Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

arch: arm: enable PXN support for armv8.1-m #86942

Merged
merged 3 commits into from
Mar 20, 2025
+355 −40
Merged

arch: arm: enable PXN support for armv8.1-m #86942

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a0c166f
arch: arm: Add PXN support for Armv8.1-M
wearyzen Feb 28, 2025
74b2ccf
arch: arm: Add PXN attr for userspace MPU regions
wearyzen Feb 28, 2025
215365f
tests: arch: arm: verify Armv8.1-M MPU PXN
wearyzen Feb 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
arch: arm: Add PXN attr for userspace MPU regions 
What is the change?
 - PXN attributes is set for static mpu regions such that
   __ramfunc and __ram_text_reloc having userspace code
   cannot be executed in privileged mode.
 - Updated the notable change section to inform about the change in
   behaviour of code executed from __ramfunc and __ram_text_reloc MPU
   regions.

Why do we need this change?
 - The current static MPU regions allows executing userspace/unprivileged
   code from privileged mode which may not be expected and can lead to
   secure privileged escalation attacks.

Signed-off-by: Sudan Landge <sudan.landge@arm.com>
@wearyzen
wearyzen committed Mar 17, 2025
commit 74b2ccf1159d124d48117ea4f2c6bfb817fd9b06
51 changes: 30 additions & 21 deletions arch/arm/core/mpu/arm_core_mpu.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2017 Linaro Limited.
* Copyright 2025 Arm Limited and/or its affiliates <open-source-office@arm.com>
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -64,53 +65,61 @@ extern char __ram_text_reloc_size[];

static const struct z_arm_mpu_partition static_regions[] = {
#if defined(CONFIG_COVERAGE_GCOV) && defined(CONFIG_USERSPACE)
{
{
/* GCOV code coverage accounting area. Needs User permissions
* to function
*/
.start = (uint32_t)&__gcov_bss_start,
.size = (uint32_t)&__gcov_bss_size,
.attr = K_MEM_PARTITION_P_RW_U_RW,
},
},
#endif /* CONFIG_COVERAGE_GCOV && CONFIG_USERSPACE */
#if defined(CONFIG_NOCACHE_MEMORY)
{
{
/* Special non-cacheable RAM area */
.start = (uint32_t)&_nocache_ram_start,
.size = (uint32_t)&_nocache_ram_size,
.attr = K_MEM_PARTITION_P_RW_U_NA_NOCACHE,
},
},
#endif /* CONFIG_NOCACHE_MEMORY */
#if defined(CONFIG_ARCH_HAS_RAMFUNC_SUPPORT)
{
{
/* Special RAM area for program text */
.start = (uint32_t)&__ramfunc_start,
.size = (uint32_t)&__ramfunc_size,
#if defined(CONFIG_ARM_MPU_PXN) && defined(CONFIG_USERSPACE)
.attr = K_MEM_PARTITION_P_R_U_RX,
#else
.attr = K_MEM_PARTITION_P_RX_U_RX,
},
#endif
},
#endif /* CONFIG_ARCH_HAS_RAMFUNC_SUPPORT */
#if defined(CONFIG_CODE_DATA_RELOCATION_SRAM)
{
{
/* RAM area for relocated text */
.start = (uint32_t)&__ram_text_reloc_start,
.size = (uint32_t)&__ram_text_reloc_size,
#if defined(CONFIG_ARM_MPU_PXN) && defined(CONFIG_USERSPACE)
.attr = K_MEM_PARTITION_P_R_U_RX,
#else
.attr = K_MEM_PARTITION_P_RX_U_RX,
},
#endif
},
#endif /* CONFIG_CODE_DATA_RELOCATION_SRAM */
#if !defined(CONFIG_MULTITHREADING) && defined(CONFIG_MPU_STACK_GUARD)
/* Main stack MPU guard to detect overflow.
* Note:
* FPU_SHARING and USERSPACE are not supported features
* under CONFIG_MULTITHREADING=n, so the MPU guard (if
* exists) is reserved aside of CONFIG_MAIN_STACK_SIZE
* and there is no requirement for larger guard area (FP
* context is not stacked).
*/
{
.start = (uint32_t)z_main_stack,
.size = (uint32_t)MPU_GUARD_ALIGN_AND_SIZE,
.attr = K_MEM_PARTITION_P_RO_U_NA,
},
/* Main stack MPU guard to detect overflow.
* Note:
* FPU_SHARING and USERSPACE are not supported features
* under CONFIG_MULTITHREADING=n, so the MPU guard (if
* exists) is reserved aside of CONFIG_MAIN_STACK_SIZE
* and there is no requirement for larger guard area (FP
* context is not stacked).
*/
{
.start = (uint32_t)z_main_stack,
.size = (uint32_t)MPU_GUARD_ALIGN_AND_SIZE,
.attr = K_MEM_PARTITION_P_RO_U_NA,
},
#endif /* !CONFIG_MULTITHREADING && CONFIG_MPU_STACK_GUARD */
};

6 changes: 6 additions & 0 deletions doc/releases/release-notes-4.2.rst
View file
Original file line number Diff line number Diff line change
@@ -110,3 +110,9 @@ Other notable changes
..
Any more descriptive subsystem or driver changes. Do you really want to write
a paragraph or is it enough to link to the api/driver/Kconfig/board page above?
* Added support for Armv8.1-M MPU's PXN (Privileged Execute Never) attribute.
With this, the MPU attributes for ``__ramfunc`` and ``__ram_text_reloc`` were modified such that,
PXN attribute is set for these regions if compiled with ``CONFIG_ARM_MPU_PXN`` and ``CONFIG_USERSPACE``.
This results in a change in behaviour for code being executed from these regions because,
if these regions have pxn attribute set in them, they cannot be executed in privileged mode.
2 changes: 1 addition & 1 deletion tests/arch/common/ramfunc/testcase.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
tests:
arch.common.ramfunc:
filter: CONFIG_ARCH_HAS_RAMFUNC_SUPPORT
filter: CONFIG_ARCH_HAS_RAMFUNC_SUPPORT and not CONFIG_ARM_MPU_PXN
tags:
- arm
- userspace