To prevent speculative intruction fetches from MMIO ranges that may
have side effects on reads, the architecture requires device mappings
to be created with the XN or UXN/PXN bits set (for the ARM/EL2 and
EL1&0 translation regimes, respectively.)
Note that, in the ARM case, this involves moving all accesses to a
client domain since permission attributes like XN are ignored from
a manager domain.
Reported-by: Heyi Guo <heyi....@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
ArmPkg/Include/Chipset/ArmV7Mmu.h | 2 ++
ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c | 5 ++++-
ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h
b/ArmPkg/Include/Chipset/ArmV7Mmu.h
index aaa0977205fa..e38c5f7b055d 100644
--- a/ArmPkg/Include/Chipset/ArmV7Mmu.h
+++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h
@@ -192,6 +192,7 @@
TT_DESCRIPTOR_SECTION_S_NOT_SHARED | \
TT_DESCRIPTOR_SECTION_DOMAIN(0) | \
TT_DESCRIPTOR_SECTION_AP_RW_RW | \
+
TT_DESCRIPTOR_SECTION_XN_MASK | \
TT_DESCRIPTOR_SECTION_CACHE_POLICY_SHAREABLE_DEVICE)
#define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure)
(TT_DESCRIPTOR_SECTION_TYPE_SECTION
| \
((NonSecure) ?
TT_DESCRIPTOR_SECTION_NS : 0) | \
@@ -215,6 +216,7 @@
TT_DESCRIPTOR_PAGE_NG_GLOBAL
| \
TT_DESCRIPTOR_PAGE_S_NOT_SHARED
| \
TT_DESCRIPTOR_PAGE_AP_RW_RW
| \
+
TT_DESCRIPTOR_PAGE_XN_MASK
| \
TT_DESCRIPTOR_PAGE_CACHE_POLICY_SHAREABLE_DEVICE)
#define TT_DESCRIPTOR_PAGE_UNCACHED
(TT_DESCRIPTOR_PAGE_TYPE_PAGE
| \
TT_DESCRIPTOR_PAGE_NG_GLOBAL
| \
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
index c8b3d4a121b1..377a7858d436 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
@@ -50,7 +50,10 @@ ArmMemoryAttributeToPageAttribute (
ASSERT(0);
case ARM_MEMORY_REGION_ATTRIBUTE_DEVICE:
case ARM_MEMORY_REGION_ATTRIBUTE_NONSECURE_DEVICE:
- return TT_ATTR_INDX_DEVICE_MEMORY;
+ if (ArmReadCurrentEL () == AARCH64_EL2)
+ return TT_ATTR_INDX_DEVICE_MEMORY | TT_TABLE_XN;
+ else
+ return TT_ATTR_INDX_DEVICE_MEMORY | TT_TABLE_UXN | TT_TABLE_PXN;
}
}
diff --git a/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
b/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
index 1287dfb1a9bb..e05a51e0d901 100644
--- a/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
+++ b/ArmPkg/Library/ArmLib/ArmV7/ArmV7Mmu.c
@@ -294,7 +294,7 @@ ArmConfigureMmu (
DOMAIN_ACCESS_CONTROL_NONE( 3) |
DOMAIN_ACCESS_CONTROL_NONE( 2) |
DOMAIN_ACCESS_CONTROL_NONE( 1) |
- DOMAIN_ACCESS_CONTROL_MANAGER(0));
+ DOMAIN_ACCESS_CONTROL_CLIENT(0));
ArmEnableInstructionCache();
ArmEnableDataCache();
--
1.9.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
