[PATCH] ARM: decompressor: Disable SCTLR.UWXN and SCTLR.WXN on armv7 MMU enable

Next message: Wangao Wang: "[PATCH v8 1/5] dt-bindings: media: qcom,sm8550-iris: Add X1P42100 compatible"
Previous message: Wangao Wang: "[PATCH v8 2/5] media: iris: Add hardware power on/off ops for X1P42100"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Antonio Borneo

Date: Fri May 29 2026 - 03:40:10 EST

The bits 19 and 20 of the register SCTLR were reported as reserved
RAZ/SBZP in the ARM DDI 0406 "Architecture Reference Manual ARMv7-A
and ARMv7-R" till version B of the manual.

>From version C of the manual, published in 2011, for devices with
Virtualisation Extension, these two bits have new functionality:
- SCTLR.WXN, bit[19]: if set, forces regions with write permission
to be XN (execute never);
- SCTLR.UWXN, bit[20]: if set, forces regions with write permission
to be XN for PL1 accesses.

The kernel decompressor initializes the MMU with a simple setup
where all the RAM that it's supposed to be used is mapped as RWX
(read/write/execute).
With this MMU setup, the kernel decompressor crashes with a fetch
abort if an element in the boot chain has set either of these two
bits.

Clear the SCTLR.UWXN and SCTLR.WXN bits while enabling the MMU on
armv7.

Signed-off-by: Antonio Borneo <antonio.borneo@xxxxxxxxxxx>
---
arch/arm/boot/compressed/head.S | 1 +
1 file changed, 1 insertion(+)

diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index 9f406e9c0ea6f..e4adfaf0411b6 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -886,6 +886,7 @@ __armv7_mmu_cache_on:
@ (needed for ARM1176)
#ifdef CONFIG_MMU
ARM_BE8( orr r0, r0, #1 << 25 ) @ big-endian page tables
+ bic r0, r0, #3 << 19 @ clear SCTLR.UWXN and SCTLR.WXN
mrcne p15, 0, r6, c2, c0, 2 @ read ttb control reg
orrne r0, r0, #1 @ MMU enabled
movne r1, #0xfffffffd @ domain 0 = client

base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
--
2.34.1