Enable write-implies-execute-never when applicable

core/arch/arm/cpu/cortex-a15.mk

@@ -0,0 +1,7 @@
+$(call force,CFG_ARM32_core,y)
+$(call force,CFG_ARM64_core,n)
+$(call force,CFG_HWSUPP_MEM_PERM_WXN,y)
+$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
+arm32-platform-cpuarch 	:= cortex-a15
+arm32-platform-cflags 	+= -mcpu=$(arm32-platform-cpuarch)
+arm32-platform-aflags 	+= -mcpu=$(arm32-platform-cpuarch)

core/arch/arm/cpu/cortex-a7.mk

@@ -0,0 +1,7 @@
+$(call force,CFG_ARM32_core,y)
+$(call force,CFG_ARM64_core,n)
+$(call force,CFG_HWSUPP_MEM_PERM_WXN,y)
+$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
+arm32-platform-cpuarch 	:= cortex-a7
+arm32-platform-cflags 	+= -mcpu=$(arm32-platform-cpuarch)
+arm32-platform-aflags 	+= -mcpu=$(arm32-platform-cpuarch)

core/arch/arm/cpu/cortex-a9.mk

@@ -0,0 +1,9 @@
+$(call force,CFG_ARM32_core,y)
+$(call force,CFG_ARM64_core,n)
+$(call force,CFG_WITH_LPAE,n)
+$(call force,CFG_HWSUPP_MEM_PERM_WXN,n)
+$(call force,CFG_HWSUPP_MEM_PERM_PXN,n)
+$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,n)
+arm32-platform-cpuarch 	:= cortex-a9
+arm32-platform-cflags 	+= -mcpu=$(arm32-platform-cpuarch)
+arm32-platform-aflags 	+= -mcpu=$(arm32-platform-cpuarch)

core/arch/arm/cpu/cortex-armv8-0.mk

@@ -0,0 +1,7 @@
+$(call force,CFG_HWSUPP_MEM_PERM_WXN,y)
+$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
+# cortex-a53 and cortex-a57 complies on arm32 architectures
+arm32-platform-cpuarch 	:= cortex-a53
+arm32-platform-cflags 	+= -mcpu=$(arm32-platform-cpuarch)
+arm32-platform-aflags 	+= -mcpu=$(arm32-platform-cpuarch)
+platform-flavor-armv8 := 1

core/arch/arm/include/arm64.h

@@ -36,6 +36,7 @@
 #define SCTLR_C		BIT32(2)
 #define SCTLR_SA	BIT32(3)
 #define SCTLR_I		BIT32(12)
+#define SCTLR_WXN	BIT32(19)
 
 #define TTBR_ASID_MASK		0xff
 #define TTBR_ASID_SHIFT		48

core/arch/arm/kernel/generic_entry_a32.S

@@ -189,6 +189,9 @@ UNWIND(	.cantunwind)
 	orr	r0, r0, #SCTLR_A
 	bic	r0, r0, #SCTLR_C
 	bic	r0, r0, #SCTLR_I
+#if defined(CFG_HWSUPP_MEM_PERM_WXN) && defined(CFG_CORE_RWDATA_NOEXEC)
+	orr	r0, r0, #(SCTLR_WXN | SCTLR_UWXN)
+#endif
 	write_sctlr r0
 	isb
 
@@ -446,6 +449,9 @@ UNWIND(	.cantunwind)
 	mov	r6, lr
 	read_sctlr r0
 	orr	r0, r0, #SCTLR_A
+#if defined(CFG_HWSUPP_MEM_PERM_WXN) && defined(CFG_CORE_RWDATA_NOEXEC)
+	orr	r0, r0, #(SCTLR_WXN | SCTLR_UWXN)
+#endif
 	write_sctlr r0
 
 	ldr	r0, =_start

core/arch/arm/kernel/generic_entry_a64.S

@@ -73,6 +73,9 @@ FUNC _start , :
 
 	mrs	x0, sctlr_el1
 	mov	x1, #(SCTLR_I | SCTLR_A | SCTLR_SA)
+#if defined(CFG_CORE_RWDATA_NOEXEC)
+	orr	x1, x1, #SCTLR_WXN
+#endif
 	orr	x0, x0, x1
 	msr	sctlr_el1, x0
 	isb
@@ -177,6 +180,9 @@ FUNC cpu_on_handler , :
 
 	mrs	x0, sctlr_el1
 	mov	x1, #(SCTLR_I | SCTLR_A | SCTLR_SA)
+#if defined(CFG_CORE_RWDATA_NOEXEC)
+	orr	x1, x1, #SCTLR_WXN
+#endif
 	orr	x0, x0, x1
 	msr	sctlr_el1, x0
 	isb

core/arch/arm/plat-d02/conf.mk

@@ -1,3 +1,5 @@
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 CFG_NUM_THREADS ?= 16
 CFG_CRYPTO_WITH_CE ?= y
 CFG_WITH_STACK_CANARIES ?= y
@@ -8,7 +10,6 @@ CFG_CORE_TZSRAM_EMUL_SIZE ?= 393216
 CFG_CORE_HEAP_SIZE ?= 98304
 
 $(call force,CFG_GENERIC_BOOT,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_HI16XX_UART,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
@@ -18,9 +19,6 @@ $(call force,CFG_HI16XX_RNG,y)
 endif
 
 # 32-bit flags
-arm32-platform-cpuarch		:= cortex-a57
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
 ta-targets = ta_arm32

core/arch/arm/plat-hikey/conf.mk

@@ -1,11 +1,9 @@
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 # 32-bit flags
-arm32-platform-cpuarch		:= cortex-a53
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_GENERIC_BOOT,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_PL011,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)

core/arch/arm/plat-imx/conf.mk

@@ -23,11 +23,8 @@ endif
 
 
 # Common i.MX6 config
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
-$(call force,CFG_ARM32_core,y)
 $(call force,CFG_GENERIC_BOOT,y)
 $(call force,CFG_GIC,y)
 $(call force,CFG_IMX_UART,y)
@@ -40,15 +37,15 @@ CFG_WITH_STACK_CANARIES ?= y
 
 # i.MX6UL specific config
 ifeq ($(CFG_MX6UL),y)
-arm32-platform-cpuarch		:= cortex-a7
+include core/arch/arm/cpu/cortex-a7.mk
 
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 endif
 
 
 # i.MX6 Solo/DualLite/Dual/Quad specific config
 ifeq ($(filter y, $(CFG_MX6Q) $(CFG_MX6D) $(CFG_MX6DL) $(CFG_MX6S)), y)
-arm32-platform-cpuarch		:= cortex-a9
+include core/arch/arm/cpu/cortex-a9.mk
 
 $(call force,CFG_PL310,y)
 $(call force,CFG_PL310_LOCKED,y)

core/arch/arm/plat-ls/conf.mk

@@ -1,8 +1,7 @@
 PLATFORM_FLAVOR ?= ls1021atwr
 
-arm32-platform-cpuarch		:= cortex-a7
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
+include core/arch/arm/cpu/cortex-a7.mk
+
 core_arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_GENERIC_BOOT,y)

core/arch/arm/plat-mediatek/conf.mk

@@ -1,14 +1,12 @@
 PLATFORM_FLAVOR ?= mt8173
 
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 # 32-bit flags
-arm32-platform-cpuarch	:= cortex-a15
-arm32-platform-cflags	+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags	+= -mcpu=$(arm32-platform-cpuarch)
 arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_8250_UART,y)
 $(call force,CFG_GENERIC_BOOT,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 $(call force,CFG_WITH_ARM_TRUSTED_FW,y)

core/arch/arm/plat-rcar/conf.mk

@@ -1,13 +1,11 @@
 PLATFORM_FLAVOR ?= h3
 
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 # 32-bit flags
-arm32-platform-cpuarch	:= cortex-a57
-arm32-platform-cflags	+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags	+= -mcpu=$(arm32-platform-cpuarch)
 arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_GENERIC_BOOT,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 $(call force,CFG_WITH_ARM_TRUSTED_FW,y)

core/arch/arm/plat-rpi3/conf.mk

@@ -1,12 +1,10 @@
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 # 32-bit flags
-arm32-platform-cpuarch		:= cortex-a53
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_8250_UART,y)
 $(call force,CFG_GENERIC_BOOT,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 $(call force,CFG_WITH_ARM_TRUSTED_FW,y)

core/arch/arm/plat-sprd/conf.mk

@@ -1,9 +1,8 @@
 PLATFORM_FLAVOR ?= sc9860
 
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 # 32-bit flags
-arm32-platform-cpuarch		:= cortex-a15
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 arm32-platform-aflags		+= -mfpu=neon
 
 $(call force,CFG_WITH_ARM_TRUSTED_FW,y)

core/arch/arm/plat-stm/conf.mk

@@ -1,8 +1,7 @@
 PLATFORM_FLAVOR ?= b2260
 
-arm32-platform-cpuarch		:= cortex-a9
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
+include core/arch/arm/cpu/cortex-a9.mk
+
 core_arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_ARM32_core,y)

core/arch/arm/plat-sunxi/conf.mk

@@ -1,6 +1,5 @@
-arm32-platform-cpuarch		:= cortex-a15
-arm32-platform-cflags	 	+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags	 	+= -mcpu=$(arm32-platform-cpuarch)
+include core/arch/arm/cpu/cortex-a15.mk
+
 core_arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_ARM32_core,y)

core/arch/arm/plat-ti/conf.mk

@@ -13,12 +13,11 @@ $(call force,CFG_NO_SMP,y)
 $(call force,CFG_PL310,y)
 $(call force,CFG_PL310_LOCKED,y)
 $(call force,CFG_SECURE_TIME_SOURCE_REE,y)
-arm32-platform-cpuarch		:= cortex-a9
+include core/arch/arm/cpu/cortex-a9.mk
 else
 CFG_OTP_SUPPORT ?= y
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
-arm32-platform-cpuarch		:= cortex-a15
+include core/arch/arm/cpu/cortex-a15.mk
 endif
 $(call force,CFG_SM_PLATFORM_HANDLER,y)
 $(call force,CFG_GIC,y)
@@ -27,8 +26,6 @@ $(call force,CFG_DRA7_RNG,y)
 endif
 
 # 32-bit flags
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
 ta-targets = ta_arm32

core/arch/arm/plat-vexpress/conf.mk

@@ -1,21 +1,21 @@
 PLATFORM_FLAVOR ?= qemu_virt
 
 # 32-bit flags
-arm32-platform-cpuarch		:= cortex-a15
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
+ifeq ($(PLATFORM_FLAVOR),qemu_virt)
+include core/arch/arm/cpu/cortex-a15.mk
+endif
 ifeq ($(PLATFORM_FLAVOR),fvp)
-platform-flavor-armv8 := 1
+include core/arch/arm/cpu/cortex-armv8-0.mk
 platform-debugger-arm := 1
 endif
 ifeq ($(PLATFORM_FLAVOR),juno)
-platform-flavor-armv8 := 1
+include core/arch/arm/cpu/cortex-armv8-0.mk
 platform-debugger-arm := 1
 endif
 ifeq ($(PLATFORM_FLAVOR),qemu_armv8a)
-platform-flavor-armv8 := 1
+include core/arch/arm/cpu/cortex-armv8-0.mk
 $(call force,CFG_DT,y)
 endif
 
@@ -32,7 +32,6 @@ endif
 
 $(call force,CFG_GENERIC_BOOT,y)
 $(call force,CFG_GIC,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_PL011,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)

core/arch/arm/plat-zynq7k/conf.mk

@@ -1,9 +1,7 @@
 PLATFORM_FLAVOR ?= zc702
 
-arm32-platform-cpuarch		:= cortex-a9
+include core/arch/arm/cpu/cortex-a9.mk
 
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 core_arm32-platform-aflags	+= -mfpu=neon
 
 $(call force,CFG_ARM32_core,y)

core/arch/arm/plat-zynqmp/conf.mk

@@ -1,15 +1,13 @@
 PLATFORM_FLAVOR ?= zcu102
 
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
 # 32-bit flags
-arm32-platform-cpuarch		:= cortex-a53
-arm32-platform-cflags		+= -mcpu=$(arm32-platform-cpuarch)
-arm32-platform-aflags		+= -mcpu=$(arm32-platform-cpuarch)
 arm32-platform-aflags		+= -mfpu=neon
 
 $(call force,CFG_CDNS_UART,y)
 $(call force,CFG_GENERIC_BOOT,y)
 $(call force,CFG_GIC,y)
-$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_PM_STUBS,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 $(call force,CFG_WITH_ARM_TRUSTED_FW,y)