPTION_INIT_DATA *InitDataEx OPTIONAL
);
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Suggested-by: Ayellet Wolman <ayellet.wolman@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jeff Fan <vanjeff_919@hotmail.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
With the last user FdtPlatformDxe removed, we can finally get rid of the
last bit of ARM BDS related cruft.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
This module is not used anywhere under edk2 or edk2-platforms, so let's
remove it. This removes the only dependency on ArmPlatformLib from ArmPkg.
While at it, remove a mention of ArmPlatformPkg from a comment in the
.dec file as well.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Currently, each ARM platform built with RVCT that uses ArmHvcLib
or ArmSmcLib needs to specify a CPU target that implements both the
security and virtualization extensions, so that the assembler does
not choke on the 'hvc' and 'smc' instructions in ArmHvcLib/ArmSvcLib.
Let's move these overrides into the module .INFs so we can lift this
requirement at the platform side.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Flash region needs to be set as cacheable (write back) to increase
performance, if PEI is still XIP on flash or DXE FV is decompressed
from flash FV. However some ARM platforms do not support to set flash
as inner shareable since flash is not normal DDR memory and it will
not respond to cache snoop request, which will causes system hang
after MMU is enabled.
So we need a new ARM memory region attribute WRITE_BACK_NONSHAREABLE
for flash region on these platforms specifically. This attribute will
set the region as write back but not inner shared.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Peicong Li <lipeicong@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
This patch adds a library that enables invocation of SVCs from Exception
Level EL0. It will be used by the Standalone MM environment to request
services from a software running in a privileged EL e.g. ARM Trusted
Firmware. The library is derived directly from Arm SMC Library.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
[ardb: assign frame pointer (AArch64)
keep stack alignment (ARM)]
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The ESRT hook call that I just added invokes the protocol before
retrieving a pointer to it, which interestingly enough did not
result in any crashes, nor did it get picked up by GCC. Clang did
notice, though, so let's fix it right away.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
SVCs are in the range 0xC4000060 - 0xC400007f.
The functions available to the secure MM partition:
1. Signal completion of MM event handling.
2. Set/Get memory attributes for a memory region at runtime.
3. Get version number of secure partition manager.
Also, it defines memory attributes required for set/get operations.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
This patch adds a list of function IDs that fall under the standard
SMC range as defined in [1]
SMCs associated with Management Mode are in the range 0xC4000040 -
0xC400005f (64 bit) and 0x84000040 - 0x8400005f (32 bit).
The function(s) available to the normal world:
1. Request services from the secure MM environment using MM_COMMUNICATE.
It also defines MM return codes.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The ESRT management protocol needs to be invoked at the appropriate times
to get the ESRT config table to be published when the ReadyToBoot event
is signalled. So add this handling to the default ArmPkg implementation
of PlatformBootManagerLib.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
The existing HardwareInterrupt protocol lacked a means to configure the
level/edge properties of an interrupt. The new HardwareInterrupt2
protocol introduced this capability.
This patch updates the GIC drivers to provide the new interfaces.
The changes comprise:
Update to use HardwareInterrupt2 protocol
Additions to register info in ArmGicLib.h
Added new functionality (GetTriggerType and SetTriggerType)
The requirement for this change derives from a problem detected on ARM
Juno boards, but the change is of generic (ARM) relevance.
This commit is in response to review on the mailing list and, as
suggested there, rolls Girish's updates onto Ard's original example.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Girish Pathak <girish.pathak@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Process any capsule HOBs that were left for us by CapsulePei. This
involves calling ProcessCapsules() twice, as explained in the comment
in DxeCapsuleLibFmp [sic].
1) The first call must be before EndOfDxe. The system capsules is processed.
If device capsule FMP protocols are exposted at this time and device FMP
capsule has zero EmbeddedDriverCount, the device capsules are processed.
Each individual capsule result is recorded in capsule record variable.
System may reset in this function, if reset is required by capsule and
all capsules are processed.
If not all capsules are processed, reset will be defered to second call.
2) The second call must be after EndOfDxe and after ConnectAll, so that all
device capsule FMP protocols are exposed.
The system capsules are skipped. If the device capsules are NOT processed
in first call, they are processed here.
Each individual capsule result is recorded in capsule record variable.
System may reset in this function, if reset is required by capsule
processed in first call and second call.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
The ARMv8.2-FP16 extension introduces support for half precision
floating point and the processor ID registers have been updated to
enable detection of the implementation.
The possible values for the FP bits in ID_AA64PFR0_EL1[19:16] are:
- 0000 : Floating-point is implemented.
- 0001 : Floating-point including Half-precision support is
implemented.
- 1111 : Floating-point is not implemented.
- All other values are reserved.
Previously ArmEnableVFP() compared the FP bits with 0000b to see if
the FP was implemented, before enabling FP. Modified this check to
enable the FP if the FP bits 19:16 are not 1111b.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Even though RELEASE builds produce some diagnostics when a crash
occurs, they can be rather unhelpful:
Synchronous Exception at 0x0000000000000000
and sometimes, it would be useful to get a full register dump from
a production machine without having to modify the firmware.
This can be achieved very easily by incorporating a DEBUG build of
ARM's DefaultExceptionHandlerLib into a DXE driver, and registering
its DefaultExceptionHandler entry point as the synchronous exception
handler, overriding the default one. If we then build this driver
using the UefiDebugLibConOut DebugLib implementation, we end up
with a module than can simply be loaded via the Shell on any system.
Shell> load fs0:ArmCrashDumpDxe.efi
As a bonus, the crash dump will also appear on the graphical display,
not only on the serial port.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Now that we have a generic DmaLib implementation for non-coherent DMA,
let's get rid of the ARM specific one.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Now that ArmDmaLib can take care of its own memory allocation needs,
let's get rid of UncachedMemoryAllocationLib entirely. This forces
platforms to declare the required semantics (non-cache coherent DMA,
whichever way it is implemented), rather than using uncached memory
allocations directly, which may not always be the right choice, and
prevents sharing of drivers between platforms if one is cache coherent
and the other is not.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Now that ArmDmaLib no longer uses uncached mappings for short-lived
bounce buffers used for streaming DMA, the only place we allocate
uncached memory is in DmaAllocateBuffer (), which is used for static
mappings shared between the host and the device, e.g., for packet
descriptor rings etc.
There is no performance concern around such long lived mappings, and
so we can really do without the overhead of UncachedMemoryAllocationLib,
which is a sizable chunk of poorly maintained code that never actually
releases any memory, and despite the fact that it implements pool based
routines, it always performs page based allocations anyway.
So let's invoke the DXE services directly to manage memory attributes
on allocations, and keep track of the allocations in a linked list so
we can restore the attributes and free the memory properly after use.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The ArmPkg implementation of DmaLib uses double buffering to ensure
that any attempt to perform non-coherent DMA on unaligned buffers cannot
corrupt adjacent unrelated data which happens to share cachelines with
the data we are exchanging with the device.
Such corruption can only occur on bus master write, in which case we have
to invalidate the caches to ensure the CPU will see the data written to
memory by the device. In the bus master read case, we can simply clean
and invalidate at the same time, which may purge unrelated adjacent data
from the caches, but will not corrupt its contents.
Also, this double buffer does not necessarily have to be allocated from
uncached memory: by the same reasoning, we can perform cache invalidation
on an ordinary pool allocation as long as we take the same alignment
constraints into account.
So update our code accordingly: remove double buffering from the bus
master read path, and switch to a pool allocation for the double buffer.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
https://bugzilla.tianocore.org/show_bug.cgi?id=642
Add top level License.txt file with the BSD 2-Clause
License that is used by the majority of the EKD II open
source project content. Merge copyright statements
from the BSD 2-Clause License files in each package
directory and remove the duplication License.txt
file from package directories.
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Andrew Fish <afish@apple.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
https://bugzilla.tianocore.org/show_bug.cgi?id=629
Move Contributions.txt that contains the TianoCore
Contribution Agreement 1.0 to the root of the edk2
repository and remove the duplicate Contributions.txt
files from all packages.
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Andrew Fish <afish@apple.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Move IS_DEVICE_PATH_NODE into header to share it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
This adds an implementation of the ResetSystemLib library class as
defined in MdeModulePkg. It is used as the platform glue by the generic
ResetSystemRuntimeDxe which lives in the same package.
This implementation is intended to replace the EfiResetSystemLib based
implementation that is deprecated now that we have decided that there is
no longer a reason to keep a different ResetSystem() implementation
under EmbeddedPkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
ARM ArmHvcLib looks like it was created from copy of ArmSmcLib which
looks like it was created from a copy of the AArch64 version.
Both of these files include AsmMacroIoLibV8.h instead of
AsmMacroIoLib.h, although since they only use macros that are identical
between the two, there was no functional issue caused by this.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
In order to be able to produce meaningful diagnostic output when taking
synchronous exceptions that have been caused by corruption of the stack
pointer, prepare the EL0 stack pointer and switch to it when handling the
'Sync exception using SPx' exception class.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Currently, we only attempt to walk the call stack and print a backtrace
if the program counter refers to a location covered by a PE/COFF image.
However, regardless of the value of PC, the frame pointer may still have
a meaningful value, and so we can still produce the remainder of the
backtrace.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Add the gEfiDebugImageInfoTableGuid, which is referenced in the code,
to both .INF files describing this module.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Replace the duplicated and outdated code in QuietBoot.c with a reference
to BootLogoLib, which provides the same functionality. This also allows
us to drop all references to IntelFrameworkModulePkg in this module.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Instead of indirecting the reference to the Shell binary via a PCD
that is defined in IntelFrameworkModulePkg, and which invariably
gets set to the same value by all users of this library, refer to
the UEFI Shell application by its declared symbolic GUID.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Commit e7b24ec978 ("ArmPkg/UncachedMemoryAllocationLib: map uncached
allocations non-executable") adds code that manipulates the GCD memory
space attributes of a newly allocated uncached region without checking
whether this region expose these attributes in its capabilities mask.
Given that the intent is to remove executable permissions from the region,
this is a fairly pointless exercise to begin with, regardless of whether
it is correct or not. The reason is that RO/XP memory attributes in the
GCD memory space map or the UEFI memory map are completely disconnected
from the actual mapping permissions used in the page tables.
So instead, invoke the CPU arch protocol directly, and add the non-exec
attributes in the page tables directly.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Ryan Harkin <ryan.harkin@linaro.org>
modsi3.S references the symbol '__divsi3' by '___divsi3' which assumes
the prefix is always required and supported. Use ASM_PFX() instead
to support all compilers.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
Some memory attributes are implied by the memory type, e.g., device memory
is always mapped non-executable and cached memory should have the inner
shareable attribute.
In order to prevent unnecessary memory attribute updates of mappings
created early on, make EfiAttributeToArmAttribute() return these implied
attributes in the same way as ArmMmuLib does already. This avoids false
positives when looking for differences between current and desired mapping
attributes.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
The primary use case for UncachedMemoryAllocationLib is non-coherent DMA,
which implies that such regions are not used to fetch instructions from.
So let's map them as non-executable, to avoid creating a security hole
when the rest of the platform may be enforcing strict memory permissions
on ordinary allocations.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Uncached pool allocations are aligned to the data cache line length under
the assumption that this is sufficient to prevent cache maintenance from
corrupting adjacent allocations. However, the value to use in such cases
is architecturally called the Cache Writeback Granule (CWG), which is
essentially the maximum Dcache line length rather than the minimum.
Note that this is mostly a cosmetical fix, given that the pool allocation
is turned into a page allocation later, and rounded up accordingly.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>