ArmPkg/ArmMmuLib ARM: Isolate the access flag from AP mask

Split the ARM permission fields in the short descriptors into an access
flag and AP[2:1] as per the recommendation in the ARM ARM. This makes
the access flag available separately, which allows us to implement
EFI_MEMORY_RP memory analogous to how it will be implemented for
AArch64.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>

ArmPkg/Drivers/CpuDxe/Arm/Mmu.c

@@ -50,30 +50,27 @@ SectionToGcdAttributes (
 
   // determine protection attributes
   switch (SectionAttributes & TT_DESCRIPTOR_SECTION_AP_MASK) {
-    case TT_DESCRIPTOR_SECTION_AP_NO_NO: // no read, no write
-      // *GcdAttributes |= EFI_MEMORY_RO | EFI_MEMORY_RP;
-      break;
-
-    case TT_DESCRIPTOR_SECTION_AP_RW_NO:
+    case TT_DESCRIPTOR_SECTION_AP_NO_RW:
     case TT_DESCRIPTOR_SECTION_AP_RW_RW:
       // normal read/write access, do not add additional attributes
       break;
 
     // read only cases map to write-protect
-    case TT_DESCRIPTOR_SECTION_AP_RO_NO:
+    case TT_DESCRIPTOR_SECTION_AP_NO_RO:
     case TT_DESCRIPTOR_SECTION_AP_RO_RO:
       *GcdAttributes |= EFI_MEMORY_RO;
       break;
-
-    default:
-      return EFI_UNSUPPORTED;
   }
 
   // now process eXectue Never attribute
-  if ((SectionAttributes & TT_DESCRIPTOR_SECTION_XN_MASK) != 0 ) {
+  if ((SectionAttributes & TT_DESCRIPTOR_SECTION_XN_MASK) != 0) {
     *GcdAttributes |= EFI_MEMORY_XP;
   }
 
+  if ((SectionAttributes & TT_DESCRIPTOR_SECTION_AF) == 0) {
+    *GcdAttributes |= EFI_MEMORY_RP;
+  }
+
   return EFI_SUCCESS;
 }
 
@@ -114,30 +111,27 @@ PageToGcdAttributes (
 
   // determine protection attributes
   switch (PageAttributes & TT_DESCRIPTOR_PAGE_AP_MASK) {
-    case TT_DESCRIPTOR_PAGE_AP_NO_NO: // no read, no write
-      // *GcdAttributes |= EFI_MEMORY_RO | EFI_MEMORY_RP;
-      break;
-
-    case TT_DESCRIPTOR_PAGE_AP_RW_NO:
+    case TT_DESCRIPTOR_PAGE_AP_NO_RW:
     case TT_DESCRIPTOR_PAGE_AP_RW_RW:
       // normal read/write access, do not add additional attributes
       break;
 
     // read only cases map to write-protect
-    case TT_DESCRIPTOR_PAGE_AP_RO_NO:
+    case TT_DESCRIPTOR_PAGE_AP_NO_RO:
     case TT_DESCRIPTOR_PAGE_AP_RO_RO:
       *GcdAttributes |= EFI_MEMORY_RO;
       break;
-
-    default:
-      return EFI_UNSUPPORTED;
   }
 
   // now process eXectue Never attribute
-  if ((PageAttributes & TT_DESCRIPTOR_PAGE_XN_MASK) != 0 ) {
+  if ((PageAttributes & TT_DESCRIPTOR_PAGE_XN_MASK) != 0) {
     *GcdAttributes |= EFI_MEMORY_XP;
   }
 
+  if ((PageAttributes & TT_DESCRIPTOR_PAGE_AF) == 0) {
+    *GcdAttributes |= EFI_MEMORY_RP;
+  }
+
   return EFI_SUCCESS;
 }
 
@@ -166,6 +160,7 @@ SyncCacheConfigPage (
   // Convert SectionAttributes into PageAttributes
   NextPageAttributes =
     TT_DESCRIPTOR_CONVERT_TO_PAGE_CACHE_POLICY (*NextSectionAttributes) |
+    TT_DESCRIPTOR_CONVERT_TO_PAGE_AF (*NextSectionAttributes) |
     TT_DESCRIPTOR_CONVERT_TO_PAGE_AP (*NextSectionAttributes);
 
   // obtain page table base
@@ -174,7 +169,7 @@ SyncCacheConfigPage (
   for (i = 0; i < TRANSLATION_TABLE_PAGE_COUNT; i++) {
     if ((SecondLevelTable[i] & TT_DESCRIPTOR_PAGE_TYPE_MASK) == TT_DESCRIPTOR_PAGE_TYPE_PAGE) {
       // extract attributes (cacheability and permissions)
-      PageAttributes = SecondLevelTable[i] & (TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK | TT_DESCRIPTOR_PAGE_AP_MASK);
+      PageAttributes = SecondLevelTable[i] & (TT_DESCRIPTOR_PAGE_CACHE_POLICY_MASK | TT_DESCRIPTOR_PAGE_AP_MASK | TT_DESCRIPTOR_PAGE_AF);
 
       if (NextPageAttributes == 0) {
         // start on a new region
@@ -213,6 +208,7 @@ SyncCacheConfigPage (
   // Convert back PageAttributes into SectionAttributes
   *NextSectionAttributes =
     TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (NextPageAttributes) |
+    TT_DESCRIPTOR_CONVERT_TO_SECTION_AF (NextPageAttributes) |
     TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (NextPageAttributes);
 
   return EFI_SUCCESS;
@@ -256,14 +252,14 @@ SyncCacheConfig (
   FirstLevelTable = (ARM_FIRST_LEVEL_DESCRIPTOR *)(ArmGetTTBR0BaseAddress ());
 
   // Get the first region
-  NextSectionAttributes = FirstLevelTable[0] & (TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK);
+  NextSectionAttributes = FirstLevelTable[0] & (TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK | TT_DESCRIPTOR_SECTION_AF);
 
   // iterate through each 1MB descriptor
   NextRegionBase = NextRegionLength = 0;
   for (i = 0; i < TRANSLATION_TABLE_SECTION_COUNT; i++) {
     if ((FirstLevelTable[i] & TT_DESCRIPTOR_SECTION_TYPE_MASK) == TT_DESCRIPTOR_SECTION_TYPE_SECTION) {
       // extract attributes (cacheability and permissions)
-      SectionAttributes = FirstLevelTable[i] & (TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK);
+      SectionAttributes = FirstLevelTable[i] & (TT_DESCRIPTOR_SECTION_CACHE_POLICY_MASK | TT_DESCRIPTOR_SECTION_AP_MASK | TT_DESCRIPTOR_SECTION_AF);
 
       if (NextSectionAttributes == 0) {
         // start on a new region
@@ -383,6 +379,10 @@ EfiAttributeToArmAttribute (
     ArmAttributes |= TT_DESCRIPTOR_SECTION_XN_MASK;
   }
 
+  if ((EfiAttributes & EFI_MEMORY_RP) == 0) {
+    ArmAttributes |= TT_DESCRIPTOR_SECTION_AF;
+  }
+
   return ArmAttributes;
 }
 
@@ -482,6 +482,7 @@ GetMemoryRegion (
     *RegionAttributes = TT_DESCRIPTOR_CONVERT_TO_SECTION_CACHE_POLICY (PageAttributes) |
                         TT_DESCRIPTOR_CONVERT_TO_SECTION_S (PageAttributes) |
                         TT_DESCRIPTOR_CONVERT_TO_SECTION_XN (PageAttributes) |
+                        TT_DESCRIPTOR_CONVERT_TO_SECTION_AF (PageAttributes) |
                         TT_DESCRIPTOR_CONVERT_TO_SECTION_AP (PageAttributes);
   }