core: separate instructions from read-only data

CFG_CORE_RODATA_NOEXEC=y/n allows to map non-executable memory with a not-executable attribute. Added alignments that may waste secure memory: - unpaged text/rodata bound - init text/rodata bound To prevent wasting at least one page, the sections text_paged and rodata_paged are swapped in the memory layout. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey) Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_virt) Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_armv8) Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
OP-TEE · May 17, 2017 · c2e7fa1 · c2e7fa1
1 parent 9fbbd4d
commit c2e7fa1
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 5 deletions.
diff --git a/core/arch/arm/arm.mk b/core/arch/arm/arm.mk
@@ -27,6 +27,10 @@ endif
 endif
 
 CFG_CORE_RWDATA_NOEXEC ?= y
+CFG_CORE_RODATA_NOEXEC ?= n
+ifeq ($(CFG_CORE_RODATA_NOEXEC),y)
+$(call force,CFG_CORE_RWDATA_NOEXEC,y)
+endif
 
 ifeq ($(CFG_WITH_PAGER),y)
 ifeq ($(CFG_CORE_SANITIZE_KADDRESS),y)

diff --git a/core/arch/arm/kernel/kern.ld.S b/core/arch/arm/kernel/kern.ld.S
@@ -93,6 +93,9 @@ SECTIONS
 	}
 	__text_end = .;
 
+#ifdef CFG_CORE_RODATA_NOEXEC
+	. = ALIGN(SMALL_PAGE_SIZE);
+#endif
 	__flatmap_unpg_rx_size = . - __flatmap_unpg_rx_start;
 	__flatmap_unpg_ro_start = .;
 
@@ -282,6 +285,9 @@ SECTIONS
 		. = ALIGN(8);
 	}
 
+#ifdef CFG_CORE_RODATA_NOEXEC
+	. = ALIGN(SMALL_PAGE_SIZE);
+#endif
 	__flatmap_init_rx_size = . - __flatmap_init_rx_start;
 	__flatmap_init_ro_start = .;
 
@@ -305,11 +311,6 @@ SECTIONS
 	/* vcore flat map stops here. No need to page align, rodata follows. */
 	__flatmap_init_ro_size = __init_end - __flatmap_init_ro_start;
 
-	.text_pageable : ALIGN(8) {
-		*(.text*)
-		. = ALIGN(8);
-	}
-
 	.rodata_pageable : ALIGN(8) {
 #ifdef CFG_DT
 		__rodata_dtdrv_start = .;
@@ -326,6 +327,14 @@ SECTIONS
 		__start_ta_head_section = . ;
 		KEEP(*(ta_head_section))
 		__stop_ta_head_section = . ;
+	}
+
+#ifdef CFG_CORE_RODATA_NOEXEC
+	. = ALIGN(SMALL_PAGE_SIZE);
+#endif
+
+	.text_pageable : ALIGN(8) {
+		*(.text*)
 		. = ALIGN(SMALL_PAGE_SIZE);
 	}
 
@@ -393,9 +402,14 @@ SECTIONS
 /* Unpaged read-only memories */
 PROVIDE(__vcore_unpg_rx_start = __flatmap_unpg_rx_start);
 PROVIDE(__vcore_unpg_ro_start = __flatmap_unpg_ro_start);
+#ifdef CFG_CORE_RODATA_NOEXEC
+PROVIDE(__vcore_unpg_rx_size = __flatmap_unpg_rx_size);
+PROVIDE(__vcore_unpg_ro_size = __flatmap_unpg_ro_size);
+#else
 PROVIDE(__vcore_unpg_rx_size = __flatmap_unpg_rx_size +
 				__flatmap_unpg_ro_size);
 PROVIDE(__vcore_unpg_ro_size = 0);
+#endif
 
 /* Unpaged read-write memory */
 PROVIDE(__vcore_unpg_rw_start = __flatmap_unpg_rw_start);
@@ -414,8 +428,14 @@ PROVIDE(__vcore_unpg_rw_size = __flatmap_unpg_rw_size);
 /* Paged/init read-only memories */
 PROVIDE(__vcore_init_rx_start = __flatmap_init_rx_start);
 PROVIDE(__vcore_init_ro_start = __flatmap_init_ro_start);
+#ifdef CFG_CORE_RODATA_NOEXEC
+PROVIDE(__vcore_init_rx_size = __flatmap_init_rx_size);
+PROVIDE(__vcore_init_ro_size = __flatmap_init_ro_size +
+				__FLATMAP_PAGER_TRAILING_SPACE);
+#else
 PROVIDE(__vcore_init_rx_size = __flatmap_init_rx_size +
 				__flatmap_init_ro_size +
 				__FLATMAP_PAGER_TRAILING_SPACE);
 PROVIDE(__vcore_init_ro_size = 0);
+#endif /* CFG_CORE_RODATA_NOEXEC */
 #endif /* CFG_WITH_PAGER */