arm64: Mark EFI memory as userspace non-executable

FEAT_PAN3 adds the SCTLR_EL1.EPAN field. This tells the hardware to
raise a permission abort when userspace could execute a page, i.e. the
ATTR_S1_UXN field is clear in the page table.

This causes issues for the EFI runtime as we only mark non-executable
pages with this flag leading to a permission fault when accessing it.

Fix this by marking all EFI mappings with ATTR_S1_UXN. The kernel
already had this field set so was already safe.

Reported by:	tuexen
Reviewed by:	tuexen
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D52750

1 files changed, 3 insertions, 2 deletions

diff --git a/sys/arm64/arm64/efirt_machdep.c b/sys/arm64/arm64/efirt_machdep.c
index 0301eb91c9ef..f814d45f5dd0 100644
--- a/sys/arm64/arm64/efirt_machdep.c
+++ b/sys/arm64/arm64/efirt_machdep.c
@@ -218,8 +218,9 @@ efi_create_1t1_map(struct efi_md *map, int ndesc, int descsz)
 			    p->md_phys, mode, p->md_pages);
 		}
 
-		l3_attr = ATTR_AF | pmap_sh_attr | ATTR_S1_IDX(mode) |
-		    ATTR_S1_AP(ATTR_S1_AP_RW) | ATTR_S1_nG | L3_PAGE;
+		l3_attr = ATTR_S1_UXN | ATTR_AF | pmap_sh_attr |
+		    ATTR_S1_IDX(mode) | ATTR_S1_AP(ATTR_S1_AP_RW) |
+		    ATTR_S1_nG | L3_PAGE;
 		if (mode == VM_MEMATTR_DEVICE || p->md_attr & EFI_MD_ATTR_XP)
 			l3_attr |= ATTR_S1_XN;