From patchwork Thu Feb 27 12:14:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 868965 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:1561:b0:38f:210b:807b with SMTP id 1csp247281wrz; Thu, 27 Feb 2025 04:58:08 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWi8ctABzKa05Yde5hWa/E0tTXttRapFbUo2rGcEL+J3K4g09RPysCp5NYY3GWk5Innj0eykw==@linaro.org X-Google-Smtp-Source: AGHT+IES/smYk9mBtzXDBsXgUtlptqsDTEqNW7GlWaczGX9gGTNUdWZ3pNpZA0BWNbQ/fSxM93Rg X-Received: by 2002:a17:906:30cf:b0:ab7:b2a7:9cb8 with SMTP id a640c23a62f3a-abeeed7a3camr805349966b.15.1740661087824; Thu, 27 Feb 2025 04:58:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1740661087; cv=none; d=google.com; s=arc-20240605; b=H8q4jLvyRZXI2g/YsLcEmKpthuHxVriaAbZqvBv8u0mM+pwqpXbtkSk2SUzIXCO+pV hhDBZIHxLRgNvdtrWTLE+3Oueyht6Z2hIn2Mm27PcfSet109TFuI0wQaU+cI+zoEbVxM TZxHiFIJ1oh7Sfoe4JtRXxEg6IgSzc5jhUlrmkkjK8LQvfatDlcI5FTIBjtN4NPd2V5+ EA2g2wcnl7eBOj5K9b0VeIlnx1NBZdP6XNnZyA+jr6cpELKWJZ0tHeHASL/HITgBsji/ 9XdTvaQA4M6mi1LbGZQlNAas61xEAkU5Sz3eI9kWTnKPX7gpoMTMoFI3V/Nv7WxjKJeM VWkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=PVfIOgHxpE9oah2uVOuIo9KhwUxCA9wrkpQ/cElJizo=; fh=TMmu+XQAvQG6D0fNdhrxxVZvGjL2K/F8JArN86yCTcY=; b=DD4GJ455MyAscpeS7t8lXOZfh+MqeiWZBMPvDcNciymFj5v5khk/flidd/sQ8HM74e Xr4sR+3vFFcQtofJIm9Jutr1xJ3CPb2VRNKrDuzFi/DO4SKtZ5pe2l+jVR3UhfzVy/gq BIo4megdq2DEfu/aLKivkOVEdlC8MN5towUZKnkFW9yGiDpy4t1Sl1dGHwnRF1CM0I7s miOx4vnDhAanKxo04o/Oo9DD7EpdhW735CiFBJZK6MBuBylGn7AaZIBUe4EvVS5yeDFW P61DJTGkhHPUS9jIontMh+821OKajumOZNiXXsJVl+8LfISoZSuvAWnKEKh0TaAmkqP/ cdIQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yuT8Yl3n; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id a640c23a62f3a-abf0c78118fsi150980166b.478.2025.02.27.04.58.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2025 04:58:07 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=yuT8Yl3n; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CA164811E0; Thu, 27 Feb 2025 13:56:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="yuT8Yl3n"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1083D810EA; Thu, 27 Feb 2025 13:16:05 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A7E00801FB for ; Thu, 27 Feb 2025 13:16:02 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-abb86beea8cso158627166b.1 for ; Thu, 27 Feb 2025 04:16:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1740658562; x=1741263362; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PVfIOgHxpE9oah2uVOuIo9KhwUxCA9wrkpQ/cElJizo=; b=yuT8Yl3nz0C656ejHziEFOe8g3O+LwGUXAHFjV7PaxcBHql3saKsdmC1jC6zhnFZ/l EWXQcmDWjdp5ytv9KAcUyF9QbZoSzG9iCRyRVduZ8O5kzA58UsJ8Cz/FCRPKAFOdPrnB Sfx7NqsmRD2gjsZXG6XR3ULyUey9BmOlZlnyip4iOaJGR3ua9xXq54QWVtRxOkzLn14y lGfLFQTHaJBZw/sJ10/wBUzKM7k1xRVgKooWP8lZJ9EzmOrKal2hfqE4KyIYQEQ+ShRU b71qmtaQ2cbe52ugoDOUyq+FT9INnrrASXs6kmtWrsrXo2zGBjRkdUv8iAttB3/xybsK Z3ZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740658562; x=1741263362; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PVfIOgHxpE9oah2uVOuIo9KhwUxCA9wrkpQ/cElJizo=; b=HP8Flx/AxON743/myKHTtVoBf5yyyoy2dSUKpX47SJ/08vOLlXKIG+hdbQIr+ze4E0 ZPPGQS8bMB0NjXJWZyoIK8tR81Pqyc6Uh7oi52RJQy8sqbVrtCGkStdC+N0vTL0YHjmb 8TTFNi4ttdLViDT5ZK2dZuUeRwNQXQxskAD6kbSXaoYY5H3RvoOMd+z9s4nAY3j1UFYj gAzPDb92B0yk5sRQhIxxQoKOh7wCiCC/9PR6jUwNzhND06eG4fte4dqGPGb8AuZDw6UO 2p73KXES6TFp6qXpO74cS1B5X4qZzccBPO/Ac0iZP2ns7zKi8PTNVu8xHreEGDgo91wa u04g== X-Forwarded-Encrypted: i=1; AJvYcCXLZTnHe+cMKk5MDDUimtHxce0ZyAIdHo8gVX8XP3Gw6jMZPNZbgF8bxXAOWX5SFH7PMS+Ln7U=@lists.denx.de X-Gm-Message-State: AOJu0YxMQZxpmNXIjx2sjQKBykXTfeUFQrDQFqr+EEBvoCtaBDn1gogQ 4IxF3P2IBQugIJW3Bg2iNkJEAOpsAkbF6zA4yB/lQMwIUN6zWNJldwwwZGzYZGg= X-Gm-Gg: ASbGncvF2pkDJAmBUCz/i1Fm/zNmxCYlng0y1yuTX7oO1xmDua9sw5Tx+RT47nY0xpW 3oLed0/XSyqnEe+zNXN5C5LWRGm4EgCEYIsgRwCOmWST0ldxe/e8eGSJ9Pr0jiNiDA0LQiXXT/x jpDNu64pvcfzq+PftCU9NmcT33hyvFm7MEhPkbWG/u6bBnJdHD32qKs2YIUKLLRrPoaYTMSYFuo X3TlfUvAUVrNJAHCPX846ZdpdsUsaa4NI/5bmThWgau3G2SgoZndtK5ecLUV9jo1rxLEw/7teaN +0LNB4xNn8ADSvpuUbqxJbi0jxtxSt162dAcKJLRUfFRoa3WEqWk9JBl/cv/OUuSiNY/FpPwKPX vCgBA X-Received: by 2002:a17:906:4c2:b0:abc:a1b:2781 with SMTP id a640c23a62f3a-abeeed0d62fmr882122066b.4.1740658562029; Thu, 27 Feb 2025 04:16:02 -0800 (PST) Received: from localhost.localdomain (ppp176092191135.access.hol.gr. [176.92.191.135]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-abf0c0dc168sm114736566b.70.2025.02.27.04.15.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 27 Feb 2025 04:16:01 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de, mark.kettenis@xs4all.nl Cc: Ilias Apalodimas , Jerome Forissier , Richard Henderson , Alexey Brodkin , Eugeniy Paltsev , Tom Rini , Huan Wang , Angelo Dureghello , Thomas Chou , Rick Chen , Leo , Marek Vasut , Nobuhiro Iwamatsu , Max Filippov , Sughosh Ganu , Simon Glass , Caleb Connolly , =?utf-8?q?Pierre-Cl=C3=A9ment_T?= =?utf-8?q?osi?= , Neil Armstrong , Sam Protsenko , Sam Edwards , Peter Hoyes , Andre Przywara , Patrick Rudolph , Mayuresh Chitale , Mattijs Korpershoek , Harrison Mutai , Stefan Roese , Jagan Teki , Joshua Watt , Raymond Mao , Jiaxun Yang , Evgeny Bachinin , Peter Robinson , Christian Marangi , Michal Simek , Jonas Jelonek , uboot-snps-arc@synopsys.com, u-boot@lists.denx.de Subject: [PATCH v3 6/6] arm64: Enable RW, RX and RO mappings for the relocated binary Date: Thu, 27 Feb 2025 14:14:56 +0200 Message-ID: <20250227121515.232996-7-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250227121515.232996-1-ilias.apalodimas@linaro.org> References: <20250227121515.232996-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 27 Feb 2025 13:56:54 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Now that we have everything in place switch the page permissions for .rodata, .text and .data just after we relocate everything in top of the RAM. Unfortunately we can't enable this by default, since we have examples of U-Boot crashing due to invalid access. This usually happens because code defines const variables that it later writes. So hide it behind a Kconfig option until we sort it out. It's worth noting that EFI runtime services are not covered by this patch on purpose. Since the OS can call SetVirtualAddressMap which can relocate runtime services, we need to set them to RX initially but remap them as RWX right before ExitBootServices. Link: https://lore.kernel.org/u-boot/20250129-rockchip-pinctrl-const-v1-0-450ccdadfa7e@cherry.de/ Link: https://lore.kernel.org/u-boot/20250130133646.2177194-1-andre.przywara@arm.com/ Reviewed-by: Jerome Forissier Reviewed-by: Richard Henderson Signed-off-by: Ilias Apalodimas --- common/Kconfig | 13 +++++++++++++ common/board_r.c | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/common/Kconfig b/common/Kconfig index 1d6de8badf75..edb857e4de7f 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -914,6 +914,19 @@ config STACKPROTECTOR Enable stack smash detection through compiler's stack-protector canary logic +config MMU_PGPROT + bool "Enable RO, RW and RX mappings" + help + U-Boot maps all pages as RWX. If selected pages will + be marked as RO(.rodata), RX(.text), RW(.data) right after + we relocate. Since code sections needs to be page aligned + the final binary size will increase. The mappings can be dumped + using the 'meminfo' command. + + Enabling this feature can expose bugs in U-Boot where we have + code that violates read-only permissions for example. Use this + feature with caution. + config SPL_STACKPROTECTOR bool "Stack Protector buffer overflow detection for SPL" depends on STACKPROTECTOR && SPL diff --git a/common/board_r.c b/common/board_r.c index 179259b00de8..65111e2fc97a 100644 --- a/common/board_r.c +++ b/common/board_r.c @@ -170,7 +170,27 @@ static int initr_reloc_global_data(void) efi_save_gd(); efi_runtime_relocate(gd->relocaddr, NULL); + #endif + /* + * We are done with all relocations change the permissions of the binary + * NOTE: __start_rodata etc are defined in arm64 linker scripts and + * sections.h. If you want to add support for your platform you need to + * add the symbols on your linker script, otherwise they will point to + * random addresses. + * + */ + if (IS_ENABLED(CONFIG_MMU_PGPROT)) { + pgprot_set_attrs((phys_addr_t)(uintptr_t)(__start_rodata), + (size_t)(uintptr_t)(__end_rodata - __start_rodata), + MMU_ATTR_RO); + pgprot_set_attrs((phys_addr_t)(uintptr_t)(__start_data), + (size_t)(uintptr_t)(__end_data - __start_data), + MMU_ATTR_RW); + pgprot_set_attrs((phys_addr_t)(uintptr_t)(__text_start), + (size_t)(uintptr_t)(__text_end - __text_start), + MMU_ATTR_RX); + } return 0; }