ArmPkg/Mmu: set required XN attributes for device mappings

To prevent speculative intruction fetches from MMIO ranges that may have side effects on reads, the architecture requires device mappings to be created with the XN or UXN/PXN bits set (for the ARM/EL2 and EL1&0 translation regimes, respectively.) Note that, in the ARM case, this involves moving all accesses to a client domain since permission attributes like XN are ignored from a manager domain. The use of a client domain is actually mandated explicitly by the UEFI spec. Reported-by: Heyi Guo <heyi.guo@linaro.org> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18891 6f19259b-4bc3-4df7-8a09-765794883524
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2015-11-18 11:51:06 +0000
committer: abiesheuvel <abiesheuvel@Edk2> 2015-11-18 11:51:06 +0000
commit: 6bc35cbaca790fc32904cbb4f1bfc30381910ed0 (patch)
tree: 130a0662a08c28bac7aa63becf028a0d3aeada02 /ArmPkg/Include
parent: 19bb46c411279dcd30d540c56e5993c5f771c319 (diff)
download: edk2-6bc35cbaca790fc32904cbb4f1bfc30381910ed0.tar.gz
edk2-6bc35cbaca790fc32904cbb4f1bfc30381910ed0.tar.bz2
edk2-6bc35cbaca790fc32904cbb4f1bfc30381910ed0.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/ArmV7Mmu.h
index aaa0977205..e38c5f7b05 100644
--- a/ArmPkg/Include/Chipset/ArmV7Mmu.h
+++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h
@@ -192,6 +192,7 @@
                                                             TT_DESCRIPTOR_SECTION_S_NOT_SHARED                      | \
                                                             TT_DESCRIPTOR_SECTION_DOMAIN(0)                         | \
                                                             TT_DESCRIPTOR_SECTION_AP_RW_RW                          | \
+                                                            TT_DESCRIPTOR_SECTION_XN_MASK                           | \
                                                             TT_DESCRIPTOR_SECTION_CACHE_POLICY_SHAREABLE_DEVICE)
 #define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure)          (TT_DESCRIPTOR_SECTION_TYPE_SECTION                                                           | \
                                                            ((NonSecure) ?  TT_DESCRIPTOR_SECTION_NS : 0)    | \
@@ -215,6 +216,7 @@
                                                         TT_DESCRIPTOR_PAGE_NG_GLOBAL                                                      | \
                                                         TT_DESCRIPTOR_PAGE_S_NOT_SHARED                                                   | \
                                                         TT_DESCRIPTOR_PAGE_AP_RW_RW                                                       | \
+                                                        TT_DESCRIPTOR_PAGE_XN_MASK                                                        | \
                                                         TT_DESCRIPTOR_PAGE_CACHE_POLICY_SHAREABLE_DEVICE)
 #define TT_DESCRIPTOR_PAGE_UNCACHED                (TT_DESCRIPTOR_PAGE_TYPE_PAGE                                                           | \
                                                         TT_DESCRIPTOR_PAGE_NG_GLOBAL                                                      | \
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2015-11-18 11:51:06 +0000
committer	abiesheuvel <abiesheuvel@Edk2>	2015-11-18 11:51:06 +0000
commit	6bc35cbaca790fc32904cbb4f1bfc30381910ed0 (patch)
tree	130a0662a08c28bac7aa63becf028a0d3aeada02 /ArmPkg/Include
parent	19bb46c411279dcd30d540c56e5993c5f771c319 (diff)
download	edk2-6bc35cbaca790fc32904cbb4f1bfc30381910ed0.tar.gz edk2-6bc35cbaca790fc32904cbb4f1bfc30381910ed0.tar.bz2 edk2-6bc35cbaca790fc32904cbb4f1bfc30381910ed0.zip