arm: enable enforcing memory access permissions
Bootloader: * set permissions to kernel read/write, no user access for initially mapped memory areas * set permissions to kernel read/write, no execute, no user access for UART Kernel: * physical memory mapper uses kernel read/write mapping with no-execute bit enabled * all other pages are mapped as read/write/execute for kernel and user * proper access permissions and memory types to be implemented later Enforce memory access permissions by setting DACR to client mode for domain #0, no access for other domains. see ARM Architecture Reference Manual, section B3.7 Memory access control and in particular the following subsections: B3.7.1 Access permissions B3.7.2 Execute-never restrictions on instruction fetching B3.7.3 Domains, Short-descriptor format only Change-Id: I8127b4c72dc516d013cb9751d80d6f3a9ec835e6 Reviewed-on: https://review.haiku-os.org/c/haiku/+/5233 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
This commit is contained in:
parent
097f72e92c
commit
adc32659fb
@ -43,26 +43,26 @@
|
|||||||
// found it in the cortex A8 reference... so I set t to 0
|
// found it in the cortex A8 reference... so I set t to 0
|
||||||
// page table must obviously be on multiple of 1KB
|
// page table must obviously be on multiple of 1KB
|
||||||
|
|
||||||
/*
|
|
||||||
* L2-Page descriptors... now things get really complicated...
|
|
||||||
* there are three different types of pages large pages (64KB) and small(4KB)
|
|
||||||
* and "small extended".
|
|
||||||
* only small extende is used by now....
|
|
||||||
* and there is a new and a old format of page table entries
|
|
||||||
* I will use the old format...
|
|
||||||
*/
|
|
||||||
|
|
||||||
#define ARM_MMU_L2_TYPE_LARGE 0x1
|
#define ARM_MMU_L2_TYPE_LARGE 0x1
|
||||||
|
#define ARM_MMU_L2_TYPE_SMALLNEW 0x2
|
||||||
#define ARM_MMU_L2_TYPE_SMALLEXT 0x3
|
#define ARM_MMU_L2_TYPE_SMALLEXT 0x3
|
||||||
|
|
||||||
/* for new format entries (cortex-a8) */
|
#define ARM_MMU_L2_FLAG_XN 0x001
|
||||||
#define ARM_MMU_L2_TYPE_SMALLNEW 0x2
|
#define ARM_MMU_L2_FLAG_B 0x004
|
||||||
|
#define ARM_MMU_L2_FLAG_C 0x008
|
||||||
|
#define ARM_MMU_L2_FLAG_AP0 0x010
|
||||||
|
#define ARM_MMU_L2_FLAG_AP1 0x020
|
||||||
|
#define ARM_MMU_L2_FLAG_TEX0 0x040
|
||||||
|
#define ARM_MMU_L2_FLAG_TEX1 0x080
|
||||||
|
#define ARM_MMU_L2_FLAG_TEX2 0x100
|
||||||
|
#define ARM_MMU_L2_FLAG_AP2 0x200
|
||||||
|
#define ARM_MMU_L2_FLAG_S 0x400
|
||||||
|
#define ARM_MMU_L2_FLAG_NG 0x800
|
||||||
|
|
||||||
// for B C and TEX see ARM arm B4-11
|
#define ARM_MMU_L2_FLAG_AP_KRW 0x010
|
||||||
#define ARM_MMU_L2_FLAG_B 0x4
|
// allow read and write for kernel only
|
||||||
#define ARM_MMU_L2_FLAG_C 0x8
|
|
||||||
#define ARM_MMU_L2_FLAG_TEX 0 // use 0b000 as TEX
|
#define ARM_MMU_L2_FLAG_AP_RW 0x030
|
||||||
#define ARM_MMU_L2_FLAG_AP_RW 0x30
|
|
||||||
// allow read and write for user and system
|
// allow read and write for user and system
|
||||||
|
|
||||||
#define ARM_MMU_L1_TABLE_ENTRY_COUNT 4096
|
#define ARM_MMU_L1_TABLE_ENTRY_COUNT 4096
|
||||||
|
@ -325,7 +325,7 @@ arch_mmu_generate_post_efi_page_tables(size_t memoryMapSize,
|
|||||||
(efi_memory_descriptor *)(memoryMapAddr + i * descriptorSize);
|
(efi_memory_descriptor *)(memoryMapAddr + i * descriptorSize);
|
||||||
if ((entry->Attribute & EFI_MEMORY_RUNTIME) != 0) {
|
if ((entry->Attribute & EFI_MEMORY_RUNTIME) != 0) {
|
||||||
map_range_to_new_area(entry,
|
map_range_to_new_area(entry,
|
||||||
ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C | ARM_MMU_L2_FLAG_AP_RW);
|
ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C | ARM_MMU_L2_FLAG_AP_KRW);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -335,10 +335,11 @@ arch_mmu_generate_post_efi_page_tables(size_t memoryMapSize,
|
|||||||
size_t size;
|
size_t size;
|
||||||
while (mmu_next_region(&cookie, &vaddr, &paddr, &size)) {
|
while (mmu_next_region(&cookie, &vaddr, &paddr, &size)) {
|
||||||
map_range(vaddr, paddr, size,
|
map_range(vaddr, paddr, size,
|
||||||
ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C | ARM_MMU_L2_FLAG_AP_RW);
|
ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C | ARM_MMU_L2_FLAG_AP_KRW);
|
||||||
}
|
}
|
||||||
|
|
||||||
map_range_to_new_area(gKernelArgs.arch_args.uart.regs, ARM_MMU_L2_FLAG_B);
|
map_range_to_new_area(gKernelArgs.arch_args.uart.regs,
|
||||||
|
ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_AP_KRW | ARM_MMU_L2_FLAG_XN);
|
||||||
|
|
||||||
sort_address_ranges(gKernelArgs.virtual_allocated_range,
|
sort_address_ranges(gKernelArgs.virtual_allocated_range,
|
||||||
gKernelArgs.num_virtual_allocated_ranges);
|
gKernelArgs.num_virtual_allocated_ranges);
|
||||||
|
@ -83,11 +83,13 @@ _pl1_entry:
|
|||||||
MCR p15, 0, r1, c8, c7, 0
|
MCR p15, 0, r1, c8, c7, 0
|
||||||
|
|
||||||
// write DACR
|
// write DACR
|
||||||
mov r9, #0xffffffff
|
mov r9, #0x00000001
|
||||||
MCR p15, 0, r9, c3, c0, 0
|
mcr p15, 0, r9, c3, c0, 0
|
||||||
|
|
||||||
// enable MMU and caches
|
// enable MMU and caches
|
||||||
mrc p15, 0, r9, c1, c0, 0
|
mrc p15, 0, r9, c1, c0, 0
|
||||||
|
bic r9, r9, #0x20000000 // access flag disabled
|
||||||
|
bic r9, r9, #0x10000000 // TEX remap disabled
|
||||||
orr r9, r9, #0x00001000 // i-cache enabled
|
orr r9, r9, #0x00001000 // i-cache enabled
|
||||||
orr r9, r9, #0x00000004 // d-cache enabled
|
orr r9, r9, #0x00000004 // d-cache enabled
|
||||||
orr r9, r9, #0x00000001 // MMU enabled
|
orr r9, r9, #0x00000001 // MMU enabled
|
||||||
|
@ -182,7 +182,8 @@ ARMPagingMethod32Bit::PhysicalPageSlotPool::Map(phys_addr_t physicalAddress,
|
|||||||
(virtualAddress - fVirtualBase) / B_PAGE_SIZE];
|
(virtualAddress - fVirtualBase) / B_PAGE_SIZE];
|
||||||
pte = (physicalAddress & ARM_PTE_ADDRESS_MASK)
|
pte = (physicalAddress & ARM_PTE_ADDRESS_MASK)
|
||||||
| ARM_MMU_L2_TYPE_SMALLNEW
|
| ARM_MMU_L2_TYPE_SMALLNEW
|
||||||
| ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C;
|
| ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C
|
||||||
|
| ARM_MMU_L2_FLAG_AP_KRW | ARM_MMU_L2_FLAG_XN;
|
||||||
|
|
||||||
arch_cpu_invalidate_TLB_range(virtualAddress, virtualAddress + B_PAGE_SIZE);
|
arch_cpu_invalidate_TLB_range(virtualAddress, virtualAddress + B_PAGE_SIZE);
|
||||||
// invalidate_TLB(virtualAddress);
|
// invalidate_TLB(virtualAddress);
|
||||||
@ -510,7 +511,8 @@ ARMPagingMethod32Bit::PutPageTableEntryInTable(page_table_entry* entry,
|
|||||||
{
|
{
|
||||||
page_table_entry page = (physicalAddress & ARM_PTE_ADDRESS_MASK)
|
page_table_entry page = (physicalAddress & ARM_PTE_ADDRESS_MASK)
|
||||||
| ARM_MMU_L2_TYPE_SMALLNEW
|
| ARM_MMU_L2_TYPE_SMALLNEW
|
||||||
| ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C;
|
| ARM_MMU_L2_FLAG_B | ARM_MMU_L2_FLAG_C
|
||||||
|
| ARM_MMU_L2_FLAG_AP_RW;
|
||||||
#if 0 //IRA
|
#if 0 //IRA
|
||||||
| X86_PTE_PRESENT | (globalPage ? X86_PTE_GLOBAL : 0)
|
| X86_PTE_PRESENT | (globalPage ? X86_PTE_GLOBAL : 0)
|
||||||
| MemoryTypeToPageTableEntryFlags(memoryType);
|
| MemoryTypeToPageTableEntryFlags(memoryType);
|
||||||
|
Loading…
Reference in New Issue
Block a user