Skip to content

aarch64: Restrict address mappings in loader.rs#464

Open
bruelc wants to merge 1 commit intoseL4:mainfrom
bruelc:master-mmuloader
Open

aarch64: Restrict address mappings in loader.rs#464
bruelc wants to merge 1 commit intoseL4:mainfrom
bruelc:master-mmuloader

Conversation

@bruelc
Copy link
Copy Markdown

@bruelc bruelc commented Apr 1, 2026

Hello,

This is a rework of the existing support committed in elfloader:
seL4/seL4_tools#244
and discussed here:
https://lists.sel4.systems/hyperkitty/list/devel@sel4.systems/thread/DJNDO5CUQBKGIA4SQHXCNQ3T6SKZEY4A/

This patch limits the 1:1 address mapping in the loader to cover only the necessary blocks using level-2 translation tables with 2MB blocks. The UART MMIO address is now exposed as a global uart_addr variable.

This prevents speculative accesses to device or secure memory, which could otherwise cause faults or unwanted side effects.

This has been tested only on STM32MP2. Testers on other platforms would be greatly appreciated.

Thank you for your review.

@bruelc
aarch64: Restrict address mappings in loader.rs
ba1a808 
Limit the 1:1 address mapping in the loader to cover only the
necessary blocks using level-2 translation tables and with 2MB blocks.
Don't map device memory at all, therefore, printf must not be used
in the elfloader after the MMU is enabled.

This prevents speculative accesses to device or secure memory which
otherwise would cause faults or unwanted side-effects.

Signed-off-by: Christian Bruel <christian.bruel@foss.st.com>
@bruelc bruelc mentioned this pull request Apr 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bruelc