diff options
| author | danh-arm <dan.handley@arm.com> | 2016-07-15 18:55:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-15 18:55:43 +0100 |
| commit | aadb1350eed3c18aec6cd999519cef55d93678b3 (patch) | |
| tree | d851cbd6afa9f9b14676cde93bbf4e49f0cfebf1 /include/plat | |
| parent | 9306f135922bc7811dfc1e24a755c38ce2e671cd (diff) | |
| parent | 91fad6551ee3e5529f9b442cd4a084251cdebe1d (diff) | |
Merge pull request #662 from sandrine-bailleux-arm/sb/rodata-xn
Map read-only data as execute-never
Diffstat (limited to 'include/plat')
| -rw-r--r-- | include/plat/arm/board/common/v2m_def.h | 17 | ||||
| -rw-r--r-- | include/plat/arm/common/plat_arm.h | 20 | ||||
| -rw-r--r-- | include/plat/common/common_def.h | 41 |
3 files changed, 61 insertions, 17 deletions
diff --git a/include/plat/arm/board/common/v2m_def.h b/include/plat/arm/board/common/v2m_def.h index 888792ed..7cee4e8f 100644 --- a/include/plat/arm/board/common/v2m_def.h +++ b/include/plat/arm/board/common/v2m_def.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -119,13 +119,26 @@ #define V2M_SP810_CTRL_TIM2_SEL (1 << 19) #define V2M_SP810_CTRL_TIM3_SEL (1 << 21) +/* + * The flash can be mapped either as read-only or read-write. + * + * If it is read-write then it should also be mapped as device memory because + * NOR flash programming involves sending a fixed, ordered sequence of commands. + * + * If it is read-only then it should also be mapped as: + * - Normal memory, because reading from NOR flash is transparent, it is like + * reading from RAM. + * - Non-executable by default. If some parts of the flash need to be executable + * then platform code is responsible for re-mapping the appropriate portion + * of it as executable. + */ #define V2M_MAP_FLASH0_RW MAP_REGION_FLAT(V2M_FLASH0_BASE,\ V2M_FLASH0_SIZE, \ MT_DEVICE | MT_RW | MT_SECURE) #define V2M_MAP_FLASH0_RO MAP_REGION_FLAT(V2M_FLASH0_BASE,\ V2M_FLASH0_SIZE, \ - MT_MEMORY | MT_RO | MT_SECURE) + MT_RO_DATA | MT_SECURE) #define V2M_MAP_IOFPGA MAP_REGION_FLAT(V2M_IOFPGA_BASE,\ V2M_IOFPGA_SIZE, \ diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h index 2fe0a690..06912eba 100644 --- a/include/plat/arm/common/plat_arm.h +++ b/include/plat/arm/common/plat_arm.h @@ -31,10 +31,10 @@ #define __PLAT_ARM_H__ #include <bakery_lock.h> -#include <bl_common.h> #include <cassert.h> #include <cpu_data.h> #include <stdint.h> +#include <utils.h> #include <xlat_tables.h> #define ARM_CASSERT_MMAP \ @@ -45,20 +45,12 @@ /* * Utility functions common to ARM standard platforms */ - -void arm_configure_mmu_el1(unsigned long total_base, - unsigned long total_size, - unsigned long ro_start, - unsigned long ro_limit -#if USE_COHERENT_MEM - , unsigned long coh_start, - unsigned long coh_limit -#endif -); -void arm_configure_mmu_el3(unsigned long total_base, +void arm_setup_page_tables(unsigned long total_base, unsigned long total_size, - unsigned long ro_start, - unsigned long ro_limit + unsigned long code_start, + unsigned long code_limit, + unsigned long rodata_start, + unsigned long rodata_limit #if USE_COHERENT_MEM , unsigned long coh_start, unsigned long coh_limit diff --git a/include/plat/common/common_def.h b/include/plat/common/common_def.h index 9fac9fa2..d6b77727 100644 --- a/include/plat/common/common_def.h +++ b/include/plat/common/common_def.h @@ -80,5 +80,44 @@ .ep_info.pc = BL2_BASE, \ } -#endif /* __COMMON_DEF_H__ */ +/* + * The following constants identify the extents of the code & read-only data + * regions. These addresses are used by the MMU setup code and therefore they + * must be page-aligned. + * + * When the code and read-only data are mapped as a single atomic section + * (i.e. when SEPARATE_CODE_AND_RODATA=0) then we treat the whole section as + * code by specifying the read-only data section as empty. + * + * BL1 is different than the other images in the sense that its read-write data + * originally lives in Trusted ROM and needs to be relocated in Trusted SRAM at + * run-time. Therefore, the read-write data in ROM can be mapped with the same + * memory attributes as the read-only data region. For this reason, BL1 uses + * different macros. + * + * Note that BL1_ROM_END is not necessarily aligned on a page boundary as it + * just points to the end of BL1's actual content in Trusted ROM. Therefore it + * needs to be rounded up to the next page size in order to map the whole last + * page of it with the right memory attributes. + */ +#if SEPARATE_CODE_AND_RODATA +#define BL_CODE_BASE (unsigned long)(&__TEXT_START__) +#define BL_CODE_LIMIT (unsigned long)(&__TEXT_END__) +#define BL_RO_DATA_BASE (unsigned long)(&__RODATA_START__) +#define BL_RO_DATA_LIMIT (unsigned long)(&__RODATA_END__) + +#define BL1_CODE_LIMIT BL_CODE_LIMIT +#define BL1_RO_DATA_BASE (unsigned long)(&__RODATA_START__) +#define BL1_RO_DATA_LIMIT round_up(BL1_ROM_END, PAGE_SIZE) +#else +#define BL_CODE_BASE (unsigned long)(&__RO_START__) +#define BL_CODE_LIMIT (unsigned long)(&__RO_END__) +#define BL_RO_DATA_BASE 0 +#define BL_RO_DATA_LIMIT 0 +#define BL1_CODE_LIMIT round_up(BL1_ROM_END, PAGE_SIZE) +#define BL1_RO_DATA_BASE 0 +#define BL1_RO_DATA_LIMIT 0 +#endif /* SEPARATE_CODE_AND_RODATA */ + +#endif /* __COMMON_DEF_H__ */ |