Move writable data to a higher block of memory.
This means we can map the text and rodata sections read-only, and enable
WXN. The data section must be copied from its (now readonly) load
address to the writable block.
Bug: 223166344
Test: Ran unprotected VM under crosvm.
Change-Id: I9105f200c8bd937f6e3a504fed7d0fb5e38ff366
diff --git a/pvmfw/idmap.S b/pvmfw/idmap.S
index f5050af..f1df6cc 100644
--- a/pvmfw/idmap.S
+++ b/pvmfw/idmap.S
@@ -30,7 +30,8 @@
.set .L_BLOCK_RO, .L_TT_TYPE_BLOCK | .L_TT_MT_MEM | .L_TT_AF | .L_TT_RO | .L_TT_XN
.set .L_BLOCK_DEV, .L_TT_TYPE_BLOCK | .L_TT_MT_DEV | .L_TT_AF | .L_TT_XN
-.set .L_BLOCK_MEM_XIP, .L_TT_TYPE_BLOCK | .L_TT_MT_MEM | .L_TT_AF | .L_TT_NG
+.set .L_BLOCK_MEM, .L_TT_TYPE_BLOCK | .L_TT_MT_MEM | .L_TT_AF | .L_TT_XN | .L_TT_NG
+.set .L_BLOCK_MEM_XIP, .L_TT_TYPE_BLOCK | .L_TT_MT_MEM | .L_TT_AF | .L_TT_NG | .L_TT_RO
.section ".rodata.idmap", "a", %progbits
.global idmap
@@ -45,4 +46,5 @@
/* level 2 */
0: .quad .L_BLOCK_RO | 0x80000000 // DT provided by VMM
.quad .L_BLOCK_MEM_XIP | 0x80200000 // 2 MB of DRAM containing image
- .fill 510, 8, 0x0
+ .quad .L_BLOCK_MEM | 0x80400000 // 2 MB of writable DRAM
+ .fill 509, 8, 0x0