[RFC v2][PATCH 07/11] ARM: mm: set DOMAIN_WR_RARE for rodata

Kees Cook Wed, 29 Mar 2017 11:18:48 -0700

This creates DOMAIN_WR_RARE for the kernel's .rodata section, separate
from DOMAIN_KERNEL to avoid predictive fetching in device memory during
a DOMAIN_MANAGER transition.


TODO: handle kernel module vmalloc memory, which needs to be marked as
DOMAIN_WR_RARE too, for module .rodata sections.

Signed-off-by: Kees Cook <keesc...@chromium.org>
---
 arch/arm/include/asm/domain.h | 3 +++
 arch/arm/mm/dump.c            | 2 ++
 arch/arm/mm/init.c            | 7 ++++---
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
index 8b33bd7f6bf9..b5ca80ac823c 100644
--- a/arch/arm/include/asm/domain.h
+++ b/arch/arm/include/asm/domain.h
@@ -43,6 +43,7 @@
 #define DOMAIN_IO      0
 #endif
 #define DOMAIN_VECTORS 3
+#define DOMAIN_WR_RARE 4
 
 /*
  * Domain types
@@ -69,11 +70,13 @@
 #define DACR_INIT \
        (__DACR_INIT_USER | \
         domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
+        domain_val(DOMAIN_WR_RARE, DOMAIN_CLIENT) | \
         domain_val(DOMAIN_IO, DOMAIN_CLIENT) | \
         domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT))
 
 #define __DACR_DEFAULT \
        domain_val(DOMAIN_KERNEL, DOMAIN_CLIENT) | \
+       domain_val(DOMAIN_WR_RARE, DOMAIN_CLIENT) | \
        domain_val(DOMAIN_IO, DOMAIN_CLIENT) | \
        domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT)
 
diff --git a/arch/arm/mm/dump.c b/arch/arm/mm/dump.c
index 35ff45470dbf..b1aa9a17e0c3 100644
--- a/arch/arm/mm/dump.c
+++ b/arch/arm/mm/dump.c
@@ -288,6 +288,8 @@ static const char *get_domain_name(pmd_t *pmd)
                return "IO     ";
        case PMD_DOMAIN(DOMAIN_VECTORS):
                return "VECTORS";
+       case PMD_DOMAIN(DOMAIN_WR_RARE):
+               return "WR_RARE";
        default:
                return "unknown";
        }
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index 1d8558ff9827..d54a74b5718b 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -642,9 +642,10 @@ static struct section_perm ro_perms[] = {
                .mask   = ~L_PMD_SECT_RDONLY,
                .prot   = L_PMD_SECT_RDONLY,
 #else
-               .mask   = ~(PMD_SECT_APX | PMD_SECT_AP_WRITE),
-               .prot   = PMD_SECT_APX | PMD_SECT_AP_WRITE,
-               .clear  = PMD_SECT_AP_WRITE,
+               .mask   = ~(PMD_SECT_APX | PMD_SECT_AP_WRITE | PMD_DOMAIN_MASK),
+               .prot   = PMD_SECT_APX | PMD_SECT_AP_WRITE | \
+                         PMD_DOMAIN(DOMAIN_WR_RARE),
+               .clear  = PMD_SECT_AP_WRITE | PMD_DOMAIN(DOMAIN_KERNEL),
 #endif
        },
 };
-- 
2.7.4

[RFC v2][PATCH 07/11] ARM: mm: set DOMAIN_WR_RARE for rodata

Reply via email to