[PATCH v1 3/6] arm: Prepare linker scripts for memory permissions

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed Feb 5 18:34:23 CET 2025 

Hi Richard,

On Wed, 5 Feb 2025 at 19:23, Richard Henderson
<richard.henderson at linaro.org> wrote:
>
> On 2/4/25 23:16, Ilias Apalodimas wrote:
> > @@ -98,18 +101,20 @@ SECTIONS
> >       }
> >   #endif
> >
> > -     . = ALIGN(8);
> > -     .rodata : { *(SORT_BY_ALIGNMENT(SORT_BY_NAME(.rodata*))) }
> > +     .rodata ALIGN(4096): {
> > +         __start_rodata = .;
> > +         *(SORT_BY_ALIGNMENT(SORT_BY_NAME(.rodata*)))
> > +         . = ALIGN(4096);
> > +         __end_rodata = .;
> > +     }
> >
> > -     . = ALIGN(8);
> > -     .data : {
> > +     .data ALIGN(4096) : {
> > +         __start_data = .;
> >               *(.data*)
> > +         . = ALIGN(4096);
> > +         __end_data = .;
> >       }
> >
> > -     . = ALIGN(8);
> > -
> > -     . = .;
> > -
> >       . = ALIGN(8);
> >       __u_boot_list : {
> >               KEEP(*(SORT(__u_boot_list*)));
> > @@ -136,10 +141,10 @@ SECTIONS
> >       /*
> >        * arch/arm/lib/crt0_64.S assumes __bss_start - __bss_end % 8 == 0
> >        */
> > -     .bss ALIGN(8) : {
> > +     .bss ALIGN(4096) : {
> >               __bss_start = .;
> >               *(.bss*)
> > -             . = ALIGN(8);
> > +             . = ALIGN(4096);
> >               __bss_end = .;
> >       }
>
> You don't need to align .bss because it normally immediately follows .data, and they have
> the same page permissions.
>
> You've got __u_boot_list, .efi_runtime_rel and .rela.dyn in between.  Consider if any of
> that ought to be moved around to become read-only.

That's a good idea and I just realized I am not setting the .bss to RW
in later patches.
I can move .bss right after data and rela.dyn after .rodata. That will
probably same me ~2 pages due to alignment. I am not sure about
__u_boot_list, but if that's read-only I can group it as well.

The .efi_runtime_rel is a bit weird. This is where the UEFI runtime
services live and it contains executable code. However, when an OS
boots up it can call SetVirtualAddressMap. That call relocates the
runtime code to the new VA mapping the OS choose. This means I have to
initially set it to RX and later when we leave the firmware land
switch it RWX so the OS can relocate it... I've left that part out on
purpose but I can move the runtime services as the last segment and
fix up weird logic on relocation in later patches

Thanks!
/Ilias
>
>
> r~

More information about the U-Boot mailing list