Re: CVS commit: src/sys/arch/aarch64

To: Ryo Shimizu <ryo%nerv.org@localhost>
Subject: Re: CVS commit: src/sys/arch/aarch64
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Wed, 8 Aug 2018 17:17:21 +0200

Le 04/08/2018 à 17:24, Ryo Shimizu a écrit :

Maybe we should just pass the protection bits in l2_setblocks, and map the
kernel text/rodata as RO right away. It would also make it possible to map
rodata/data as non executable, with PXN|UXN. (Looking at the code it seems
to me rodata/data are executable currently.)

We would make three calls, to map

	.text as RX
	.rodata as R
	.data as RW

a bit like in amd64[1]. Regarding the DDB ifndef, probably there must be
a bit in ARM64 saying "disable page protection", so it could be set when
we enter DDB, and we could remove the ifndef.


I get it. I need to write db_write_text(), and when I finish,
set kernel text/rodata READONLY by default.

Ah...I had forgotten deleting execute bit. We need more 2Mbyte alignment
between .text/.rodata. I will fix.


I see you fixed it, thanks.

Also, why don't we tag each userland page with LX_BLKPAG_PXN?

It would be nice to set SCTLR_EL1.WXN, by the way.

Follow-Ups:
- Re: CVS commit: src/sys/arch/aarch64
  - From: Ryo Shimizu

References:
- Re: CVS commit: src/sys/arch/aarch64
  - From: Ryo Shimizu

Prev by Date: Re: CVS commit: src/sys/arch/mips/mips
Next by Date: Re: CVS commit: src/sys/arch/aarch64
Previous by Thread: Re: CVS commit: src/sys/arch/aarch64
Next by Thread: Re: CVS commit: src/sys/arch/aarch64
Indexes:

Home | Main Index | Thread Index | Old Index