Commit Graph

759 Commits

Author SHA1 Message Date
Peicong Li 829633e3a8 ArmPkg/ArmMmuLib: Add new attribute WRITE_BACK_NONSHAREABLE
Flash region needs to be set as cacheable (write back) to increase
performance, if PEI is still XIP on flash or DXE FV is decompressed
from flash FV. However some ARM platforms do not support to set flash
as inner shareable since flash is not normal DDR memory and it will
not respond to cache snoop request, which will causes system hang
after MMU is enabled.

So we need a new ARM memory region attribute WRITE_BACK_NONSHAREABLE
for flash region on these platforms specifically. This attribute will
set the region as write back but not inner shared.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Peicong Li <lipeicong@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-11-07 13:29:46 +00:00
Supreeth Venkatesh f8f0e454e1 ArmPkg/ArmSvcLib: Add ArmSvcLib implementation.
This patch adds a library that enables invocation of SVCs from Exception
Level EL0. It will be used by the Standalone MM environment to request
services from a software running in a privileged EL e.g. ARM Trusted
Firmware. The library is derived directly from Arm SMC Library.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>

[ardb: assign frame pointer (AArch64)
       keep stack alignment (ARM)]
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-10-06 22:35:41 +01:00
Supreeth Venkatesh 4d163696f2 ArmPkg/Include: Add ArmSvcLib header file.
ArmSvcLib header file to specify the SVC arguments structure and
function prototype to trigger an SVC call.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-10-06 22:35:40 +01:00
Ard Biesheuvel aed68ed6be ArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation
The ESRT hook call that I just added invokes the protocol before
retrieving a pointer to it, which interestingly enough did not
result in any crashes, nor did it get picked up by GCC. Clang did
notice, though, so let's fix it right away.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-10-06 22:31:10 +01:00
Supreeth Venkatesh bbf79aa264 ArmPkg/Include: Add SVC function IDs for Management Mode.
SVCs are in the range 0xC4000060 - 0xC400007f.
The functions available to the secure MM partition:
1. Signal completion of MM event handling.
2. Set/Get memory attributes for a memory region at runtime.
3. Get version number of secure partition manager.

Also, it defines memory attributes required for set/get operations.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-10-06 21:58:58 +01:00
Supreeth Venkatesh 542bc11a02 ArmPkg/Include: Add standard SMC function IDs for MM interface.
This patch adds a list of function IDs that fall under the standard
SMC range as defined in [1]

SMCs associated with Management Mode are in the range 0xC4000040 -
0xC400005f (64 bit) and 0x84000040 - 0x8400005f (32 bit).

The function(s) available to the normal world:
1. Request services from the secure MM environment using MM_COMMUNICATE.

It also defines MM return codes.

[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Supreeth Venkatesh <supreeth.venkatesh@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-10-06 21:58:58 +01:00
Ard Biesheuvel 13ca0abb01 ArmPkg/PlatformBootManagerLib: call ESRT hooks at appropriate times
The ESRT management protocol needs to be invoked at the appropriate times
to get the ESRT config table to be published when the ReadyToBoot event
is signalled. So add this handling to the default ArmPkg implementation
of PlatformBootManagerLib.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-06 21:50:16 +01:00
Ard Biesheuvel baee8efb36 ArmPkg/GenericWatchdogDxe: Set Watchdog interrupt type
Utilise the new HardwareInterrupt2 protocol to adjust the
Edge/Level characteristics of the Watchdog interrupt.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Girish Pathak <girish.pathak@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-05 21:23:39 +01:00
Ard Biesheuvel 8659306a2e ArmPkg/ArmGicDxe: Expose HardwareInterrupt2 protocol
The existing HardwareInterrupt protocol lacked a means to configure the
level/edge properties of an interrupt.  The new HardwareInterrupt2
protocol introduced this capability.
This patch updates the GIC drivers to provide the new interfaces.
The changes comprise:
  Update to use HardwareInterrupt2 protocol
  Additions to register info in ArmGicLib.h
  Added new functionality (GetTriggerType and SetTriggerType)

The requirement for this change derives from a problem detected on ARM
Juno boards, but the change is of generic (ARM) relevance.

This commit is in response to review on the mailing list and, as
suggested there, rolls Girish's updates onto Ard's original example.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Tested-by: Girish Pathak <girish.pathak@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-05 21:23:39 +01:00
Evan Lloyd b0393756d6 ArmPkg: Tidy GIC code before changes.
This change is purely cosmetic, to tidy some code before change.
Mods involve:
    Re-order #includes
    Reformat comments.
    Use ns consistently (always "100ns" not sometimes "100 nS")
    Split overlength code lines.
    Make protocol functions STATIC.
    Remove "Horor vacui" comments.
    Rationalize GIC register address calculations
    Replace explicit test and assert with ASSERT_EFI_ERROR.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
Signed-off-by: Alexei Fedorov <alexei.fedorov@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-05 17:45:16 +01:00
Ard Biesheuvel 4bbcc285d5 ArmPkg/PlatformBootManagerLib: process pending capsules
Process any capsule HOBs that were left for us by CapsulePei. This
involves calling ProcessCapsules() twice, as explained in the comment
in DxeCapsuleLibFmp [sic].

1) The first call must be before EndOfDxe. The system capsules is processed.
   If device capsule FMP protocols are exposted at this time and device FMP
   capsule has zero EmbeddedDriverCount, the device capsules are processed.
   Each individual capsule result is recorded in capsule record variable.
   System may reset in this function, if reset is required by capsule and
   all capsules are processed.
   If not all capsules are processed, reset will be defered to second call.

2) The second call must be after EndOfDxe and after ConnectAll, so that all
   device capsule FMP protocols are exposed.
   The system capsules are skipped. If the device capsules are NOT processed
   in first call, they are processed here.
   Each individual capsule result is recorded in capsule record variable.
   System may reset in this function, if reset is required by capsule
   processed in first call and second call.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-09-19 09:39:01 -07:00
Sami Mujawar 2f16993c25 ArmPkg: ARM v8.2 updates for detecting FP
The ARMv8.2-FP16 extension introduces support for half precision
floating point and the processor ID registers have been updated to
enable detection of the implementation.

The possible values for the FP bits in ID_AA64PFR0_EL1[19:16] are:
  - 0000 : Floating-point is implemented.
  - 0001 : Floating-point including Half-precision support is
           implemented.
  - 1111 : Floating-point is not implemented.
  - All other values are reserved.

Previously ArmEnableVFP() compared the FP bits with 0000b to see if
the FP was implemented, before enabling FP. Modified this check to
enable the FP if the FP bits 19:16 are not 1111b.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-09-15 16:56:08 +01:00
Ard Biesheuvel a94081fb26 ArmPkg: add ArmCrashDumpDxe driver
Even though RELEASE builds produce some diagnostics when a crash
occurs, they can be rather unhelpful:

  Synchronous Exception at 0x0000000000000000

and sometimes, it would be useful to get a full register dump from
a production machine without having to modify the firmware.

This can be achieved very easily by incorporating a DEBUG build of
ARM's DefaultExceptionHandlerLib into a DXE driver, and registering
its DefaultExceptionHandler entry point as the synchronous exception
handler, overriding the default one. If we then build this driver
using the UefiDebugLibConOut DebugLib implementation, we end up
with a module than can simply be loaded via the Shell on any system.

Shell> load fs0:ArmCrashDumpDxe.efi

As a bonus, the crash dump will also appear on the graphical display,
not only on the serial port.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-09-06 17:48:03 +01:00
Ard Biesheuvel 63ed4d2757 ArmPkg: remove ArmDmaLib
Now that we have a generic DmaLib implementation for non-coherent DMA,
let's get rid of the ARM specific one.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-09-01 12:59:42 +01:00
Ard Biesheuvel dcd48d2db4 ArmPkg: remove UncachedMemoryAllocationLib
Now that ArmDmaLib can take care of its own memory allocation needs,
let's get rid of UncachedMemoryAllocationLib entirely. This forces
platforms to declare the required semantics (non-cache coherent DMA,
whichever way it is implemented), rather than using uncached memory
allocations directly, which may not always be the right choice, and
prevents sharing of drivers between platforms if one is cache coherent
and the other is not.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-08-31 08:59:37 +01:00
Ard Biesheuvel 4b4104d87e ArmPkg/ArmDmaLib: implement DmaAllocateAlignedBuffer()
Implement the new DmaLib routine that returns DMA'able buffers
at a specified minimum alignment.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-08-29 17:54:54 +01:00
Ard Biesheuvel 6650d78558 ArmPkg/ArmDmaLib: remove dependency on UncachedMemoryAllocationLib
Now that ArmDmaLib no longer uses uncached mappings for short-lived
bounce buffers used for streaming DMA, the only place we allocate
uncached memory is in DmaAllocateBuffer (), which is used for static
mappings shared between the host and the device, e.g., for packet
descriptor rings etc.

There is no performance concern around such long lived mappings, and
so we can really do without the overhead of UncachedMemoryAllocationLib,
which is a sizable chunk of poorly maintained code that never actually
releases any memory, and despite the fact that it implements pool based
routines, it always performs page based allocations anyway.

So let's invoke the DXE services directly to manage memory attributes
on allocations, and keep track of the allocations in a linked list so
we can restore the attributes and free the memory properly after use.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-08-24 18:18:14 +01:00
Ard Biesheuvel 3a424c5f49 ArmPkg/ArmDmaLib: use double buffering only for bus master write
The ArmPkg implementation of DmaLib uses double buffering to ensure
that any attempt to perform non-coherent DMA on unaligned buffers cannot
corrupt adjacent unrelated data which happens to share cachelines with
the data we are exchanging with the device.

Such corruption can only occur on bus master write, in which case we have
to invalidate the caches to ensure the CPU will see the data written to
memory by the device. In the bus master read case, we can simply clean
and invalidate at the same time, which may purge unrelated adjacent data
from the caches, but will not corrupt its contents.

Also, this double buffer does not necessarily have to be allocated from
uncached memory: by the same reasoning, we can perform cache invalidation
on an ordinary pool allocation as long as we take the same alignment
constraints into account.

So update our code accordingly: remove double buffering from the bus
master read path, and switch to a pool allocation for the double buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-08-17 15:32:30 +01:00
Michael D Kinney 2a98de0344 edk2: Move License.txt file to root
https://bugzilla.tianocore.org/show_bug.cgi?id=642

Add top level License.txt file with the BSD 2-Clause
License that is used by the majority of the EKD II open
source project content.  Merge copyright statements
from the BSD 2-Clause License files in each package
directory and remove the duplication License.txt
file from package directories.

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Andrew Fish <afish@apple.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-08-03 11:02:17 -07:00
Michael D Kinney bbdd3bad1b edk2: Move TianoCore Contribution Agreement to root
https://bugzilla.tianocore.org/show_bug.cgi?id=629

Move Contributions.txt that contains the TianoCore
Contribution Agreement 1.0 to the root of the edk2
repository and remove the duplicate Contributions.txt
files from all packages.

Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Andrew Fish <afish@apple.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-08-03 11:01:53 -07:00
Jun Nie edc65fc4d8 ArmPkg: Move IS_DEVICE_PATH_NODE for sharing
Move IS_DEVICE_PATH_NODE into header to share it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jun Nie <jun.nie@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-08-01 15:57:47 +01:00
Ard Biesheuvel b2c55e7328 ArmPkg: implement ResetSystemLib using PSCI 0.2 calls
This adds an implementation of the ResetSystemLib library class as
defined in MdeModulePkg. It is used as the platform glue by the generic
ResetSystemRuntimeDxe which lives in the same package.

This implementation is intended to replace the EfiResetSystemLib based
implementation that is deprecated now that we have decided that there is
no longer a reason to keep a different ResetSystem() implementation
under EmbeddedPkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-07-03 16:53:33 +01:00
Sami Mujawar 23d6348f92 ArmPkg: Add CNTHCTL_EL2 support functions
Added helper functions for reading and writing the
CNTHCTL_EL2 register.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-05-22 15:19:34 +01:00
Leif Lindholm d63ed30bb5 ArmPkg: copy/paste fixes in ARM ArmHvcLib/ArmSmcLib
ARM ArmHvcLib looks like it was created from copy of ArmSmcLib which
looks like it was created from a copy of the AArch64 version.

Both of these files include AsmMacroIoLibV8.h instead of
AsmMacroIoLib.h, although since they only use macros that are identical
between the two, there was no functional issue caused by this.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-04-13 10:58:28 +01:00
Ard Biesheuvel cffa7925a2 ArmPkg: remove ArmCpuLib header and implementations
Remove ArmCpuLib entirely. It is no longer used.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-04-06 14:55:11 +01:00
Ard Biesheuvel 2d12048958 ArmPkg/ArmExceptionLib: use EL0 stack for synchronous exceptions
In order to be able to produce meaningful diagnostic output when taking
synchronous exceptions that have been caused by corruption of the stack
pointer, prepare the EL0 stack pointer and switch to it when handling the
'Sync exception using SPx' exception class.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-27 13:54:26 +01:00
Ard Biesheuvel 173bf5c847 ArmPkg/DefaultExceptionHandlerLib: walk call stack unconditionally
Currently, we only attempt to walk the call stack and print a backtrace
if the program counter refers to a location covered by a PE/COFF image.
However, regardless of the value of PC, the frame pointer may still have
a meaningful value, and so we can still produce the remainder of the
backtrace.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-22 15:48:01 +00:00
Ard Biesheuvel b8fc72bd7d ArmPkg/DefaultExceptionHandlerLib: add missing GUID to .inf
Add the gEfiDebugImageInfoTableGuid, which is referenced in the code,
to both .INF files describing this module.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-22 15:47:56 +00:00
Ard Biesheuvel a43d75e152 ArmPkg/PlatformBootManagerLib: move to BootLogoLib for boot splash support
Replace the duplicated and outdated code in QuietBoot.c with a reference
to BootLogoLib, which provides the same functionality. This also allows
us to drop all references to IntelFrameworkModulePkg in this module.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-22 15:44:55 +00:00
Ard Biesheuvel 07548e17c5 ArmPkg/PlatformBootManagerLib: refer to Shell FILE_GUID directly
Instead of indirecting the reference to the Shell binary via a PCD
that is defined in IntelFrameworkModulePkg, and which invariably
gets set to the same value by all users of this library, refer to
the UEFI Shell application by its declared symbolic GUID.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-22 15:33:42 +00:00
Ard Biesheuvel 0985beff2c ArmPkg/UncachedMemoryAllocationLib: set XP bit via CPU arch protocol
Commit e7b24ec978 ("ArmPkg/UncachedMemoryAllocationLib: map uncached
allocations non-executable") adds code that manipulates the GCD memory
space attributes of a newly allocated uncached region without checking
whether this region expose these attributes in its capabilities mask.

Given that the intent is to remove executable permissions from the region,
this is a fairly pointless exercise to begin with, regardless of whether
it is correct or not. The reason is that RO/XP memory attributes in the
GCD memory space map or the UEFI memory map are completely disconnected
from the actual mapping permissions used in the page tables.

So instead, invoke the CPU arch protocol directly, and add the non-exec
attributes in the page tables directly.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Tested-by: Ryan Harkin <ryan.harkin@linaro.org>
2017-03-15 19:36:10 +00:00
Marvin Häuser a559e0602c ArmPkg: Fix modsi3.S compilation across toolchains.
modsi3.S references the symbol '__divsi3' by '___divsi3' which assumes
the prefix is always required and supported.  Use ASM_PFX() instead
to support all compilers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marvin Haeuser <Marvin.Haeuser@outlook.com>
2017-03-14 08:02:09 +00:00
Ard Biesheuvel bdecff6c0f ArmPkg/CpuDxe: handle implied attributes in EfiAttributeToArmAttribute
Some memory attributes are implied by the memory type, e.g., device memory
is always mapped non-executable and cached memory should have the inner
shareable attribute.

In order to prevent unnecessary memory attribute updates of mappings
created early on, make EfiAttributeToArmAttribute() return these implied
attributes in the same way as ArmMmuLib does already. This avoids false
positives when looking for differences between current and desired mapping
attributes.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-08 15:40:20 +01:00
Ard Biesheuvel e7b24ec978 ArmPkg/UncachedMemoryAllocationLib: map uncached allocations non-executable
The primary use case for UncachedMemoryAllocationLib is non-coherent DMA,
which implies that such regions are not used to fetch instructions from.

So let's map them as non-executable, to avoid creating a security hole
when the rest of the platform may be enforcing strict memory permissions
on ordinary allocations.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-08 09:50:18 +01:00
Ard Biesheuvel 25549bda46 ArmPkg/UncachedMemoryAllocationLib: use CWG value to align pool allocations
Uncached pool allocations are aligned to the data cache line length under
the assumption that this is sufficient to prevent cache maintenance from
corrupting adjacent allocations. However, the value to use in such cases
is architecturally called the Cache Writeback Granule (CWG), which is
essentially the maximum Dcache line length rather than the minimum.

Note that this is mostly a cosmetical fix, given that the pool allocation
is turned into a page allocation later, and rounded up accordingly.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-08 09:50:00 +01:00
Ard Biesheuvel bb52ec2d6b ArmPkg/UncachedMemoryAllocationLib: restore mapping attributes after free
In order to play nice with platforms that use strict memory permission
policies, restore the original mapping attributes when freeing uncached
allocations.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-08 09:48:42 +01:00
Ard Biesheuvel 9f1dcbe8c8 ArmPkg/ArmMmuLib ARM: implement memory permission control routines
Now that we have the prerequisite functionality available in ArmMmuLib,
wire it up into ArmSetMemoryRegionNoExec, ArmClearMemoryRegionNoExec,
ArmSetMemoryRegionReadOnly and ArmClearMemoryRegionReadOnly. This is
used by the non-executable stack feature that is configured by DxeIpl.

NOTE: The current implementation will not combine RO and XP attributes,
      i.e., setting/clearing a region no-exec will unconditionally
      clear the read-only attribute, and vice versa. Currently, we
      only use ArmSetMemoryRegionNoExec(), so for now, we should be
      able to live with this.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 10:31:53 +01:00
Ard Biesheuvel d9c0d991f7 ArmPkg/ArmMmuLib: remove VirtualMask arg from ArmSetMemoryAttributes
We no longer make use of the ArmMmuLib 'feature' to create aliased
memory ranges with mismatched attributes, and in fact, it was only
wired up in the ARM version to begin with.

So remove the VirtualMask argument from ArmSetMemoryAttributes()'s
prototype, and remove the dead code that referred to it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 09:38:08 +01:00
Ard Biesheuvel 521f3cedac ArmPkg: move ARM version of SetMemoryAttributes to ArmMmuLib
... where it belongs, since AARCH64 already keeps it there, and
non DXE users of ArmMmuLib (such as DxeIpl, for the non-executable
stack) may need its functionality as well.

While at it, rename SetMemoryAttributes to ArmSetMemoryAttributes,
and make any functions that are not exported STATIC. Also, replace
an explicit gBS->AllocatePages() call [which is DXE specific] with
MemoryAllocationLib::AllocatePages().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 09:38:08 +01:00
Ard Biesheuvel f49ea03de7 ArmPkg/ArmMmuLib: use correct return type for exported functions
The routines ArmConfigureMmu(), SetMemoryAttributes() [*] and the
various set/clear read-only/no-exec routines are declared as returning
EFI_STATUS in the respective header files, so align the definitions with
that.

* SetMemoryAttributes() is declared in the wrong header (and defined in
  ArmMmuLib for AARCH64 and in CpuDxe for ARM)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 09:37:09 +01:00
Ard Biesheuvel 08b504d9d8 ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes()
Enable the use of strict memory permissions on ARM by processing the
EFI_MEMORY_RO and EFI_MEMORY_XP rather than ignoring them. As before,
calls to CpuArchProtocol::SetMemoryAttributes that only set RO/XP
bits will preserve the cacheability attributes. Permissions attributes
are not preserved when setting the memory type only: the way the memory
permission attributes are defined does not allows for that, and so this
situation does not deviate from other architectures.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 09:10:01 +01:00
Ard Biesheuvel 22c7a5b70e ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance
Page and section entries in the page tables are updated using the
helper ArmUpdateTranslationTableEntry(), which cleans the page
table entry to the PoC, and invalidates the TLB entry covering
the page described by the entry being updated.

Since we may be updating section entries, we might be leaving stale
TLB entries at this point (for all pages in the section except the
first one), which will be invalidated wholesale at the end of
SetMemoryAttributes(). At that point, all caches are cleaned *and*
invalidated as well.

This cache maintenance is costly and unnecessary. The TLB maintenance
is only necessary if we updated any section entries, since any page
by page entries that have been updated will have been invalidated
individually by ArmUpdateTranslationTableEntry().

So drop the clean/invalidate of the caches, and only perform the
full TLB flush if UpdateSectionEntries() was called, or if sections
were split by UpdatePageEntries(). Finally, make the cache maintenance
on the remapped regions themselves conditional on whether any memory
type attributes were modified.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 09:10:01 +01:00
Ard Biesheuvel df809efe13 ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily
Currently, any range passed to CpuArchProtocol::SetMemoryAttributes is
fully broken down into page mappings if the start or the size of the
region happens to be misaliged relative to the section size of 1 MB.

This is going to result in memory being wasted on second level page tables
when we enable strict memory permissions, given that we remap the entire
RAM space non-executable (modulo the code bits) when the CpuArchProtocol
is installed.

So refactor the code to iterate over the range in a way that ensures
that all naturally aligned section sized subregions are not broken up.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-03-07 09:10:01 +01:00
Ard Biesheuvel 3b44bb5527 ArmPkg/CpuDxe: ignore attribute changes during SyncCacheConfig()
To prevent the initial MMU->GCD memory space map synchronization from
stripping permissions attributes [which we cannot use in the GCD memory
space map, unfortunately], implement the same approach as x86, and ignore
SetMemoryAttributes() calls during the time SyncCacheConfig() is in
progress. This is a horrible hack, but is currently the only way we can
implement strict permissions on arbitrary memory regions [as opposed to
PE/COFF text/data sections only]

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-28 14:59:50 +00:00
Ard Biesheuvel 40f4246589 ArmPkg: remove unused PcdArmUncachedMemoryMask PCD
This removes the PCD PcdArmUncachedMemoryMask from ArmPkg, along with
any remaining references to it in various platform .DSC files. It is
no longer used now that we removed the virtual uncached pages protocol
and the associated DebugUncachedMemoryAllocationLib library instance.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-27 16:18:29 +00:00
Ard Biesheuvel fc7bd8939d ArmPkg/CpuDxe: remove VirtualUncachedPages protocol and implementation
Virtual uncached pages are simply pages that are aliased using mismatched
attributes, which is not allowed by the ARM architecture. So remove the
protocol and its implementation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-23 17:57:55 +00:00
Ard Biesheuvel a76d0e88c3 ArmPkg: remove DebugUncachedMemoryAllocationLib
The debug implementation of the UncachedMemoryAllocationLib library
class relies on the creation of an uncached alias of a memory range,
while keeping the original cached mapping, but with read-only attributes
to trap inadvertent write accesses.

This is not a terribly good idea, given that the ARM architecture does
not allow mismatched attributes, and so creating them deliberately is
not something we should encourage by doing it in reference code.

So remove the library, and replace all references to it with a reference
to the non-debug version (unless the platform does not require a resolution
for it in the first place, in which case all UncachedMemoryAllocationLib
references can be removed altogether).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-23 17:56:10 +00:00
Ard Biesheuvel 526f160f31 ArmPkg/ArmMmuLib: AARCH64: enable stack alignment checking
Enable the hardware stack alignment check, as mandated by the UEFI spec.
This ensures that the stack pointer is 16 byte aligned at each instance
where it is used as the base address in a load/store operation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-22 13:22:42 +00:00
Ard Biesheuvel 97f0d01d5d ArmPkg/ArmLib: AARCH64: allow the stack aligment (SA) bit to be managed
In preparation of enabling stack alignment checking, which is mandated
by the UEFI spec for AARCH64, add the code to manage this bit to ArmLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-22 13:22:42 +00:00
Ard Biesheuvel de2a78247a ArmPkg/ArmLib: AARCH64: set frame pointer in cache maintenance routine
Stack and unstack the frame pointer according to the AAPCS in
AArch64AllDataCachesOperation ().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-02-22 13:22:41 +00:00