arm64: Add table attributes to the EFI maps

Use table attributes to also limit unprivileged access to the EFI
runtime mappings. This is mostly for parity with pmap as this is never
mapped while userspace could execute.

Reviewed by:	tuexen
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D52751
This commit is contained in:
Andrew Turner
2025-09-26 16:06:58 +01:00
parent cee4802d0e
commit 2554148bd8
+6 -3
View File
@@ -106,7 +106,8 @@ efi_1t1_l3(vm_offset_t va)
if (*l0 == 0) {
m = efi_1t1_page();
mphys = VM_PAGE_TO_PHYS(m);
*l0 = PHYS_TO_PTE(mphys) | L0_TABLE;
*l0 = PHYS_TO_PTE(mphys) | TATTR_UXN_TABLE |
TATTR_AP_TABLE_NO_EL0 | L0_TABLE;
} else {
mphys = PTE_TO_PHYS(*l0);
}
@@ -117,7 +118,8 @@ efi_1t1_l3(vm_offset_t va)
if (*l1 == 0) {
m = efi_1t1_page();
mphys = VM_PAGE_TO_PHYS(m);
*l1 = PHYS_TO_PTE(mphys) | L1_TABLE;
*l1 = PHYS_TO_PTE(mphys) | TATTR_UXN_TABLE |
TATTR_AP_TABLE_NO_EL0 | L1_TABLE;
} else {
mphys = PTE_TO_PHYS(*l1);
}
@@ -128,7 +130,8 @@ efi_1t1_l3(vm_offset_t va)
if (*l2 == 0) {
m = efi_1t1_page();
mphys = VM_PAGE_TO_PHYS(m);
*l2 = PHYS_TO_PTE(mphys) | L2_TABLE;
*l2 = PHYS_TO_PTE(mphys) | TATTR_UXN_TABLE |
TATTR_AP_TABLE_NO_EL0 | L2_TABLE;
} else {
mphys = PTE_TO_PHYS(*l2);
}