From 5a58ad508cb37c151271b4b6b6b3dfe589a09be8 Mon Sep 17 00:00:00 2001
From: Andrew Boie <andrew.p.boie@intel.com>
Date: Thu, 5 Nov 2020 14:30:20 -0800
Subject: [PATCH] arch: mem protect Kconfig cleanups

Adds a new CONFIG_MPU which is set if an MPU is enabled. This
is a menuconfig will some MPU-specific options moved
under it.

MEMORY_PROTECTION and SRAM_REGION_PERMISSIONS have been merged.
This configuration depends on an MMU or MPU. The protection
test is updated accordingly.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
---
 arch/Kconfig                                  | 58 ++++++++++++++-----
 arch/arc/core/mpu/Kconfig                     |  3 +-
 arch/arm/core/aarch32/cortex_m/mpu/Kconfig    |  3 +-
 arch/riscv/Kconfig                            |  4 +-
 arch/x86/Kconfig                              |  1 -
 .../mem_protect/protection/testcase.yaml      |  2 +-
 6 files changed, 50 insertions(+), 21 deletions(-)

diff --git a/arch/Kconfig b/arch/Kconfig
index 3934ce886cf..21ebac8355b 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -229,7 +229,7 @@ config USERSPACE
 	bool "User mode threads"
 	depends on ARCH_HAS_USERSPACE
 	depends on RUNTIME_ERROR_CHECKS
-	select SRAM_REGION_PERMISSIONS if MMU
+	depends on SRAM_REGION_PERMISSIONS
 	select THREAD_STACK_INFO
 	help
 	  When enabled, threads may be created or dropped down to user mode,
@@ -564,6 +564,7 @@ config CPU_HAS_MMU
 	help
 	  This hidden option is selected when the CPU has a Memory Management Unit
 	  (MMU).
+
 menuconfig MMU
 	bool "Enable MMU features"
 	depends on CPU_HAS_MMU
@@ -579,16 +580,6 @@ config MMU_PAGE_SIZE
 	  Size of memory pages. Varies per MMU but 4K is common. For MMUs that
 	  support multiple page sizes, put the smallest one here.
 
-config SRAM_REGION_PERMISSIONS
-	bool "Assign appropriate permissions to kernel areas in SRAM"
-	default y
-	help
-	  If enabled, the program text, rodata, and data parts of the kernel in
-	  the permanent mappings created at build time will have appropriate
-	  permissions set. Uses extra memory due to page-alignment constraints.
-	  If not enabled, all SRAM mappings will allow supervisor mode to
-	  read, write, and execute. User mode support requires this.
-
 config KERNEL_VM_BASE
 	hex "Base virtual address to link the kernel"
 	default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM))
@@ -655,13 +646,14 @@ config KERNEL_VM_SIZE
 
 endif   # MMU
 
-config MEMORY_PROTECTION
-	bool
+menuconfig MPU
+	bool "Enable MPU features"
+	depends on CPU_HAS_MPU
 	help
-	  This option is enabled when Memory Protection features are supported.
-	  Memory protection support is currently available on ARC, ARM, and x86
-	  architectures.
+	  This option, when enabled, indicates to the core kernel that an MPU
+	  is enabled.
 
+if MPU
 config MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT
 	bool
 	help
@@ -699,6 +691,40 @@ config MPU_GAP_FILLING
 	  documentation for more information on how this option is
 	  used.
 
+endif # MPU
+
+config SRAM_REGION_PERMISSIONS
+	bool "Assign appropriate permissions to kernel areas in SRAM"
+	depends on MMU || MPU
+	default y
+	help
+	  This option indicates that memory protection hardware
+	  is present, enabled, and regions have been configured at boot for memory
+	  ranges within the kernel image.
+
+	  If this option is turned on, certain areas of the kernel image will
+	  have the following access policies applied for all threads, including
+	  supervisor threads:
+
+	  1) All program text will be have read-only, execute memory permission
+	  2) All read-only data will have read-only permission, and execution
+	     disabled if the hardware supports it.
+	  3) All other RAM addresses will have read-write permission, and
+	     execution disabled if the hardware supports it.
+
+	  Options such as USERSPACE or HW_STACK_PROTECTION may additionally
+	  impose additional policies on the memory map, which may be global
+	  or local to the current running thread.
+
+	  This option may consume additional memory to satisfy memory protection
+	  hardware alignment constraints.
+
+	  If this option is disabled, the entire kernel will have default memory
+	  access permissions set, typically read/write/execute. It may be desirable
+	  to turn this off on MMU systems which are using the MMU for demand
+	  paging, do not need memory protection, and would rather not use up
+	  RAM for the alignment between regions.
+
 menu "Floating Point Options"
 
 config FPU
diff --git a/arch/arc/core/mpu/Kconfig b/arch/arc/core/mpu/Kconfig
index 6a1dbd3473b..65745a5d40f 100644
--- a/arch/arc/core/mpu/Kconfig
+++ b/arch/arc/core/mpu/Kconfig
@@ -27,9 +27,10 @@ config MPU_STACK_GUARD
 
 config ARC_MPU
 	bool "ARC MPU Support"
+	select MPU
+	select SRAM_REGION_PERMISSIONS
 	select ARC_CORE_MPU
 	select THREAD_STACK_INFO
-	select MEMORY_PROTECTION
 	select GEN_PRIV_STACKS if ARC_MPU_VER = 2
 	select MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT if ARC_MPU_VER = 2
 	select MPU_REQUIRES_NON_OVERLAPPING_REGIONS if ARC_MPU_VER = 3
diff --git a/arch/arm/core/aarch32/cortex_m/mpu/Kconfig b/arch/arm/core/aarch32/cortex_m/mpu/Kconfig
index fd6bebbb6dc..b0c42156943 100644
--- a/arch/arm/core/aarch32/cortex_m/mpu/Kconfig
+++ b/arch/arm/core/aarch32/cortex_m/mpu/Kconfig
@@ -7,7 +7,8 @@ if CPU_HAS_MPU
 
 config ARM_MPU
 	bool "ARM MPU Support"
-	select MEMORY_PROTECTION
+	select MPU
+	select SRAM_REGION_PERMISSIONS
 	select THREAD_STACK_INFO
 	select ARCH_HAS_EXECUTABLE_PAGE_BIT
 	select MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT if !(CPU_HAS_NXP_MPU || ARMV8_M_BASELINE || ARMV8_M_MAINLINE)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index ed38bb44837..a2f310b688c 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -117,7 +117,9 @@ menuconfig RISCV_PMP
 	bool "RISC-V PMP Support"
 	default n
 	select THREAD_STACK_INFO
-	select MEMORY_PROTECTION if !BOARD_QEMU_RISCV32
+	select CPU_HAS_MPU
+	select MPU
+	select SRAM_REGION_PERMISSIONS
 	select ARCH_MEM_DOMAIN_SYNCHRONOUS_API if USERSPACE
 	select PMP_POWER_OF_TWO_ALIGNMENT if USERSPACE
 	help
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 294a99ec4de..2b4c5eb1cdb 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -183,7 +183,6 @@ config X86_VERY_EARLY_CONSOLE
 
 config X86_MMU
 	bool "Enable Memory Management Unit"
-	select MEMORY_PROTECTION
 	select MMU
 	help
 	  This options enables the memory management unit present in x86
diff --git a/tests/kernel/mem_protect/protection/testcase.yaml b/tests/kernel/mem_protect/protection/testcase.yaml
index ab1116b6384..139a193d619 100644
--- a/tests/kernel/mem_protect/protection/testcase.yaml
+++ b/tests/kernel/mem_protect/protection/testcase.yaml
@@ -1,5 +1,5 @@
 tests:
   kernel.memory_protection.protection:
     platform_exclude: twr_ke18f
-    filter: CONFIG_MEMORY_PROTECTION
+    filter: CONFIG_SRAM_REGION_PERMISSIONS
     tags: kernel security ignore_faults