Access permissions are controlled through translation table entries. Access permissions control whether a region is readable or writeable, or both, and can be set separately to EL0 for unprivileged and to EL1, EL2, and EL3 for privileged accesses, as shown in Table 12.4.
|AP||Unprivileged (EL0)||Privileged (EL1/2/3)|
|00||No access||Read and write|
|01||Read and write||Read and write|
The operating system kernel runs in execution level EL1. It defines the translation table mappings, which are used by the kernel itself and by the applications that run at EL0. Distinction between unprivileged and privileged access permissions is required as the kernel specifies different permissions for its own code and for applications. The hypervisor, which runs at execution level EL2, and Secure monitor EL3 only have translation schemes for their own use and therefore there is no need for a privileged and unprivileged split in permissions.
Another kind of access permission is the executable attribute. Blocks can be marked as executable or non-executable (Execute Never (XN)). You can set the attributes Unprivileged Execute Never (UXN) and Privileged Execute Never (PXN) separately and use this to prevent, for example, application code running with kernel privilege, or attempts to execute kernel code while in an unprivileged state. Setting these attributes prevents the processor from performing speculative instruction fetches to the memory location and ensures that speculative instruction fetches do not accidentally access locations that might be perturbed by such an access, for example, a First in, First out (FIFO) page replacement queue. Therefore, device regions must always be marked as Execute Never.
You can configure the processor to treat writeable regions as Execute Never, using the following bits within the SCTLR registers:
SCTLR_EL1.WXN. Regions writable at EL0 are treated as XN at EL0 and EL1. Regions writable at EL1 are treated as XN at EL1.
SCTLR_EL2 and 3.WXN. Regions writable at ELn are treated as XN at ELn.
SCTLR.UWXN. Regions writable at EL0 are treated as XN at EL1. This is for AArch32 only.
The SCTLR_ELn bits can be cached in a
TLB entry. Therefore, changing the bit in the SCTLR might not affect
entries already in the TLBs. When modifying these bits, a TLB invalidate
and ISB sequence is necessary. See Barriers for information about the