From: Ahmad Fatoum <a.fatoum@barebox.org>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
Ahmad Fatoum <a.fatoum@barebox.org>
Subject: [PATCH v4 13/13] ARM: mmu64: map text segment ro and data segments execute never
Date: Mon, 4 Aug 2025 19:22:33 +0200 [thread overview]
Message-ID: <20250804172233.2158462-14-a.fatoum@barebox.org> (raw)
In-Reply-To: <20250804172233.2158462-1-a.fatoum@barebox.org>
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
With this all segments in the DRAM except the text segment are mapped
execute-never so that only the barebox code can actually be executed.
Also map the readonly data segment readonly so that it can't be
modified.
The mapping is only implemented in barebox proper. The PBL still maps
the whole DRAM rwx.
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@barebox.org>
---
arch/arm/Kconfig | 1 -
arch/arm/cpu/mmu-common.c | 3 ---
arch/arm/cpu/mmu_64.c | 18 ++++++++++++++----
arch/arm/include/asm/pgtable64.h | 1 +
arch/arm/lib64/barebox.lds.S | 5 +++--
5 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 18bd0ffa5bf4..7a3952700aa8 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -399,7 +399,6 @@ config ARM_UNWIND
config ARM_MMU_PERMISSIONS
bool "Map with extended RO/X permissions"
- depends on ARM32
default y
help
Enable this option to map readonly sections as readonly, executable
diff --git a/arch/arm/cpu/mmu-common.c b/arch/arm/cpu/mmu-common.c
index a8673d027d17..365d9c89ba7c 100644
--- a/arch/arm/cpu/mmu-common.c
+++ b/arch/arm/cpu/mmu-common.c
@@ -133,9 +133,6 @@ static void mmu_remap_memory_banks(void)
/* Do this while interrupt vectors are still writable */
setup_trap_pages();
- if (!IS_ENABLED(CONFIG_ARM_MMU_PERMISSIONS))
- return;
-
remap_range((void *)code_start, code_size, MAP_CODE);
remap_range((void *)rodata_start, rodata_size, ARCH_MAP_CACHED_RO);
}
diff --git a/arch/arm/cpu/mmu_64.c b/arch/arm/cpu/mmu_64.c
index 6fd767d983b7..8621bcd26cf4 100644
--- a/arch/arm/cpu/mmu_64.c
+++ b/arch/arm/cpu/mmu_64.c
@@ -292,13 +292,19 @@ static unsigned long get_pte_attrs(unsigned flags)
{
switch (flags) {
case MAP_CACHED:
- return CACHED_MEM;
+ return attrs_xn() | CACHED_MEM;
case MAP_UNCACHED:
return attrs_xn() | UNCACHED_MEM;
case MAP_FAULT:
return 0x0;
case ARCH_MAP_WRITECOMBINE:
return attrs_xn() | MEM_ALLOC_WRITECOMBINE;
+ case MAP_CODE:
+ return CACHED_MEM | PTE_BLOCK_RO;
+ case ARCH_MAP_CACHED_RO:
+ return attrs_xn() | CACHED_MEM | PTE_BLOCK_RO;
+ case ARCH_MAP_CACHED_RWX:
+ return CACHED_MEM;
default:
return ~0UL;
}
@@ -316,7 +322,11 @@ static void early_remap_range(uint64_t addr, size_t size, unsigned flags, bool f
int arch_remap_range(void *virt_addr, phys_addr_t phys_addr, size_t size, unsigned flags)
{
- unsigned long attrs = get_pte_attrs(flags);
+ unsigned long attrs;
+
+ flags = arm_mmu_maybe_skip_permissions(flags);
+
+ attrs = get_pte_attrs(flags);
if (attrs == ~0UL)
return -EINVAL;
@@ -453,7 +463,7 @@ void mmu_early_enable(unsigned long membase, unsigned long memsize, unsigned lon
*/
init_range(2);
- early_remap_range(membase, memsize, MAP_CACHED, false);
+ early_remap_range(membase, memsize, ARCH_MAP_CACHED_RWX, false);
if (optee_get_membase(&optee_membase)) {
optee_membase = membase + memsize - OPTEE_SIZE;
@@ -472,7 +482,7 @@ void mmu_early_enable(unsigned long membase, unsigned long memsize, unsigned lon
early_remap_range(optee_membase, OPTEE_SIZE, MAP_FAULT, false);
early_remap_range(PAGE_ALIGN_DOWN((uintptr_t)_stext), PAGE_ALIGN(_etext - _stext),
- MAP_CACHED, false);
+ ARCH_MAP_CACHED_RWX, false);
mmu_enable();
}
diff --git a/arch/arm/include/asm/pgtable64.h b/arch/arm/include/asm/pgtable64.h
index b88ffe6be525..6f6ef22717b7 100644
--- a/arch/arm/include/asm/pgtable64.h
+++ b/arch/arm/include/asm/pgtable64.h
@@ -59,6 +59,7 @@
#define PTE_BLOCK_NG (1 << 11)
#define PTE_BLOCK_PXN (UL(1) << 53)
#define PTE_BLOCK_UXN (UL(1) << 54)
+#define PTE_BLOCK_RO (UL(1) << 7)
/*
* AttrIndx[2:0] encoding (mapping attributes defined in the MAIR* registers).
diff --git a/arch/arm/lib64/barebox.lds.S b/arch/arm/lib64/barebox.lds.S
index 454ae3a95d8d..68cff9dacdeb 100644
--- a/arch/arm/lib64/barebox.lds.S
+++ b/arch/arm/lib64/barebox.lds.S
@@ -25,18 +25,19 @@ SECTIONS
}
BAREBOX_BARE_INIT_SIZE
- . = ALIGN(4);
+ . = ALIGN(4096);
__start_rodata = .;
.rodata : {
*(.rodata*)
RO_DATA_SECTION
}
+ . = ALIGN(4096);
+
__end_rodata = .;
_etext = .;
_sdata = .;
- . = ALIGN(4);
.data : { *(.data*) }
.barebox_imd : { BAREBOX_IMD }
--
2.39.5
next prev parent reply other threads:[~2025-08-04 17:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-04 17:22 [PATCH v4 00/13] ARM: Map sections RO/XN Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 01/13] mmu: explicitly map executable non-SDRAM regions with MAP_CODE Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 02/13] ARM: pass barebox base to mmu_early_enable() Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 03/13] ARM: mmu: move ARCH_MAP_WRITECOMBINE to header Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 04/13] ARM: mmu: map memory for barebox proper pagewise Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 05/13] ARM: mmu: skip TLB invalidation if remapping zero bytes Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 06/13] ARM: mmu: provide setup_trap_pages for both 32- and 64-bit Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 07/13] ARM: mmu: share common memory bank remapping code Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 08/13] ARM: mmu: make mmu_remap_memory_banks clearer with helper Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 09/13] partition: rename region_overlap_end to region_overlap_end_inclusive Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 10/13] partition: define new region_overlap_end_exclusive helper Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 11/13] ARM: mmu: map text segment ro and data segments execute never Ahmad Fatoum
2025-08-04 17:22 ` [PATCH v4 12/13] ARM: mmu64: map memory for barebox proper pagewise Ahmad Fatoum
2025-08-04 17:22 ` Ahmad Fatoum [this message]
2025-08-05 10:18 ` [PATCH v4 00/13] ARM: Map sections RO/XN Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250804172233.2158462-14-a.fatoum@barebox.org \
--to=a.fatoum@barebox.org \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox