michaelh/zephyr
1
0
Fork 0
Code Releases Activity

arch: arm: Add PXN attr for userspace MPU regions

Browse source 
What is the change?
 - PXN attributes is set for static mpu regions such that
   __ramfunc and __ram_text_reloc having userspace code
   cannot be executed in privileged mode.
 - Updated the notable change section to inform about the change in
   behaviour of code executed from __ramfunc and __ram_text_reloc MPU
   regions.

Why do we need this change?
 - The current static MPU regions allows executing userspace/unprivileged
   code from privileged mode which may not be expected and can lead to
   secure privileged escalation attacks.

Signed-off-by: Sudan Landge <sudan.landge@arm.com>
This commit is contained in:
Sudan Landge 2025-02-28 16:51:50 +00:00 committed by Carles Cufí
commit 637bd8f587
3 changed files with 37 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/arch/common/ramfunc/testcase.yaml
View file

@ -1,6 +1,6 @@
tests:
arch.common.ramfunc:
filter: CONFIG_ARCH_HAS_RAMFUNC_SUPPORT
filter: CONFIG_ARCH_HAS_RAMFUNC_SUPPORT and not CONFIG_ARM_MPU_PXN
tags:
- arm
- userspace