[PATCH v3 0/6] ARM: Map sections RO/XN
Sascha Hauer
s.hauer at pengutronix.de
Mon Jun 23 04:55:07 PDT 2025
On Wed, 18 Jun 2025 11:34:46 +0200, Sascha Hauer wrote:
> So far we mapped all RAM as read write with execute permission. This
> series series hardens this a bit. The barebox text segment will be
> mapped readonly with execute permission, the RO data section as readonly
> without execute permission and the remaining RAM will lose its execute
> permission.
>
> I tested this series on ARMv5, ARMv7 and ARMv8. I am not confident
> though that there are no regressions, so this new behaviour is behind a
> Kconfig option. It is default-y, but can be disabled for debugging
> purposses. Once this series has proven stable it can be removed.
>
> [...]
Applied, thanks!
[1/6] ARM: pass barebox base to mmu_early_enable()
https://git.pengutronix.de/cgit/barebox/commit/?id=6762fbcbf8a1 (link may not be stable)
[2/6] ARM: mmu: move ARCH_MAP_WRITECOMBINE to header
https://git.pengutronix.de/cgit/barebox/commit/?id=51d012fd31e2 (link may not be stable)
[3/6] ARM: MMU: map memory for barebox proper pagewise
https://git.pengutronix.de/cgit/barebox/commit/?id=930e19bfdd2e (link may not be stable)
[4/6] ARM: MMU: map text segment ro and data segments execute never
https://git.pengutronix.de/cgit/barebox/commit/?id=5916385fae83 (link may not be stable)
[5/6] ARM: MMU64: map memory for barebox proper pagewise
https://git.pengutronix.de/cgit/barebox/commit/?id=59c1288698b4 (link may not be stable)
[6/6] ARM: MMU64: map text segment ro and data segments execute never
https://git.pengutronix.de/cgit/barebox/commit/?id=03dfb3f142fb (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer at pengutronix.de>
More information about the barebox
mailing list