From ed81f3ebbfb5abc7d0d250fbc71f297a904d71ae Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Tue, 5 Jul 2016 09:55:03 +0100 Subject: Introduce utils.h header file This patch introduces a new header file: include/lib/utils.h. Its purpose is to provide generic macros and helper functions that are independent of any BL image, architecture, platform and even not specific to Trusted Firmware. For now, it contains only 2 macros: ARRAY_SIZE() and IS_POWER_OF_TWO(). These were previously defined in bl_common.h and xlat_tables.c respectively. bl_common.h includes utils.h to retain compatibility for platforms that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream platform ports that use this macro have been updated to include utils.h. Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9 --- include/common/bl_common.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include/common') diff --git a/include/common/bl_common.h b/include/common/bl_common.h index f13dc316..c43ad5ef 100644 --- a/include/common/bl_common.h +++ b/include/common/bl_common.h @@ -137,8 +137,7 @@ #include #include #include - -#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0])) +#include /* To retain compatibility */ /* * Declarations of linker defined symbols to help determine memory layout of -- cgit From 5d1c104f9aa7e1f52607679db96e5695cac266e7 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Fri, 8 Jul 2016 14:37:40 +0100 Subject: Introduce SEPARATE_CODE_AND_RODATA build flag At the moment, all BL images share a similar memory layout: they start with their code section, followed by their read-only data section. The two sections are contiguous in memory. Therefore, the end of the code section and the beginning of the read-only data one might share a memory page. This forces both to be mapped with the same memory attributes. As the code needs to be executable, this means that the read-only data stored on the same memory page as the code are executable as well. This could potentially be exploited as part of a security attack. This patch introduces a new build flag called SEPARATE_CODE_AND_RODATA, which isolates the code and read-only data on separate memory pages. This in turn allows independent control of the access permissions for the code and read-only data. This has an impact on memory footprint, as padding bytes need to be introduced between the code and read-only data to ensure the segragation of the two. To limit the memory cost, the memory layout of the read-only section has been changed in this case. - When SEPARATE_CODE_AND_RODATA=0, the layout is unchanged, i.e. the read-only section still looks like this (padding omitted): | ... | +-------------------+ | Exception vectors | +-------------------+ | Read-only data | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script provides the limits of the whole read-only section. - When SEPARATE_CODE_AND_RODATA=1, the exception vectors and read-only data are swapped, such that the code and exception vectors are contiguous, followed by the read-only data. This gives the following new layout (padding omitted): | ... | +-------------------+ | Read-only data | +-------------------+ | Exception vectors | +-------------------+ | Code | +-------------------+ BLx_BASE In this case, the linker script now exports 2 sets of addresses instead: the limits of the code and the limits of the read-only data. Refer to the Firmware Design guide for more details. This provides platform code with a finer-grained view of the image layout and allows it to map these 2 regions with the appropriate access permissions. Note that SEPARATE_CODE_AND_RODATA applies to all BL images. Change-Id: I936cf80164f6b66b6ad52b8edacadc532c935a49 --- include/common/bl_common.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include/common') diff --git a/include/common/bl_common.h b/include/common/bl_common.h index c43ad5ef..646a8172 100644 --- a/include/common/bl_common.h +++ b/include/common/bl_common.h @@ -143,8 +143,16 @@ * Declarations of linker defined symbols to help determine memory layout of * BL images */ +#if SEPARATE_CODE_AND_RODATA +extern unsigned long __TEXT_START__; +extern unsigned long __TEXT_END__; +extern unsigned long __RODATA_START__; +extern unsigned long __RODATA_END__; +#else extern unsigned long __RO_START__; extern unsigned long __RO_END__; +#endif + #if IMAGE_BL2 extern unsigned long __BL2_END__; #elif IMAGE_BL2U -- cgit