commit a0ecabdae4045491f9cf64108cd8d3f64d45c3e3
author Andrew Walbran <qwandor@google.com> Mon Apr 11 14:26:18 2022 +0000
committer Andrew Walbran <qwandor@google.com> Wed Apr 13 14:12:16 2022 +0000
tree 43f7c8049f324cb724d3e872577cb2b117b7dae5
parent 267f6c1fcc0015ffe404e20031ecbf697acfa37f

Move writable data to a higher block of memory.

This means we can map the text and rodata sections read-only, and enable
WXN. The data section must be copied from its (now readonly) load
address to the writable block.

Bug: 223166344
Test: Ran unprotected VM under crosvm.
Change-Id: I9105f200c8bd937f6e3a504fed7d0fb5e38ff366

pvmfw/image.ld

diff --git a/pvmfw/image.ld b/pvmfw/image.ld
index e08fbe2..4655f68 100644
--- a/pvmfw/image.ld
+++ b/pvmfw/image.ld
@@ -18,6 +18,7 @@
 {
 	dtb_region	: ORIGIN = 0x80000000, LENGTH = 2M
 	image		: ORIGIN = 0x80200000, LENGTH = 2M
+	writable_data	: ORIGIN = 0x80400000, LENGTH = 2M
 }
 
 /*
@@ -82,7 +83,9 @@
 		 */
 		. = ALIGN(32);
 		data_end = .;
-	} >image
+	} >writable_data AT>image
+	data_lma = LOADADDR(.data);
+
 	/* Everything beyond this point will not be included in the binary. */
 	bin_end = .;
 
@@ -93,14 +96,14 @@
 		*(COMMON)
 		. = ALIGN(16);
 		bss_end = .;
-	} >image
+	} >writable_data
 
 	.stack (NOLOAD) : ALIGN(4096) {
 		boot_stack_begin = .;
 		. += 40 * 4096;
 		. = ALIGN(4096);
 		boot_stack_end = .;
-	} >image
+	} >writable_data
 
 	/*
 	 * Remove unused sections from the image.