From 6bc35cbaca790fc32904cbb4f1bfc30381910ed0 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Wed, 18 Nov 2015 11:51:06 +0000 Subject: ArmPkg/Mmu: set required XN attributes for device mappings To prevent speculative intruction fetches from MMIO ranges that may have side effects on reads, the architecture requires device mappings to be created with the XN or UXN/PXN bits set (for the ARM/EL2 and EL1&0 translation regimes, respectively.) Note that, in the ARM case, this involves moving all accesses to a client domain since permission attributes like XN are ignored from a manager domain. The use of a client domain is actually mandated explicitly by the UEFI spec. Reported-by: Heyi Guo Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Leif Lindholm git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18891 6f19259b-4bc3-4df7-8a09-765794883524 --- ArmPkg/Include/Chipset/ArmV7Mmu.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ArmPkg/Include') diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b/ArmPkg/Include/Chipset/ArmV7Mmu.h index aaa0977205..e38c5f7b05 100644 --- a/ArmPkg/Include/Chipset/ArmV7Mmu.h +++ b/ArmPkg/Include/Chipset/ArmV7Mmu.h @@ -192,6 +192,7 @@ TT_DESCRIPTOR_SECTION_S_NOT_SHARED | \ TT_DESCRIPTOR_SECTION_DOMAIN(0) | \ TT_DESCRIPTOR_SECTION_AP_RW_RW | \ + TT_DESCRIPTOR_SECTION_XN_MASK | \ TT_DESCRIPTOR_SECTION_CACHE_POLICY_SHAREABLE_DEVICE) #define TT_DESCRIPTOR_SECTION_UNCACHED(NonSecure) (TT_DESCRIPTOR_SECTION_TYPE_SECTION | \ ((NonSecure) ? TT_DESCRIPTOR_SECTION_NS : 0) | \ @@ -215,6 +216,7 @@ TT_DESCRIPTOR_PAGE_NG_GLOBAL | \ TT_DESCRIPTOR_PAGE_S_NOT_SHARED | \ TT_DESCRIPTOR_PAGE_AP_RW_RW | \ + TT_DESCRIPTOR_PAGE_XN_MASK | \ TT_DESCRIPTOR_PAGE_CACHE_POLICY_SHAREABLE_DEVICE) #define TT_DESCRIPTOR_PAGE_UNCACHED (TT_DESCRIPTOR_PAGE_TYPE_PAGE | \ TT_DESCRIPTOR_PAGE_NG_GLOBAL | \ -- cgit v1.2.3