@@ -43,6 +43,7 @@
#define DOMAIN_IO 0
#endif
#define DOMAIN_VECTORS 3
+#define DOMAIN_WR_RARE 4
/*
* Domain types
@@ -69,11 +70,13 @@
#define DACR_INIT \
(__DACR_INIT_USER | \
domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
+ domain_val(DOMAIN_WR_RARE, DOMAIN_CLIENT) | \
domain_val(DOMAIN_IO, DOMAIN_CLIENT) | \
domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT))
#define __DACR_DEFAULT \
domain_val(DOMAIN_KERNEL, DOMAIN_CLIENT) | \
+ domain_val(DOMAIN_WR_RARE, DOMAIN_CLIENT) | \
domain_val(DOMAIN_IO, DOMAIN_CLIENT) | \
domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT)
@@ -288,6 +288,8 @@ static const char *get_domain_name(pmd_t *pmd)
return "IO ";
case PMD_DOMAIN(DOMAIN_VECTORS):
return "VECTORS";
+ case PMD_DOMAIN(DOMAIN_WR_RARE):
+ return "WR_RARE";
default:
return "unknown";
}
@@ -642,9 +642,10 @@ static struct section_perm ro_perms[] = {
.mask = ~L_PMD_SECT_RDONLY,
.prot = L_PMD_SECT_RDONLY,
#else
- .mask = ~(PMD_SECT_APX | PMD_SECT_AP_WRITE),
- .prot = PMD_SECT_APX | PMD_SECT_AP_WRITE,
- .clear = PMD_SECT_AP_WRITE,
+ .mask = ~(PMD_SECT_APX | PMD_SECT_AP_WRITE | PMD_DOMAIN_MASK),
+ .prot = PMD_SECT_APX | PMD_SECT_AP_WRITE | \
+ PMD_DOMAIN(DOMAIN_WR_RARE),
+ .clear = PMD_SECT_AP_WRITE | PMD_DOMAIN(DOMAIN_KERNEL),
#endif
},
};
This creates DOMAIN_WR_RARE for the kernel's .rodata section, separate from DOMAIN_KERNEL to avoid predictive fetching in device memory during a DOMAIN_MANAGER transition. TODO: handle kernel module vmalloc memory, which needs to be marked as DOMAIN_WR_RARE too, for module .rodata sections. Signed-off-by: Kees Cook <keescook@chromium.org> --- arch/arm/include/asm/domain.h | 3 +++ arch/arm/mm/dump.c | 2 ++ arch/arm/mm/init.c | 7 ++++--- 3 files changed, 9 insertions(+), 3 deletions(-)