Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

arch: arm: enable PXN support for armv8.1-m #86942

Merged
merged 3 commits into from
Mar 20, 2025
Merged

arch: arm: enable PXN support for armv8.1-m #86942

merged 3 commits into from
Mar 20, 2025

Conversation

wearyzen
Copy link
Collaborator

What is the change?

This commit adds support for Armv8.1-M MPU architecture's PXN attribute.
This includes support for configuring MPU regions with PXN via
custom mpu_config, devicetree and static mpu_config.
The existing MPU region attribute macros are updated to retain existing
behaviour with this change with an addition of REGION_RAM_ATTR_PXN to be
used if one needs to configure a RAM region with PXN MPU attribute.

Why do we need this change?

Armv8.1-M architecture introduced a new MPU region attribute called
Privilege eXecute Never (PXN).
If an MPU region is configured with the PXN attribute set and if the,
processor attempts to execute code in this region while at
privileged level, a Memory Management Fault exception is triggered.

This ensures that specific tasks are executed only in unprivileged mode
and helps in preventing secure privilege escalation attacks.

@zephyrbot zephyrbot added area: ARM ARM (32-bit) Architecture platform: ARM Arm Limited area: Architectures Release Notes To be mentioned in the release notes labels Mar 11, 2025
@nashif nashif assigned wearyzen and unassigned nashif and dcpleung Mar 11, 2025
@wearyzen wearyzen force-pushed the pxn_upstream branch 4 times, most recently from 9cb985e to 73c4ae7 Compare March 11, 2025 17:18
wearyzen added 2 commits March 17, 2025 12:07
@wearyzen
arch: arm: Add PXN support for Armv8.1-M
a0c166f 
What is the change?
This commit adds support for Armv8.1-M MPU architecture's PXN attribute.
This includes support for configuring MPU regions with PXN via
custom mpu_config, devicetree and static mpu_config.
The existing MPU region attribute macros are updated to retain existing
behaviour with this change with an addition of REGION_RAM_ATTR_PXN to be
used if one needs to configure a RAM region with PXN MPU attribute.

Why do we need this change?
Armv8.1-M architecture introduced a new MPU region attribute called
Privilege eXecute Never (PXN).
If an MPU region is configured with the PXN attribute set and if the,
processor attempts to execute code in this region while at
privileged level, a Memory Management Fault exception is triggered.

This ensures that specific tasks are executed only in unprivileged mode
and helps in preventing secure privilege escalation attacks.

Signed-off-by: Sudan Landge <sudan.landge@arm.com>
@wearyzen
arch: arm: Add PXN attr for userspace MPU regions
74b2ccf 
What is the change?
 - PXN attributes is set for static mpu regions such that
   __ramfunc and __ram_text_reloc having userspace code
   cannot be executed in privileged mode.
 - Updated the notable change section to inform about the change in
   behaviour of code executed from __ramfunc and __ram_text_reloc MPU
   regions.

Why do we need this change?
 - The current static MPU regions allows executing userspace/unprivileged
   code from privileged mode which may not be expected and can lead to
   secure privileged escalation attacks.

Signed-off-by: Sudan Landge <sudan.landge@arm.com>
@wearyzen wearyzen force-pushed the pxn_upstream branch 2 times, most recently from cbdc821 to 5f8af7a Compare March 19, 2025 17:31
@wearyzen
tests: arch: arm: verify Armv8.1-M MPU PXN
215365f 
Adds a test to verify Armv8.1-M MPU architecture's PXN attribute.

Verify PXN via static mpu config by utilizing existing __ramfunc MPU region
Since previous commit changes the behaviour of __ramfunc region,
executing userspace code in this region in privileged mode will
result in an MPU fault while execution in unprivileged mode should
work fine.

Verify PXN via DT by creating a custom section in the unused SRAM region.
Since the overlay sets the PXN attribute for the SRAM, executing code
in this region in privileged mode will result in an MPU fault while,
execution in unprivileged mode should work fine.
Also, instead of testing DT config for each board, do it only for MPS3
boards that which can be tested with simulation.

Signed-off-by: Sudan Landge <sudan.landge@arm.com>
ithinuel
ithinuel approved these changes Mar 19, 2025
View reviewed changes
Copy link
Collaborator

@ithinuel ithinuel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks !

@carlescufi carlescufi merged commit 0161118 into zephyrproject-rtos:main Mar 20, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabiobaltieri fabiobaltieri fabiobaltieri approved these changes

@ithinuel ithinuel ithinuel approved these changes

@bbolen bbolen Awaiting requested review from bbolen

@carlocaione carlocaione Awaiting requested review from carlocaione

@dcpleung dcpleung Awaiting requested review from dcpleung

@galak galak Awaiting requested review from galak

@kartben kartben Awaiting requested review from kartben

@MaureenHelm MaureenHelm Awaiting requested review from MaureenHelm

@microbuilder microbuilder Awaiting requested review from microbuilder

@nashif nashif Awaiting requested review from nashif

@stephanosio stephanosio Awaiting requested review from stephanosio

Assignees

@wearyzen wearyzen

Labels
area: Architectures area: ARM ARM (32-bit) Architecture platform: ARM Arm Limited Release Notes To be mentioned in the release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@wearyzen @fabiobaltieri @ithinuel @nashif @carlescufi @zephyrbot @dcpleung