Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable write-implies-execute-never when applicable #1550

Merged
merged 2 commits into from
May 29, 2017
Merged

Enable write-implies-execute-never when applicable #1550

merged 2 commits into from
May 29, 2017

Conversation

etienne-lms
Copy link
Contributor

No description provided.

jforissier
jforissier reviewed May 19, 2017
View reviewed changes
Copy link
Contributor

@jforissier jforissier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a big fan of this. Why add CFG_HWSUPP_MEM_PERM_WXN, and not just set CFG_CORE_RWDATA_NOEXEC only if you want it and your platform supports it?

core/arch/arm/kernel/generic_entry_a32.S
@@ -189,6 +189,9 @@ UNWIND( .cantunwind)
orr r0, r0, #SCTLR_A
bic r0, r0, #SCTLR_C
bic r0, r0, #SCTLR_I
#if defined(CFG_HWSUPP_MEM_PERM_WXN) && defined(CFG_CORE_RWDATA_NOEXEC)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better to test only CFG_CORE_RWDATA_NOEXEC here.
Optionally, add a dependency check in a core/arc/arm/arm.mk (but see my other comment, I feel the HWSUPP config is useless):

ifeq ($(CFG_CORE_RWDATA_NOEXEC))
ifneq ($(CFG_HWSUPP_MEM_PERM_WXN),y)
$(error ...)
endif
endif

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some HW (C-A5, C-A9) do not support WXN and UWXN in SCTLR.
So we need this CFG_HWSUPP_MEM_PERM_WXN.
This is why the directive is not used in AARCH64, as all ARMv8-A do support SCTLR[WXN].

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that. But we can simply assume that platforms that don't support CFG_CORE_RWDATA_NOEXEC simply don't enable it, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. At least for the few platforms lacking this hw hardening, op-tee core can still build a mmu that does rw-data-noexec. Weaker protection but at least optee legitimate mapping is clean.
The arm-tf does both: its mmu api never maps rwx memory and it sets STCRL[WXs], of course.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, now I get it. We really have two things to configure here. Sorry for the confusion.

jforissier
jforissier reviewed May 19, 2017
View reviewed changes
Copy link
Contributor

@jforissier jforissier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit ("core: factorize cpu support") is a good idea IMO.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

@etienne-lms
Copy link
Contributor Author

rebased

@jforissier
Copy link
Contributor

So, for both patches:
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

@etienne-lms
core: enable write-implies-execute-never when applicable
58615a6 
HW may or may not support STCLR "WXN" configuration field.
CFG_HWSUPP_MEM_PERM_WXN reflects this state. AArch64 is assumed to
always support this field.

Enable the "WXN" (and UWXN) bits in STCLR upon configuration directive
CFG_CORE_RWDATA_NOEXEC.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
@etienne-lms
core: factorize cpu support
c285a78 
Create core/arch/arm/cpu/<cpu-name>.mk to store CPU generic configurations
settings. Update supported platforms to rely on the generic CPU support.

Platform shall still specify whether they support or not the NEON
extension.

Cortex-A53 and Cortex-A57 are all ARMv8.0 compliant. For ARMv8 core,
we will use ARMv8-A architecture minor version configuration files.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
@etienne-lms
Copy link
Contributor Author

Rebased, tag applied.

@jforissier jforissier merged commit 4389685 into OP-TEE:master May 29, 2017
@etienne-lms etienne-lms deleted the rxrorw3 branch May 30, 2017 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jforissier jforissier jforissier left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@etienne-lms @jforissier