From patchwork Sat Mar 1 16:48:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 869712 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:1561:b0:38f:210b:807b with SMTP id 1csp1644279wrz; Sun, 2 Mar 2025 04:40:26 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVv+qXF3+DLZxy1N5no7i9A4znq0AqZbrraR9I/pijC3e9azCe3Ks89au/4Z5rHKH6y+WlWUQ==@linaro.org X-Google-Smtp-Source: AGHT+IFziE4oxWWeUDnafOZtSwS1MpcZX1qrW2SwaMWgxgsWZ5RIYOWtELqmKU5MPoqTrQS1dLvf X-Received: by 2002:a05:6000:400a:b0:390:f6be:9a3d with SMTP id ffacd0b85a97d-390f6be9a90mr5854833f8f.35.1740919226638; Sun, 02 Mar 2025 04:40:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1740919226; cv=none; d=google.com; s=arc-20240605; b=dF0DQdJYgqKKSRqrFEzYzfONpnHGfgMCJyVe1pTt8QqqNp+BCeq6bqZXZh7wMw4KyF 3+kbfzDdB6KOAk4Vc4dk0jzeAkz3Z5hl+02ycLRYP4Ts4shaiZ2vXnDt3YxE8qTWfnRG gz6uEz9Sr/RGtr10+MhYE+HLrutr9wPoXZw3ID0W/uyqH2BN6vRq9S/LJdLxs6+O9LLw /sFAZ/N15HkJYDT5RvWsilVLydWRy0RZHW4fF6xD0c7z66rLZIxoYJq6kPnZNKRcCzE+ UkSTyKM+lRGtBNORaR0975FdkndCC2QZHPYWVLon0n9JxcBAdIrBytaxGDfERZ2T7nO2 IaDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=hLpu45rQNgQ1Xx1l//Eo12vdx/3Dnml9joTThgLFGKg=; fh=23pQSMApBBwMyy3EJ1b2IsOhcAcTF4BjCUgikMcJ6Y8=; b=fWgaMWp2eECHXyxDdclkH1wpMuDPpyTKwU2WFycC7C4ihET8JHX5XE8jsWHqN/phCm xTVwOFKe7LVcwD+3AIPwZVWq20SrjshMrVYJlnPKAO4PZGAZ0kLBIaWb3vhrnAqBFt63 GYP2GNciXDMSv9+SV9mP8bYxSwb1QiY6bKdsGKyErnLvRNBJbniz17DFepJfb+A9a0Nl 5aCat4E9GoQPMmxUyl3XHLemD9qczF58UT2iacAvCew1pkFbMHym7Uya4vU6A3w+Y0p0 8GRyDVdAB5PDS+ixEf4lAz4scEOVB+u8fx78AORX7q6cSaEE7YFrHw8M6I5sfjRmoiqa V4xw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MSaL21sv; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id ffacd0b85a97d-390e482bc43si5833726f8f.563.2025.03.02.04.40.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 04:40:26 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=MSaL21sv; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1DAC5806FC; Sun, 2 Mar 2025 13:40:25 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="MSaL21sv"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 94226810FE; Sat, 1 Mar 2025 17:49:47 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E4B8A810F5 for ; Sat, 1 Mar 2025 17:49:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-5e4c0c12bccso5557197a12.1 for ; Sat, 01 Mar 2025 08:49:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1740847784; x=1741452584; darn=lists.denx.de; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=hLpu45rQNgQ1Xx1l//Eo12vdx/3Dnml9joTThgLFGKg=; b=MSaL21svt3kH8E2ab1Vxz02PKnZra5BTnHaYKdf3rbyP4bNl8QMsfGE4aoNV7/Qwny kqitoEdMIfD7zNGoqSG7+CqhT9r4h3HUIESzQqldQCE5194pzwjYMyLHRBTA7duHxHGd NM703luMfT0R9aDIBNM65l1oovl8oR5xSsVblJnFfgKLKrT4tK/AYFpPuMkyzJfD87/r uLls3mpmyQGG6VWtxs8S8SdBvim6kTRj1ktxEGfBUv754GFs68SW3UJclSkGnneWHxMb 9DHI7oG0Z7qZuWRFzYACkZtVXhbV7zEu3J8QrIGgYUwcW83LxGxAKT68zwIijN1ENaaB 72Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740847784; x=1741452584; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hLpu45rQNgQ1Xx1l//Eo12vdx/3Dnml9joTThgLFGKg=; b=tS+xG7oIaWmAToswZcez4dqVRv7/OEHuj+jpKgqv8YcLTvsmtT4RZPF34eVXunDxIG EL7r01bcFwuHTR9M4BWU/3Ksy3HvyogqVej8hoNWLjAEzNNU4kblrA00G2uTnyNDlBdv Ktz3YXvhuM75Y/kgl3C777Bi7B3upjULFyjRGHkHUXsvxcU8MwsJfKrCxDzEhoaOl0MD sg1CSVq3camFaRkcR9VJdkPYE5e5Y/frPtb78aTjM5+k5115x0gYgz7nOe6UP0D0U6f6 W0mvlSBqrX60MChcGbfXqFcuGaAvnGg+wcW5uttjogc1vNPB/qYSq/5bUKMFCGJcpNQk FHyg== X-Forwarded-Encrypted: i=1; AJvYcCXyVHiKk/wvp0o6Gixs4GIoSvUml9n/Vm77eILVxw4MbNH5bKpDvqPU0Wf3IquhdZAHFKVI8MY=@lists.denx.de X-Gm-Message-State: AOJu0Yy6CBf7es/3A0WB2GoPoWO2ZRH7YTdlMmnOue9hcJ5NuwD6I/Xu XRFg67eYcofg4o4+BsPioaqDjDaR1fLf35Gd0C7fnq6SFGtW1yGWA2He+tT+TO4= X-Gm-Gg: ASbGnctvz7eHyf98K0N2S/AC913IclwFbOlnaZPQfObiS5cRx1R4iUk5IiOxwq5fyf3 3oJ38EvPJ7jUBOKm7k1AWrsq7XfcsXkvG0/ddXRQCBou3dy/NCm7MunDrvbKDJN4hwOojqzi72Q Aqb1Kzs8j4N+yZaskMSBOgQcbMrGfeaq4nv/pUtjWguaoFnCvASOEKW0EoxiaRj4kPir0hoTZo8 1ldcivHd/eNAkuMtjc8vnclNM8kCXDq+3Dvdc+pKcBJ/NsG+oMptir4hcgjzMP/64E+No1KNjRG SJZOtYTjistKh+FD1Yw0YDxzi+NVU8TagbF+wcwsr0yOElioBGaGuhu9mcc/f3A47x4ywG1XV4p /6ru9stGFJWXvcZ15Z8KymOg= X-Received: by 2002:a05:6402:848:b0:5dc:d10a:1be8 with SMTP id 4fb4d7f45d1cf-5e4d6b0e6c9mr7990060a12.19.1740847782579; Sat, 01 Mar 2025 08:49:42 -0800 (PST) Received: from localhost.localdomain (ppp176092191135.access.hol.gr. [176.92.191.135]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb5927sm4257231a12.53.2025.03.01.08.49.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Mar 2025 08:49:41 -0800 (PST) From: Ilias Apalodimas To: xypron.glpk@gmx.de, mark.kettenis@xs4all.nl Cc: Ilias Apalodimas , Neil Armstrong , Alexey Brodkin , Eugeniy Paltsev , Tom Rini , Huan Wang , Angelo Dureghello , Thomas Chou , Rick Chen , Leo , Marek Vasut , Nobuhiro Iwamatsu , Max Filippov , Sughosh Ganu , Simon Glass , Caleb Connolly , Marc Zyngier , Sam Protsenko , Richard Henderson , Sam Edwards , Jerome Forissier , Peter Hoyes , Andre Przywara , Patrick Rudolph , Mayuresh Chitale , Mattijs Korpershoek , Stefan Roese , Joshua Watt , Alex Shumsky , Jagan Teki , Jiaxun Yang , Evgeny Bachinin , Christian Marangi , Rasmus Villemoes , Michal Simek , Jonas Jelonek , uboot-snps-arc@synopsys.com, u-boot@lists.denx.de Subject: [PATCH v4 0/6] Fix page permission on arm64 architectures Date: Sat, 1 Mar 2025 18:48:58 +0200 Message-ID: <20250301164922.397441-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.47.2 MIME-Version: 1.0 X-Mailman-Approved-At: Sun, 02 Mar 2025 13:40:23 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Hi this is v4 of [0] [1] [2] [3] This is an attempt to map the U-Boot binary properly and enhance its security posture but leave the area we load binaries unaffected and RWX. Changes since v3: - Call mmu_change_region_attr_nobreak from mmu_change_region_attr() Changes since v2: - Changed the function arguments of pgprot_set_attrs() to enum instead of u64 - Added a new function instead of adding an argument in pgprot_set_attrs() to control break-before-make. This makes the final binary slightly smaller since the callers are using static arguments - Added r-b tags from Richard Changes since v1: - added r-b from Caleb. - The memory map only gets dumped if CONFIG_CMD_MEMINFO_MAP is enabled as Simon asked - reworded some patches and Kconfig messages according to Toms suggestions - Fixed suggestions from Richard on linker scripts and added a Kconfig option to reduce the required page alignment if the feature is not selected - Treating _u_boot_list as .rodata, they end up in RO memory now - The function changing attributes returns an int instead of void so we can reuse it in EFI for the memory attribute protocol -- Heinrich - Correctly cast the size as size_t instead of phys_addr_t in pgprot_set_attrs() Change since RFC: - Fixed the alignment of meminfo command when printing regions - 'meminfo' now prints arch specific attributes e.g PXN, UXN etc for arm instead of RW, RO, RX - Since we don't set the permissions of EFI runtime services yet and keep them as RWX, I removed the linker alignment changes which makes patch #3 easier to review. It's worth noting that qemu-arm sbsa was crashing with the efi services page aligned. This is probably due to a mismatch of memory, since the crash is only reproducible with QEMU instances that have < 2 GB of RAM. I'll fix that along with the efi runtime services - Defined memory attribute changes properly with an enum for RW, RO, RX instead of the hardcoded '1,2,3' I had on the RFC - Enabling mappings is now under a Kconfig (CONFIG_MMU_PGPROT), since peope reported crashes when testing this, which are orthogonal to this patch. We still have places in U-Boot where we define and later write const variables. This will lead to a crash now as const variables are properly managed and places in RO memory - Split patches to be easier to review - Added a patch updating 'meminfo' - Picked up acked-by tags from Jerome [0] https://lore.kernel.org/u-boot/20250205071714.635518-1-ilias.apalodimas@linaro.org/ [1] https://lore.kernel.org/u-boot/20250130072100.27297-1-ilias.apalodimas@linaro.org/ [2] https://lore.kernel.org/u-boot/20250220135506.151894-1-ilias.apalodimas@linaro.org/ [3] https://lore.kernel.org/u-boot/20250227121515.232996-1-ilias.apalodimas@linaro.org/ Neil tested a bunch of board as well so adding his tags here to be picked up for the entire series Tested-by: Neil Armstrong # on AML-S905X-CC Tested-by: Neil Armstrong # on AML-S805X-AC Tested-by: Neil Armstrong # on BananaPi-M5 Tested-by: Neil Armstrong # on BananaPi-M2S Tested-by: Neil Armstrong # on SM8550-QRD Tested-by: Neil Armstrong # on SM8550-HDK Tested-by: Neil Armstrong # on SM8650-QRD Tested-by: Neil Armstrong # on SM8650-HDK Ilias Apalodimas (6): meminfo: add memory details for armv8 doc: update meminfo with arch specific information arm: Prepare linker scripts for memory permissions arm64: mmu_change_region_attr() add an option not to break PTEs treewide: Add a function to change page permissions arm64: Enable RW, RX and RO mappings for the relocated binary arch/arc/lib/cache.c | 6 ++ arch/arm/cpu/arm926ejs/cache.c | 6 ++ arch/arm/cpu/armv7/cache_v7.c | 6 ++ arch/arm/cpu/armv7m/cache.c | 6 ++ arch/arm/cpu/armv8/cache_v8.c | 99 ++++++++++++++++++++++++-------- arch/arm/cpu/armv8/u-boot.lds | 59 +++++++++++++------ arch/arm/include/asm/armv8/mmu.h | 2 + arch/arm/include/asm/system.h | 18 ++++++ arch/arm/lib/cache.c | 6 ++ arch/m68k/lib/cache.c | 6 ++ arch/nios2/lib/cache.c | 6 ++ arch/powerpc/lib/cache.c | 6 ++ arch/riscv/lib/cache.c | 6 ++ arch/sh/cpu/sh4/cache.c | 6 ++ arch/xtensa/lib/cache.c | 6 ++ cmd/meminfo.c | 6 ++ common/Kconfig | 13 +++++ common/board_r.c | 20 +++++++ doc/usage/cmd/meminfo.rst | 71 +++++++++++++++++------ include/asm-generic/sections.h | 2 + include/cpu_func.h | 17 ++++++ 21 files changed, 313 insertions(+), 60 deletions(-) --- 2.47.2