From f7bb2aa583e849c229477cda1c5d28a8ca248f32 Mon Sep 17 00:00:00 2001
From: Etienne Carriere <etienne.carriere@linaro.org>
Date: Tue, 9 May 2017 09:41:47 +0200
Subject: [PATCH] core: separate instructions from read-only data

CFG_CORE_RODATA_NOEXEC=y/n allows to map non-executable memory with
a not-executable attribute.

Added alignments that may waste secure memory:
- unpaged text/rodata bound
- init text/rodata bound

To prevent wasting at least one page, the sections text_paged and
rodata_paged are swapped in the memory layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 core/arch/arm/arm.mk           |  4 ++++
 core/arch/arm/kernel/kern.ld.S | 30 +++++++++++++++++++++++++-----
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/core/arch/arm/arm.mk b/core/arch/arm/arm.mk
index 51c59666430..cb69978be55 100644
--- a/core/arch/arm/arm.mk
+++ b/core/arch/arm/arm.mk
@@ -27,6 +27,10 @@ endif
 endif
 
 CFG_CORE_RWDATA_NOEXEC ?= y
+CFG_CORE_RODATA_NOEXEC ?= n
+ifeq ($(CFG_CORE_RODATA_NOEXEC),y)
+$(call force,CFG_CORE_RWDATA_NOEXEC,y)
+endif
 
 ifeq ($(CFG_WITH_PAGER),y)
 ifeq ($(CFG_CORE_SANITIZE_KADDRESS),y)
diff --git a/core/arch/arm/kernel/kern.ld.S b/core/arch/arm/kernel/kern.ld.S
index f6374a40d85..d7ed2a6c222 100644
--- a/core/arch/arm/kernel/kern.ld.S
+++ b/core/arch/arm/kernel/kern.ld.S
@@ -93,6 +93,9 @@ SECTIONS
 	}
 	__text_end = .;
 
+#ifdef CFG_CORE_RODATA_NOEXEC
+	. = ALIGN(SMALL_PAGE_SIZE);
+#endif
 	__flatmap_unpg_rx_size = . - __flatmap_unpg_rx_start;
 	__flatmap_unpg_ro_start = .;
 
@@ -282,6 +285,9 @@ SECTIONS
 		. = ALIGN(8);
 	}
 
+#ifdef CFG_CORE_RODATA_NOEXEC
+	. = ALIGN(SMALL_PAGE_SIZE);
+#endif
 	__flatmap_init_rx_size = . - __flatmap_init_rx_start;
 	__flatmap_init_ro_start = .;
 
@@ -305,11 +311,6 @@ SECTIONS
 	/* vcore flat map stops here. No need to page align, rodata follows. */
 	__flatmap_init_ro_size = __init_end - __flatmap_init_ro_start;
 
-	.text_pageable : ALIGN(8) {
-		*(.text*)
-		. = ALIGN(8);
-	}
-
 	.rodata_pageable : ALIGN(8) {
 #ifdef CFG_DT
 		__rodata_dtdrv_start = .;
@@ -326,6 +327,14 @@ SECTIONS
 		__start_ta_head_section = . ;
 		KEEP(*(ta_head_section))
 		__stop_ta_head_section = . ;
+	}
+
+#ifdef CFG_CORE_RODATA_NOEXEC
+	. = ALIGN(SMALL_PAGE_SIZE);
+#endif
+
+	.text_pageable : ALIGN(8) {
+		*(.text*)
 		. = ALIGN(SMALL_PAGE_SIZE);
 	}
 
@@ -393,9 +402,14 @@ SECTIONS
 /* Unpaged read-only memories */
 PROVIDE(__vcore_unpg_rx_start = __flatmap_unpg_rx_start);
 PROVIDE(__vcore_unpg_ro_start = __flatmap_unpg_ro_start);
+#ifdef CFG_CORE_RODATA_NOEXEC
+PROVIDE(__vcore_unpg_rx_size = __flatmap_unpg_rx_size);
+PROVIDE(__vcore_unpg_ro_size = __flatmap_unpg_ro_size);
+#else
 PROVIDE(__vcore_unpg_rx_size = __flatmap_unpg_rx_size +
 				__flatmap_unpg_ro_size);
 PROVIDE(__vcore_unpg_ro_size = 0);
+#endif
 
 /* Unpaged read-write memory */
 PROVIDE(__vcore_unpg_rw_start = __flatmap_unpg_rw_start);
@@ -414,8 +428,14 @@ PROVIDE(__vcore_unpg_rw_size = __flatmap_unpg_rw_size);
 /* Paged/init read-only memories */
 PROVIDE(__vcore_init_rx_start = __flatmap_init_rx_start);
 PROVIDE(__vcore_init_ro_start = __flatmap_init_ro_start);
+#ifdef CFG_CORE_RODATA_NOEXEC
+PROVIDE(__vcore_init_rx_size = __flatmap_init_rx_size);
+PROVIDE(__vcore_init_ro_size = __flatmap_init_ro_size +
+				__FLATMAP_PAGER_TRAILING_SPACE);
+#else
 PROVIDE(__vcore_init_rx_size = __flatmap_init_rx_size +
 				__flatmap_init_ro_size +
 				__FLATMAP_PAGER_TRAILING_SPACE);
 PROVIDE(__vcore_init_ro_size = 0);
+#endif /* CFG_CORE_RODATA_NOEXEC */
 #endif /* CFG_WITH_PAGER */