Hi, On 6/18/25 11:34, Sascha Hauer wrote: > So far we mapped all RAM as read write with execute permission. This > series series hardens this a bit. The barebox text segment will be > mapped readonly with execute permission, the RO data section as readonly > without execute permission and the remaining RAM will lose its execute > permission. > > I tested this series on ARMv5, ARMv7 and ARMv8. I am not confident > though that there are no regressions, so this new behaviour is behind a > Kconfig option. It is default-y, but can be disabled for debugging > purposses. Once this series has proven stable it can be removed.
Reservations aren't handled correctly and thus if there is e.g. an OP-TEE memory region after the barebox code region, the system hangs. I prepared patches and will send them out soon. Just wanted to give a heads up, so next isn't merged into master before that. Cheers, Ahmad > > Signed-off-by: Sascha Hauer <s.ha...@pengutronix.de> > --- > Changes in v3: > - rework create_sections() for Ahmads comments > - mention CR_S bit and DOMAIN_CLIENT in commit message > - Link to v2: > https://lore.barebox.org/20250617-mmu-xn-ro-v2-0-3c7aa9046...@pengutronix.de > > Changes in v2: > - Tested and fixed for ARMv5 > - merge create_pages() and create_sections() into one functions (ahmad) > - introduce function to create mapping flags based on > CONFIG_ARM_MMU_PERMISSIONS > - Link to v1: > https://lore.barebox.org/20250606-mmu-xn-ro-v1-0-7ee6ddd13...@pengutronix.de > > --- > Sascha Hauer (6): > ARM: pass barebox base to mmu_early_enable() > ARM: mmu: move ARCH_MAP_WRITECOMBINE to header > ARM: MMU: map memory for barebox proper pagewise > ARM: MMU: map text segment ro and data segments execute never > ARM: MMU64: map memory for barebox proper pagewise > ARM: MMU64: map text segment ro and data segments execute never > > arch/arm/Kconfig | 12 ++++++ > arch/arm/cpu/lowlevel_32.S | 1 + > arch/arm/cpu/mmu-common.h | 20 +++++++++ > arch/arm/cpu/mmu_32.c | 89 > ++++++++++++++++++++++++++++++++-------- > arch/arm/cpu/mmu_64.c | 74 +++++++++++++++++++++++++-------- > arch/arm/cpu/uncompress.c | 9 ++-- > arch/arm/include/asm/mmu.h | 2 +- > arch/arm/include/asm/pgtable64.h | 1 + > arch/arm/lib32/barebox.lds.S | 3 +- > arch/arm/lib64/barebox.lds.S | 5 ++- > common/memory.c | 7 +++- > include/mmu.h | 1 + > 12 files changed, 181 insertions(+), 43 deletions(-) > --- > base-commit: fa92c730b34d7ea90309ca10b399ab1a22dc761a > change-id: 20250606-mmu-xn-ro-e2a4c4b080a4 > > Best regards, -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
