ArmPkg/AArch64Mmu: don't let table entries inherit XN permission bits

When we split a block entry into a table entry, the UXN/PXN/XN permission
attributes are inherited both by the new table entry and by the new block
entries at the next level down. Unlike the NS bit, which only affects the
next level of lookup, the XN table bits supersede the permissions of the
final translation, and setting the permissions at multiple levels is not
only redundant, it also prevents us from lifting XN restrictions on a
subregion of the original block entry by simply clearing the appropriate
bits at the lowest level.

So drop the code that sets the UXN/PXN/XN bits on the table entries.

Reported-by: "Oliyil Kunnil, Vishal" <vishalo@qti.qualcomm.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

1 files changed, 0 insertions, 7 deletions

diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
index 48ca827184..cf9b7222b4 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Mmu.c
@@ -306,13 +306,6 @@ GetBlockEntryListFromAddress (
 

         // Convert the block entry attributes into Table descriptor attributes

         TableAttributes = TT_TABLE_AP_NO_PERMISSION;

-        if (Attributes & TT_PXN_MASK) {

-          TableAttributes = TT_TABLE_PXN;

-        }

-        // XN maps to UXN in the EL1&0 translation regime

-        if (Attributes & TT_XN_MASK) {

-          TableAttributes = TT_TABLE_XN;

-        }

         if (Attributes & TT_NS) {

           TableAttributes = TT_TABLE_NS;

         }