CVS commit: src/sys/arch/aarch64

Mon, 06 Aug 2018 13:05:56 -0700 

Module Name:    src
Committed By:   ryo
Date:           Mon Aug  6 20:05:26 UTC 2018

Modified Files:
        src/sys/arch/aarch64/aarch64: locore.S
        src/sys/arch/aarch64/conf: kern.ldscript

Log Message:
set kernel rodata/data non-executable.
set rodata section on 2Mbytes aligned. (kernel image is mapped with 2Mbytes L2 
block)


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/arch/aarch64/aarch64/locore.S
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/aarch64/conf/kern.ldscript

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/aarch64/aarch64/locore.S
diff -u src/sys/arch/aarch64/aarch64/locore.S:1.15 src/sys/arch/aarch64/aarch64/locore.S:1.16
--- src/sys/arch/aarch64/aarch64/locore.S:1.15	Mon Aug  6 12:50:56 2018
+++ src/sys/arch/aarch64/aarch64/locore.S	Mon Aug  6 20:05:26 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.15 2018/08/06 12:50:56 ryo Exp $	*/
+/*	$NetBSD: locore.S,v 1.16 2018/08/06 20:05:26 ryo Exp $	*/
 
 /*
  * Copyright (c) 2017 Ryo Shimizu <[email protected]>
@@ -35,7 +35,7 @@
 #include <aarch64/hypervisor.h>
 #include "assym.h"
 
-RCSID("$NetBSD: locore.S,v 1.15 2018/08/06 12:50:56 ryo Exp $")
+RCSID("$NetBSD: locore.S,v 1.16 2018/08/06 20:05:26 ryo Exp $")
 
 /* #define DEBUG_LOCORE */
 /* #define DEBUG_MMU */
@@ -684,6 +684,38 @@ arm_boot_l0pt_init:
 	cmp	x2, x3
 	blo	1b
 
+
+	/* add eXecute Never bit from _rodata to _end */
+	VERBOSE("Set kernel rodata/data non-Executable\r\n")
+	ldr	x0, =__rodata_start
+	ands	x0, x0, #(L2_SIZE - 1)
+	beq	1f
+	PRINT("Warning: rodata section not aligned on size of L2 block\r\n")
+1:
+	/* x2 = l2pde_index(__rodata_start) */
+	ldr	x2, =__rodata_start
+	mov	x0, #(L2_SIZE - 1)
+	add	x2, x2, x0		/* round block */
+	and	x2, x2, #L2_ADDR_BITS
+	lsr	x2, x2, #L2_SHIFT
+
+	/* x3 = l2pde_inex(_end) */
+	ldr	x3, =_end
+	and	x3, x3, #L2_ADDR_BITS
+	lsr	x3, x3, #L2_SHIFT
+
+	ADDR	x1, ttbr1_l2table_kva
+	b	9f
+1:
+	ldr	x0, [x1, x2, lsl #3]	/* x0 = l2table[x2] */
+	orr	x0, x0, #(LX_BLKPAG_UXN|LX_BLKPAG_PXN)
+	str	x0, [x1, x2, lsl #3]	/* l2table[x2] = x0 */
+	add	x2, x2, #1
+9:
+	cmp	x2, x3			/* including the L2 block of _end[] */
+	bls	1b
+
+
 	VERBOSE("Creating devmap tables\r\n")
 	/* devmap=PA table for L1 */
 	ADDR	x0, ttbr1_l1table_kva

Index: src/sys/arch/aarch64/conf/kern.ldscript
diff -u src/sys/arch/aarch64/conf/kern.ldscript:1.6 src/sys/arch/aarch64/conf/kern.ldscript:1.7
--- src/sys/arch/aarch64/conf/kern.ldscript:1.6	Fri Aug  3 16:32:55 2018
+++ src/sys/arch/aarch64/conf/kern.ldscript	Mon Aug  6 20:05:26 2018
@@ -20,6 +20,9 @@ SECTIONS
     *(.stub .text.* .gnu.linkonce.t.*)
     /* .gnu.warning sections are handled specially by elf32.em.  */
   } =0
+  /* Move .rodata to the next L2 block to set unexecutable */
+  . = ALIGN (L2_SIZE);
+  PROVIDE (__rodata_start = .);
   .rodata         : { *(.rodata .rodata.* .gnu.linkonce.r.*) }
   .rodata1        : { *(.rodata1) }
   .eh_frame_hdr : { *(.eh_frame_hdr) }

Reply via email to