You copied the Doc URL to your clipboard.

Access permissions

Access permissions are controlled through translation table entries. Access permissions control whether a region is readable or writeable, or both, and can be set separately to EL0 for unprivileged and access to EL1, EL2, and EL3 for privileged accesses, as shown in the following table.

AP

Unprivileged (EL0)

Privileged (EL1/2/3)

00

No access

Read and write

01

Read and write

Read and write

10

No access

Read-only

11

Read-only

Read-only

The operating system kernel, as normal, runs in EL1. The OS defines the translation table mappings, which are used by the kernel itself and by the applications that run at EL0. Some distinction between unprivileged and privileged access permissions is required as the kernel specifies different permissions for its own code and for applications.

The hypervisor, which runs at EL2, and the EL3 Secure monitor only have translation schemes for their own use and there is no need for a split in permissions between privileged and unprivileged.

Another kind of access permission is the executable attribute. Blocks can be marked as executable or non-executable (Execute Never (XN)). The Unprivileged Execute Never (UXN) and Privileged Execute Never (PXN) attributes can be set separately. This is used to prevent, for example, application code running with kernel privilege, or attempts to execute kernel code while in an unprivileged state. Setting these attributes prevents the processor from performing speculative instruction fetches to the memory location and ensures that speculative instruction fetches do not accidentally access locations that might be perturbed by such an access, for example, a First in, First out (FIFO) page replacement queue. As a result, device regions must always be marked as XN.

access_permissions.png

You can configure the processor to treat writeable regions as Execute Never, using the following bits in the SCTLR registers:

  • WXN. Regions writeable at EL0 are treated as XN at EL0 and EL1. Regions writeable at EL1 are treated as XN at EL1.
  • SCTLR_EL2 and 3.WXN. Regions writeable at ELn are treated as XN at ELn.
  • UWXN. Regions writeable at EL0 are treated as XN at EL1. This is for AArch32 only.

The SCTLR_ELn bits can be cached in a TLB entry. Changing the bit in the SCTLR might not affect entries already in the TLBs. When modifying these bits, a TLB invalidate and ISB sequence is necessary.

Was this page helpful? Yes No