diff options
| author | Andrew Turner <andrew@FreeBSD.org> | 2025-09-26 15:06:58 +0000 |
|---|---|---|
| committer | Andrew Turner <andrew@FreeBSD.org> | 2025-09-26 15:07:41 +0000 |
| commit | 2554148bd85b172afcc1431df3272f920c82ebce (patch) | |
| tree | 164a5539c41c8ebf2ba2e503e6c6b82788e0325f | |
| parent | cee4802d0e2a4f55cecb270f3ab00febe4c220db (diff) | |
arm64: Add table attributes to the EFI maps
Use table attributes to also limit unprivileged access to the EFI
runtime mappings. This is mostly for parity with pmap as this is never
mapped while userspace could execute.
Reviewed by: tuexen
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D52751
| -rw-r--r-- | sys/arm64/arm64/efirt_machdep.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/arm64/arm64/efirt_machdep.c b/sys/arm64/arm64/efirt_machdep.c index f814d45f5dd0..bde0d4f784dc 100644 --- a/sys/arm64/arm64/efirt_machdep.c +++ b/sys/arm64/arm64/efirt_machdep.c @@ -106,7 +106,8 @@ efi_1t1_l3(vm_offset_t va) if (*l0 == 0) { m = efi_1t1_page(); mphys = VM_PAGE_TO_PHYS(m); - *l0 = PHYS_TO_PTE(mphys) | L0_TABLE; + *l0 = PHYS_TO_PTE(mphys) | TATTR_UXN_TABLE | + TATTR_AP_TABLE_NO_EL0 | L0_TABLE; } else { mphys = PTE_TO_PHYS(*l0); } @@ -117,7 +118,8 @@ efi_1t1_l3(vm_offset_t va) if (*l1 == 0) { m = efi_1t1_page(); mphys = VM_PAGE_TO_PHYS(m); - *l1 = PHYS_TO_PTE(mphys) | L1_TABLE; + *l1 = PHYS_TO_PTE(mphys) | TATTR_UXN_TABLE | + TATTR_AP_TABLE_NO_EL0 | L1_TABLE; } else { mphys = PTE_TO_PHYS(*l1); } @@ -128,7 +130,8 @@ efi_1t1_l3(vm_offset_t va) if (*l2 == 0) { m = efi_1t1_page(); mphys = VM_PAGE_TO_PHYS(m); - *l2 = PHYS_TO_PTE(mphys) | L2_TABLE; + *l2 = PHYS_TO_PTE(mphys) | TATTR_UXN_TABLE | + TATTR_AP_TABLE_NO_EL0 | L2_TABLE; } else { mphys = PTE_TO_PHYS(*l2); } |