[v2,3/6] arm: Prepare linker scripts for memory permissions

Message ID	20250220135506.151894-4-ilias.apalodimas@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; From: Ilias Apalodimas <ilias.apalodimas@linaro.org> To: xypron.glpk@gmx.de, mark.kettenis@xs4all.nl Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>, Jerome Forissier <jerome.forissier@linaro.org>, Neil Armstrong <neil.armstrong@linaro.org>, Alexey Brodkin <alexey.brodkin@synopsys.com>, Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>, Tom Rini <trini@konsulko.com>, Caleb Connolly <caleb.connolly@linaro.org>, Sumit Garg <sumit.garg@linaro.org>, Huan Wang <alison.wang@nxp.com>, Angelo Dureghello <angelo@kernel-space.org>, Thomas Chou <thomas@wytron.com.tw>, Rick Chen <rick@andestech.com>, Leo <ycliang@andestech.com>, Marek Vasut <marex@denx.de>, Nobuhiro Iwamatsu <iwamatsu@nigauri.org>, Max Filippov <jcmvbkbc@gmail.com>, Sughosh Ganu <sughosh.ganu@linaro.org>, Simon Glass <sjg@chromium.org>, Sam Protsenko <semen.protsenko@linaro.org>, Marc Zyngier <maz@kernel.org>, =?utf-8?q?Pierre-Cl=C3=A9ment_Tosi?= <ptosi@google.com>, Peng Fan <peng.fan@nxp.com>, Richard Henderson <richard.henderson@linaro.org>, Sam Edwards <CFSworks@gmail.com>, Peter Hoyes <Peter.Hoyes@arm.com>, Andre Przywara <andre.przywara@arm.com>, Patrick Rudolph <patrick.rudolph@9elements.com>, Sam Day <me@samcday.com>, Mayuresh Chitale <mchitale@ventanamicro.com>, Mattijs Korpershoek <mkorpershoek@baylibre.com>, Stefan Roese <sr@denx.de>, Jagan Teki <jagan@amarulasolutions.com>, Alex Shumsky <alexthreed@gmail.com>, Joshua Watt <jpewhacker@gmail.com>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Evgeny Bachinin <EABachinin@salutedevices.com>, Michal Simek <michal.simek@amd.com>, Christian Marangi <ansuelsmth@gmail.com>, Jonas Jelonek <jelonek.jonas@gmail.com>, uboot-snps-arc@synopsys.com, u-boot@lists.denx.de, u-boot-qcom@groups.io Subject: [PATCH v2 3/6] arm: Prepare linker scripts for memory permissions Date: Thu, 20 Feb 2025 15:54:40 +0200 Message-ID: <20250220135506.151894-4-ilias.apalodimas@linaro.org> In-Reply-To: <20250220135506.151894-1-ilias.apalodimas@linaro.org> References: <20250220135506.151894-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	Fix page permission on arm64 architectures \| expand [v2,0/6] Fix page permission on arm64 architectures [v2,1/6] meminfo: add memory details for armv8 [v2,2/6] doc: update meminfo with arch specific information [v2,3/6] arm: Prepare linker scripts for memory permissions [v2,4/6] arm64: mmu_change_region_attr() add an option not to break PTEs [v2,5/6] treewide: Add a function to change page permissions [v2,6/6] arm64: Enable RW, RX and RO mappings for the relocated binary

Message ID

20250220135506.151894-4-ilias.apalodimas@linaro.org

State

New

Headers

Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender)
 client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01;
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: xypron.glpk@gmx.de,
	mark.kettenis@xs4all.nl
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Jerome Forissier <jerome.forissier@linaro.org>,
 Neil Armstrong <neil.armstrong@linaro.org>,
 Alexey Brodkin <alexey.brodkin@synopsys.com>,
 Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>,
 Tom Rini <trini@konsulko.com>, Caleb Connolly <caleb.connolly@linaro.org>,
 Sumit Garg <sumit.garg@linaro.org>, Huan Wang <alison.wang@nxp.com>,
 Angelo Dureghello <angelo@kernel-space.org>,
 Thomas Chou <thomas@wytron.com.tw>, Rick Chen <rick@andestech.com>,
 Leo <ycliang@andestech.com>, Marek Vasut <marex@denx.de>,
 Nobuhiro Iwamatsu <iwamatsu@nigauri.org>, Max Filippov <jcmvbkbc@gmail.com>,
 Sughosh Ganu <sughosh.ganu@linaro.org>, Simon Glass <sjg@chromium.org>,
 Sam Protsenko <semen.protsenko@linaro.org>, Marc Zyngier <maz@kernel.org>,
	=?utf-8?q?Pierre-Cl=C3=A9ment_Tosi?= <ptosi@google.com>,
 Peng Fan <peng.fan@nxp.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Sam Edwards <CFSworks@gmail.com>, Peter Hoyes <Peter.Hoyes@arm.com>,
 Andre Przywara <andre.przywara@arm.com>,
 Patrick Rudolph <patrick.rudolph@9elements.com>, Sam Day <me@samcday.com>,
 Mayuresh Chitale <mchitale@ventanamicro.com>,
 Mattijs Korpershoek <mkorpershoek@baylibre.com>, Stefan Roese <sr@denx.de>,
 Jagan Teki <jagan@amarulasolutions.com>, Alex Shumsky <alexthreed@gmail.com>,
 Joshua Watt <jpewhacker@gmail.com>, Jiaxun Yang <jiaxun.yang@flygoat.com>,
 Evgeny Bachinin <EABachinin@salutedevices.com>,
 Michal Simek <michal.simek@amd.com>,
 Christian Marangi <ansuelsmth@gmail.com>,
 Jonas Jelonek <jelonek.jonas@gmail.com>, uboot-snps-arc@synopsys.com,
 u-boot@lists.denx.de, u-boot-qcom@groups.io
Subject: [PATCH v2 3/6] arm: Prepare linker scripts for memory permissions
Date: Thu, 20 Feb 2025 15:54:40 +0200
Message-ID: <20250220135506.151894-4-ilias.apalodimas@linaro.org>
In-Reply-To: <20250220135506.151894-1-ilias.apalodimas@linaro.org>
References: <20250220135506.151894-1-ilias.apalodimas@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

Fix page permission on arm64 architectures | expand

Commit Message

Ilias Apalodimas Feb. 20, 2025, 1:54 p.m. UTC

Upcoming patches are switching the memory mappings to RW, RO, RX
after the U-Boot binary and its data are relocated. Add
annotations in the linker scripts to and mark text, data, rodata
sections and align them to a page boundary.

It's worth noting that .efi_runtime memory permissions are left
untouched for now. There's two problems with EFI currently.

The first problem is that we bundle data, rodata and text in a single
.efi_runtime section which also must be close to .text for now.
As a result we also dont change the permissions for anything contained
in CPUDIR/start.o. In order to fix that we have to decoule .text_rest,
.text and .efi_runtime and have the runtime services on their own
section with proper memory permission annotations (efi_rodata etc).

The efi runtime regions (.efi_runtime_rel) can be relocated by the OS when
the latter is calling SetVirtualAddressMap. Which means we have to
configure those pages as RX for U-Boot but convert them to RWX just before
ExitBootServices. It also needs extra code in efi_tuntime relocation
code since R_AARCH64_NONE are emitted as well if we page align the
section.

Due to the above ignore EFI for now and fix it later once we have the
rest in place.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on AML-S905X-CC
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 arch/arm/cpu/armv8/u-boot.lds  | 59 +++++++++++++++++++++++-----------
 include/asm-generic/sections.h |  2 ++
 2 files changed, 42 insertions(+), 19 deletions(-)

Comments

Richard Henderson Feb. 20, 2025, 6:18 p.m. UTC | #1

On 2/20/25 05:54, Ilias Apalodimas wrote:
> Upcoming patches are switching the memory mappings to RW, RO, RX
> after the U-Boot binary and its data are relocated. Add
> annotations in the linker scripts to and mark text, data, rodata
> sections and align them to a page boundary.
> 
> It's worth noting that .efi_runtime memory permissions are left
> untouched for now. There's two problems with EFI currently.
> 
> The first problem is that we bundle data, rodata and text in a single
> .efi_runtime section which also must be close to .text for now.
> As a result we also dont change the permissions for anything contained
> in CPUDIR/start.o. In order to fix that we have to decoule .text_rest,
> .text and .efi_runtime and have the runtime services on their own
> section with proper memory permission annotations (efi_rodata etc).
> 
> The efi runtime regions (.efi_runtime_rel) can be relocated by the OS when
> the latter is calling SetVirtualAddressMap. Which means we have to
> configure those pages as RX for U-Boot but convert them to RWX just before
> ExitBootServices. It also needs extra code in efi_tuntime relocation
> code since R_AARCH64_NONE are emitted as well if we page align the
> section.
> 
> Due to the above ignore EFI for now and fix it later once we have the
> rest in place.
> 
> Acked-by: Jerome Forissier<jerome.forissier@linaro.org>
> Tested-by: Neil Armstrong<neil.armstrong@linaro.org> # on AML-S905X-CC
> Signed-off-by: Ilias Apalodimas<ilias.apalodimas@linaro.org>
> ---
>   arch/arm/cpu/armv8/u-boot.lds  | 59 +++++++++++++++++++++++-----------
>   include/asm-generic/sections.h |  2 ++
>   2 files changed, 42 insertions(+), 19 deletions(-)

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

diff --git a/arch/arm/cpu/armv8/u-boot.lds b/arch/arm/cpu/armv8/u-boot.lds
index 857f44412e07..f4ce98c82c8d 100644
--- a/arch/arm/cpu/armv8/u-boot.lds
+++ b/arch/arm/cpu/armv8/u-boot.lds
@@ -36,9 +36,18 @@  SECTIONS
                 __efi_runtime_stop = .;
 	}
 
+#ifdef CONFIG_MMU_PGPROT
+	.text_rest ALIGN(CONSTANT(COMMONPAGESIZE)) :
+#else
 	.text_rest :
+#endif
 	{
+		__text_start = .;
 		*(.text*)
+#ifdef CONFIG_MMU_PGPROT
+		. = ALIGN(CONSTANT(COMMONPAGESIZE));
+#endif
+		__text_end = .;
 	}
 
 #ifdef CONFIG_ARMV8_PSCI
@@ -97,35 +106,43 @@  SECTIONS
 		LONG(0x1d1071c);	/* Must output something to reset LMA */
 	}
 #endif
-
-	. = ALIGN(8);
-	.rodata : { *(SORT_BY_ALIGNMENT(SORT_BY_NAME(.rodata*))) }
-
-	. = ALIGN(8);
-	.data : {
-		*(.data*)
+	.efi_runtime_rel : {
+                __efi_runtime_rel_start = .;
+		*(.rel*.efi_runtime)
+		*(.rel*.efi_runtime.*)
+                __efi_runtime_rel_stop = .;
 	}
 
-	. = ALIGN(8);
-
-	. = .;
+#ifdef CONFIG_MMU_PGPROT
+	.rodata ALIGN(CONSTANT(COMMONPAGESIZE)): {
+#else
+	.rodata ALIGN(8) : {
+#endif
+		__start_rodata = .;
+		*(SORT_BY_ALIGNMENT(SORT_BY_NAME(.rodata*)))
+	}
 
-	. = ALIGN(8);
-	__u_boot_list : {
+	__u_boot_list ALIGN(8) : {
 		KEEP(*(SORT(__u_boot_list*)));
+#ifdef CONFIG_MMU_PGPROT
+		. = ALIGN(CONSTANT(COMMONPAGESIZE));
+#endif
+		__end_rodata = .;
 	}
 
-	.efi_runtime_rel : {
-                __efi_runtime_rel_start = .;
-		*(.rel*.efi_runtime)
-		*(.rel*.efi_runtime.*)
-                __efi_runtime_rel_stop = .;
+#ifdef CONFIG_MMU_PGPROT
+	.data ALIGN(CONSTANT(COMMONPAGESIZE)) : {
+#else
+	.data ALIGN(8) : {
+#endif
+	    __start_data = .;
+		*(.data*)
 	}
 
 	. = ALIGN(8);
 	__image_copy_end = .;
 
-	.rela.dyn : {
+	.rela.dyn ALIGN(8) : {
 		__rel_dyn_start = .;
 		*(.rela*)
 		__rel_dyn_end = .;
@@ -136,11 +153,15 @@  SECTIONS
 	/*
 	 * arch/arm/lib/crt0_64.S assumes __bss_start - __bss_end % 8 == 0
 	 */
-	.bss ALIGN(8) : {
+	.bss ADDR(.rela.dyn) (OVERLAY) : {
 		__bss_start = .;
 		*(.bss*)
 		. = ALIGN(8);
 		__bss_end = .;
+#ifdef CONFIG_MMU_PGPROT
+		. = ALIGN(CONSTANT(COMMONPAGESIZE));
+#endif
+		__end_data = .;
 	}
 
 	/DISCARD/ : { *(.dynsym) }
diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h
index 3fd5c772a1af..024b1adde270 100644
--- a/include/asm-generic/sections.h
+++ b/include/asm-generic/sections.h
@@ -23,6 +23,7 @@  extern char __kprobes_text_start[], __kprobes_text_end[];
 extern char __entry_text_start[], __entry_text_end[];
 extern char __initdata_begin[], __initdata_end[];
 extern char __start_rodata[], __end_rodata[];
+extern char __start_data[], __end_data[];
 extern char __efi_helloworld_begin[];
 extern char __efi_helloworld_end[];
 extern char __efi_var_file_begin[];
@@ -63,6 +64,7 @@  static inline int arch_is_kernel_data(unsigned long addr)
 
 /* Start of U-Boot text region */
 extern char __text_start[];
+extern char __text_end[];
 
 /* This marks the text region which must be relocated */
 extern char __image_copy_start[], __image_copy_end[];

[v2,3/6] arm: Prepare linker scripts for memory permissions

Commit Message

Comments

Patch