From: Sascha Hauer <s.hauer@pengutronix.de>
To: BAREBOX <barebox@lists.infradead.org>
Subject: [PATCH 7/7] ARM: MMU64: map text segment ro and data segments execute never
Date: Fri, 13 Jun 2025 09:58:55 +0200 [thread overview]
Message-ID: <20250613-arm-mmu-xn-ro-v1-7-60f05c6e7b4b@pengutronix.de> (raw)
In-Reply-To: <20250613-arm-mmu-xn-ro-v1-0-60f05c6e7b4b@pengutronix.de>
With this all segments in the DRAM except the text segment are mapped
execute-never so that only the barebox code can actually be executed.
Also map the readonly data segment readonly so that it can't be
modified.
The mapping is only implemented in barebox proper. The PBL still maps
the whole DRAM rwx.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
arch/arm/cpu/mmu_64.c | 31 +++++++++++++++++++++++++++----
arch/arm/include/asm/pgtable64.h | 1 +
arch/arm/lib64/barebox.lds.S | 5 +++--
3 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/arch/arm/cpu/mmu_64.c b/arch/arm/cpu/mmu_64.c
index dc81c1da6add38b59b44a9a4e247ab51ebc2692e..7b021a3f2909f7a445d253579a16cc68f6cbd765 100644
--- a/arch/arm/cpu/mmu_64.c
+++ b/arch/arm/cpu/mmu_64.c
@@ -312,13 +312,19 @@ static unsigned long get_pte_attrs(unsigned flags)
{
switch (flags) {
case MAP_CACHED:
- return CACHED_MEM;
+ return attrs_xn() | CACHED_MEM;
case MAP_UNCACHED:
return attrs_xn() | UNCACHED_MEM;
case MAP_FAULT:
return 0x0;
case ARCH_MAP_WRITECOMBINE:
return attrs_xn() | MEM_ALLOC_WRITECOMBINE;
+ case MAP_CODE:
+ return CACHED_MEM | PTE_BLOCK_RO;
+ case ARCH_MAP_CACHED_RO:
+ return attrs_xn() | CACHED_MEM | PTE_BLOCK_RO;
+ case ARCH_MAP_CACHED_RWX:
+ return CACHED_MEM;
default:
return ~0UL;
}
@@ -376,6 +382,10 @@ void __mmu_init(bool mmu_on)
{
uint64_t *ttb = get_ttb();
struct memory_bank *bank;
+ unsigned long text_start = (unsigned long)&_stext;
+ unsigned long text_size = (unsigned long)&__start_rodata - (unsigned long)&_stext;
+ unsigned long rodata_start = (unsigned long)&__start_rodata;
+ unsigned long rodata_size = (unsigned long)&__end_rodata - rodata_start;
if (!request_barebox_region("ttb", (unsigned long)ttb,
ARM_EARLY_PAGETABLE_SIZE))
@@ -400,7 +410,20 @@ void __mmu_init(bool mmu_on)
pos = rsv->end + 1;
}
- remap_range((void *)pos, bank->start + bank->size - pos, MAP_CACHED);
+ if (IS_ENABLED(CONFIG_ARM_MMU_PERMISSIONS)) {
+ if (region_overlap_size(pos, bank->start + bank->size - pos,
+ text_start, text_size)) {
+ remap_range((void *)pos, text_start - pos, MAP_CACHED);
+ remap_range((void *)text_start, text_size, MAP_CODE);
+ remap_range((void *)rodata_start, rodata_size, ARCH_MAP_CACHED_RO);
+ remap_range((void *)(rodata_start + rodata_size),
+ bank->start + bank->size - (rodata_start + rodata_size), MAP_CACHED);
+ } else {
+ remap_range((void *)pos, bank->start + bank->size - pos, MAP_CACHED);
+ }
+ } else {
+ remap_range((void *)pos, bank->start + bank->size - pos, ARCH_MAP_CACHED_RWX);
+ }
}
/* Make zero page faulting to catch NULL pointer derefs */
@@ -482,7 +505,7 @@ void mmu_early_enable(unsigned long membase, unsigned long memsize, unsigned lon
*/
init_range(2);
- early_remap_range(membase, memsize, MAP_CACHED);
+ early_remap_range(membase, memsize, ARCH_MAP_CACHED_RWX);
if (optee_get_membase(&optee_membase)) {
optee_membase = membase + memsize - OPTEE_SIZE;
@@ -501,7 +524,7 @@ void mmu_early_enable(unsigned long membase, unsigned long memsize, unsigned lon
early_remap_range(optee_membase, OPTEE_SIZE, MAP_FAULT);
early_remap_range(PAGE_ALIGN_DOWN((uintptr_t)_stext), PAGE_ALIGN(_etext - _stext),
- MAP_CACHED);
+ ARCH_MAP_CACHED_RWX);
mmu_enable();
}
diff --git a/arch/arm/include/asm/pgtable64.h b/arch/arm/include/asm/pgtable64.h
index b88ffe6be5254e1b9d3968573d5e9b7a37828a55..6f6ef22717b76baaf7857b12d38c6074871ce143 100644
--- a/arch/arm/include/asm/pgtable64.h
+++ b/arch/arm/include/asm/pgtable64.h
@@ -59,6 +59,7 @@
#define PTE_BLOCK_NG (1 << 11)
#define PTE_BLOCK_PXN (UL(1) << 53)
#define PTE_BLOCK_UXN (UL(1) << 54)
+#define PTE_BLOCK_RO (UL(1) << 7)
/*
* AttrIndx[2:0] encoding (mapping attributes defined in the MAIR* registers).
diff --git a/arch/arm/lib64/barebox.lds.S b/arch/arm/lib64/barebox.lds.S
index 50e4b6f42cb8d4de92b7450e5b864b9056b61916..caddbedd610f68658b7ecf7616947ce02a84e5e8 100644
--- a/arch/arm/lib64/barebox.lds.S
+++ b/arch/arm/lib64/barebox.lds.S
@@ -28,18 +28,19 @@ SECTIONS
}
BAREBOX_BARE_INIT_SIZE
- . = ALIGN(4);
+ . = ALIGN(4096);
__start_rodata = .;
.rodata : {
*(.rodata*)
RO_DATA_SECTION
}
+ . = ALIGN(4096);
+
__end_rodata = .;
_etext = .;
_sdata = .;
- . = ALIGN(4);
.data : { *(.data*) }
.barebox_imd : { BAREBOX_IMD }
--
2.39.5
next prev parent reply other threads:[~2025-06-13 9:09 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-13 7:58 [PATCH 0/7] ARM: Map sections RO/XN Sascha Hauer
2025-06-13 7:58 ` [PATCH 1/7] memory: request RO data section as separate region Sascha Hauer
2025-06-13 9:15 ` Ahmad Fatoum
2025-06-13 7:58 ` [PATCH 2/7] ARM: pass barebox base to mmu_early_enable() Sascha Hauer
2025-06-13 9:17 ` Ahmad Fatoum
2025-06-13 7:58 ` [PATCH 3/7] ARM: mmu: move ARCH_MAP_WRITECOMBINE to header Sascha Hauer
2025-06-13 9:18 ` Ahmad Fatoum
2025-06-13 7:58 ` [PATCH 4/7] ARM: MMU: map memory for barebox proper pagewise Sascha Hauer
2025-06-13 9:23 ` Ahmad Fatoum
2025-06-13 7:58 ` [PATCH 5/7] ARM: MMU: map text segment ro and data segments execute never Sascha Hauer
2025-06-13 10:12 ` Ahmad Fatoum
2025-06-13 10:36 ` Ahmad Fatoum
2025-06-13 7:58 ` [PATCH 6/7] ARM: MMU64: map memory for barebox proper pagewise Sascha Hauer
2025-06-13 10:29 ` Ahmad Fatoum
2025-06-13 7:58 ` Sascha Hauer [this message]
2025-06-13 10:40 ` [PATCH 7/7] ARM: MMU64: map text segment ro and data segments execute never Ahmad Fatoum
2025-06-13 12:44 ` [PATCH 0/7] ARM: Map sections RO/XN Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250613-arm-mmu-xn-ro-v1-7-60f05c6e7b4b@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox