From nobody Sun Feb 8 04:11:30 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEEBD17AE11 for ; Mon, 19 Jan 2026 16:56:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841783; cv=none; b=n7T4huvJg9ODgFDLpN0y8gXhWZkf6VhfQjW+8U7Tq71XiwineGpCJnJTXfOZ6DVLee1XR/siHC7uV+n4u/2rL57yyFV3ok5877ePfRu5OrH9+70gan50N/s9bcEsB/mHhnoNqTtQopqHUSF/72eV0FYl6fX5lqPsOb6oOa4Ott4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841783; c=relaxed/simple; bh=/YnhQ/jVzLR/fMSw9NDdL1umAtJHUy1qKpqUa4B8LO8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZErkznDJbdCi531hKp2j1VWCRK1SP1RcfFd/wTJjSuR/d0FCa4SNSU/R0Na1EyPdCIAo6O/dDJQm1VK3kA2Zb832fSF8w66MCfNgfxGLmP74Y1ghNmiE41sEUfbQ2jMgvyfNLkva8NScyXhsF/0EfP8umbxaoI6r982NDeoOplI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IdvAgrzO; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IdvAgrzO" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4801da6f5c9so39059645e9.1 for ; Mon, 19 Jan 2026 08:56:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768841780; x=1769446580; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LYzWrHN2Tb1+sOzqvSgFkFnU6zAOyR4NYaLGjHgj3Gc=; b=IdvAgrzOWeodPQ1Awc1SMD/40r4kICo0PxFUJkllf+tMoanpwhlILOx7uVUtwVTNou H4WvNDBm9kdSRWvnWVOVsp/EMhQOkaldomzzf43M8YYRqMvBdkq5Mu/rxEpjaCspxNna ZUohpWOLIQiN9Dg2WkYYRHy99IVxM025wBBklI8zFC1/TQVQua2OclvoiZtxFOGcSyTn Ch3+1iS5xpTYFDNi1m4pc2p4mnfA9Nq7Jd0s4rDrq+0co+K53ugdGu+oa0LiOv6yH2kK Fz6K36zjZLS3Us+icBu6mt5E6a4r2b/zVDMy1I9nnfEUMKUvmzV5KGHdVc6KSYszqlkK dlew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768841780; x=1769446580; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LYzWrHN2Tb1+sOzqvSgFkFnU6zAOyR4NYaLGjHgj3Gc=; b=c27q59dVlLRyLnYlpeF0hUm8mnIQWO4OjoRJGKosP09M6OcBuUUhKnu5BGuZWjr3sj MiLi85pKCMuKbxcq1VfnuAXaMJ+ize3cWDfsYTS3Jc48U3I5q/AJFS1W9elRkFQ4p60/ L9lWly7TCBJXjEdKr/d8HbuSeEkEGZRmB12gIxJvyp3g8J1UpA1s5t9FGKx/9pK5kcQ6 nsD/QoQmGFDyfrmJCzaKnjp+9xFz6l/h31iGrvRV6eI+e02kNIDBvf+cZK2+FITOOoW0 xu3TkQE5t7sIrmmhK88RkUhdhfuruja/t2h5lkjkJyXdxmN8RrXWMkuwh0mKQhgMdfuR WmKw== X-Gm-Message-State: AOJu0Yzh0y0Z5OgyLRRzh2p1V91ac9OSegwQHOU4BaNaAB8AVIUaHADB 9jbMa57pm5i6VrXADszCH4gaed/zNN9OvJK5rtFWDkV2zH/PzEzxi2jOD64E7TVebNo46CniC9O RSlvqwJyhnef47righyEeFiQl0qmp4h8j3qcAAeVNHq0d1YlibjO4qFb731sH1ZGYwQ8z9cog9T mVU6P/6BGFtvVu2OQr8At8xz8NtTbBA/kO4A== X-Received: from wmpb25.prod.google.com ([2002:a05:600c:4a99:b0:47b:d5ad:dd7f]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:e41a:b0:46e:4b79:551 with SMTP id 5b1f17b1804b1-48024b8a77bmr128214125e9.31.1768841780129; Mon, 19 Jan 2026 08:56:20 -0800 (PST) Date: Mon, 19 Jan 2026 17:47:49 +0100 In-Reply-To: <20260119164747.1402434-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260119164747.1402434-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1953; i=ardb@kernel.org; h=from:subject; bh=pH0qhntASVe+teACB8I8uAP7qr08zJ3z+pk5XF62igc=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITMvweSMgsuupXxNr0PWybb8ujf3yOU1itoSQq7c0065f Z8VkBnSUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACaybQojw2m+xOC8P0r+H/tO 6zxuMe87bfe0y1tx/vpp52vmpfLeE2RkOGF3SK/uxKbJNStMdZZUq29ym8Bp9G+XeKXTBb0f3fn yPAA= X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260119164747.1402434-7-ardb+git@google.com> Subject: [PATCH 1/4] arm64: Move fixmap page tables to end of kernel image From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Move the fixmap page tables out of the BSS section, and place them at the end of the image, right before the init_pg_dir section where some of the other statically allocated page tables live. These page tables are currently the only data objects in vmlinux that are meant to be accessed via the kernel image's linear alias, and so placing them together allows the remainder of the data/bss section to be remapped read-only or unmapped entirely. Signed-off-by: Ard Biesheuvel --- arch/arm64/kernel/vmlinux.lds.S | 5 +++++ arch/arm64/mm/fixmap.c | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.ld= s.S index ad6133b89e7a..df530e6f3e53 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -334,6 +334,11 @@ SECTIONS __pi___bss_start =3D __bss_start; =20 . =3D ALIGN(PAGE_SIZE); + .pgdir : { + __pgdir_start =3D .; + *(.fixmap_bss) + } + __pi_init_pg_dir =3D .; . +=3D INIT_DIR_SIZE; __pi_init_pg_end =3D .; diff --git a/arch/arm64/mm/fixmap.c b/arch/arm64/mm/fixmap.c index c5c5425791da..b649ea1a46e4 100644 --- a/arch/arm64/mm/fixmap.c +++ b/arch/arm64/mm/fixmap.c @@ -31,9 +31,10 @@ static_assert(NR_BM_PMD_TABLES =3D=3D 1); =20 #define BM_PTE_TABLE_IDX(addr) __BM_TABLE_IDX(addr, PMD_SHIFT) =20 -static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __page_aligned_bss; -static pmd_t bm_pmd[PTRS_PER_PMD] __page_aligned_bss __maybe_unused; -static pud_t bm_pud[PTRS_PER_PUD] __page_aligned_bss __maybe_unused; +#define __fixmap_bss __section(".fixmap_bss") __aligned(PAGE_SIZE) +static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __fixmap_bss; +static pmd_t bm_pmd[PTRS_PER_PMD] __fixmap_bss __maybe_unused; +static pud_t bm_pud[PTRS_PER_PUD] __fixmap_bss __maybe_unused; =20 static inline pte_t *fixmap_pte(unsigned long addr) { --=20 2.52.0.457.g6b5491de43-goog From nobody Sun Feb 8 04:11:30 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FA082BF001 for ; Mon, 19 Jan 2026 16:56:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841784; cv=none; b=eKomJbff99ndxaf1nI1ZuhgNPl/2iPY3k/NEXFb5Rzy2Dup8rFWQtFDMrVpjtMcdmfYUJVRPyG2uvdd+YZO9VuxOt9aAqBAoDSPccb1UiIsiGt24a16WkkEkLOOsEvMp0MtzHJoCxSkZyHgdKCGBq4MmyJb9SzFigsQdQD8+FnE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841784; c=relaxed/simple; bh=GL+pCOWxlU4aBfFzpIGeiFGwOp/CfneCFakRaSiTg7A=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YmDGBAt0BtA55t3QDL8KVh2YMBKvvadXa8CGqKbYjuO8lX3LEXrtvrwtzuw6xc3jm7GP7xFiM6wlj83CwrxxUQfgWTxY6CXOZS+z/WR+77qy69wP73h21cIAkst+9Hwp9MCFl+8p88XqAorE7ANU6fJpN8sS/2GewZTEVz64Z10= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Gjg7gnZp; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Gjg7gnZp" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-47fff4fd76dso31068445e9.3 for ; Mon, 19 Jan 2026 08:56:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768841781; x=1769446581; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=g7DSKOLf1JwHasuEDglCrdB4m0c5EheeJOADb/4PLxs=; b=Gjg7gnZpmnPJOWjk5rsdlppueF0KCldrtvX3VQgkpXz72kjmcYLucTmVNspmboBznY 2waHcVIQvx+AW9lddglHPCKecxJ+ljwwZJWCRIZaOgXMKi6TGRXf9F4cimtLP75PY7sO vSZQv1/ZzSorkIttXNDZ6cWF+dF26jsdIe41F49C1Cd9ONnYB9GHMhrFp8fcbNfArpi1 y8W5Ly3vLR3u5FDa7Y5XEqsoWoCllQDsA9QdKkmTKqA6qHYpna6Bb4w0TvayHtACjICA lOcy99OTnEfHEH0bBa8jK8K75/NqQZNmJEKBDDMoNmZroQlgCdoSwZF/2wcoBENEPJfF 5wEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768841781; x=1769446581; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=g7DSKOLf1JwHasuEDglCrdB4m0c5EheeJOADb/4PLxs=; b=DdkHZaGopGN+dNmMkPGeCZufwsCZR9Hf7J3DN6fjCStDdYaaxb4aia2pxq/61rQlv2 v9ujPYnGPpWbGK8gWARqGs9UKy8o5lRt5jfdW6O9MQ4CdqujzAuyas63T1ggsD5TgeNY d3YYmwx/72DVAepB7b1KMuI6D2RsvPJ7pG45IbRPks1IXHR6QDOxvgR/70NTL6YU854l lDkOyV02uB0s7mdjLGI0MwdIo04EoRYBgosQgmkHvZc38FsHXjM3yhrmDFgoYUGOPsY9 JK+4J0Y6v4ql7jC+Y9AAaIOGcMiBIFDOiKogo3Sw/zxhCex/2WNEPxyMDu/1TGe1ioO3 3gIQ== X-Gm-Message-State: AOJu0Yzc39+2unjkNPK2k0tlaovbX7cS4SkmGMmqXllBofl14GDbLe5X ZGdgbBqcJ0uzQnEnjIwVmbEJQz9jO+teFRJIUpmHVu1UwoaPN2T4G0ziI6+CtjfaglMRegWzSd6 dx7osAC9E0QiEjYgZxrV0Mh77barTNGRhIrE/oRxe5XHohk+eIJmykyrFRQ85WFPol18YYBaVY0 IEMJwqjo3oO0IuKHg13WzJXRLSfd4yONg5JQ== X-Received: from wmbej6.prod.google.com ([2002:a05:600c:3e86:b0:47e:df88:7cfe]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:458d:b0:47d:264e:b435 with SMTP id 5b1f17b1804b1-4801e34209cmr132069005e9.22.1768841780932; Mon, 19 Jan 2026 08:56:20 -0800 (PST) Date: Mon, 19 Jan 2026 17:47:50 +0100 In-Reply-To: <20260119164747.1402434-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260119164747.1402434-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3107; i=ardb@kernel.org; h=from:subject; bh=YrSGOpU4qNxhCTfRtGfyxeLhK1Fead/uCkhL+lifxpA=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITMvwdSGu/8qa+8TA732DkZmBYst747LP9BzcpcMTeb6n JDQ7NZRysIgxsUgK6bIIjD777udpydK1TrPkoWZw8oEMoSBi1MAJqLWzshwa/KfPfxu/vcdp9h2 W5qsVV78vbr429dVL3bWSkYb3/2ykpGha9HT9ayrrHMuTF0q299789eMl8dsctkfv9uVMfeM/61 pTAA= X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260119164747.1402434-8-ardb+git@google.com> Subject: [PATCH 2/4] arm64: Map the kernel data/bss read-only in the linear map From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel On systems where the bootloader adheres to the original arm64 boot protocol, the placement of the kernel in the physical address space is highly predictable, and this makes the placement of its linear alias in the kernel virtual address space equally predictable, given the lack of randomization of the linear map. The linear aliases of the kernel text and rodata regions are already mapped read-only, but the kernel data and bss are mapped read-write in this region in this region. This is not needed, so map them read-only as well. Note that the statically allocated kernel page tables do need to be modifiable via the linear map, so leave these mapped read-write. Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/mm/mmu.c | 14 ++++++++++++-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index 137a173df1ff..8b64d2fcb228 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -77,7 +77,7 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys= _addr_t phys, unsigned long virt, phys_addr_t size, pgprot_t prot, bool page_mappings_only); extern void *fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t pro= t); -extern void mark_linear_text_alias_ro(void); +extern void remap_linear_kernel_alias(void); extern int split_kernel_leaf_mapping(unsigned long start, unsigned long en= d); extern void linear_map_maybe_split_to_ptes(void); =20 diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c index 1aa324104afb..b5f888ab5d17 100644 --- a/arch/arm64/kernel/smp.c +++ b/arch/arm64/kernel/smp.c @@ -441,7 +441,7 @@ void __init smp_cpus_done(unsigned int max_cpus) hyp_mode_check(); setup_system_features(); setup_user_features(); - mark_linear_text_alias_ro(); + remap_linear_kernel_alias(); } =20 void __init smp_prepare_boot_cpu(void) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 8e1d80a7033e..2a18637ecc15 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1023,14 +1023,24 @@ static void __init __map_memblock(pgd_t *pgdp, phys= _addr_t start, prot, early_pgtable_alloc, flags); } =20 -void __init mark_linear_text_alias_ro(void) +static void remap_linear_data_alias(void) +{ + extern const u8 __pgdir_start[]; + + update_mapping_prot(__pa_symbol(__init_end), (unsigned long)lm_alias(__in= it_end), + (unsigned long)__pgdir_start - (unsigned long)__init_end, + PAGE_KERNEL_RO); +} + +void __init remap_linear_kernel_alias(void) { /* - * Remove the write permissions from the linear alias of .text/.rodata + * Remove the write permissions from the linear alias of the kernel */ update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text), (unsigned long)__init_begin - (unsigned long)_text, PAGE_KERNEL_RO); + remap_linear_data_alias(); } =20 #ifdef CONFIG_KFENCE --=20 2.52.0.457.g6b5491de43-goog From nobody Sun Feb 8 04:11:30 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74BE22EDD69 for ; Mon, 19 Jan 2026 16:56:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841785; cv=none; b=mLEYq2EuSHuPV7to+HZRBUpXF6+YdYMtw7JRxt4YDxKggY48MlGqpOLpag9Uesk2J60KafoTM1J50rvPu6vVyqcHPOklF45RZeLWnRlXkKHZFuq7D9/zlPnLVa4tHs6N+nJ/xG58lYevxLrqGZ4Yd0478fD9HVnj16hnaelbZZk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841785; c=relaxed/simple; bh=anxADXLWdSABqbbyohzfwVkWZclF+8wtk9Iwyd0TOu0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ATpJc56egvCWX9Amfpxi3v50ao4cKEKq7punGfp1/9b7qXCdVyVduQ9EGSHyQUGzxc47hZVPY8aXwkqBmziW6Vh6OSHGrRIbUntP0CZQ0uprZld13y/M0MDQ3y8edcQGZC0Rj1ZI2bht2U2JaQG+4B2aSKOc66PKpuNpXaQ+DKA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ZcrZh60/; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZcrZh60/" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-47ee7346f8bso24317615e9.2 for ; Mon, 19 Jan 2026 08:56:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768841782; x=1769446582; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=STJgeRyQ9rhOeIpgNqhbFckDIyyYMzqEc78U5iILh00=; b=ZcrZh60/lGFoCz45hdlPtEKBYYM2Pyj2RHbXZAx9tMyqU+ITQFkgqZvtGBg0+otXXP JP9p8/vKDbpojWQKmFlHzodr0wVJaqrpbjJu13UfgvDxQouhD1FfmGGsD7PjSJvF6BKt ja5LSR9S74tMW1pJGDQbZQkIwFkKkmGRDUGElOSzut2UJU6toRtQL6xD4K1YuJ7AQc6T 9wnG6eCWrlfOZeJwyXrobF9nGEMCf2Fa57e4EI/itpSV8R4oIkvz2GLYDFf3+QAPmN9L zpWkUD0XBvE3yhevfm70Ucogd3yVI2991J0hT66JpyWmxeZs1CQpMvoqoUjejZ/ZY3Wg MtPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768841782; x=1769446582; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=STJgeRyQ9rhOeIpgNqhbFckDIyyYMzqEc78U5iILh00=; b=diqfOpTNkrJn29tMhm6RJ94KftKApLumSf+E2OMvrYpUJeL7KWrBpPp9PYgTxAP3MW 9twceHPVaHCEzBRUoH58sz5ljAB7i0LiDTj1MJ5mMgI0L+xcEtWq+XQU2KratqjlPnbi neD0e3qIHcTQcsZX6SiyQL5NIbSAfXfRmXZH2HKHc1fYF1KIP1MBdP8KasTsK3mzPiGg o0d0hRtES2qWWUZ3ZhuXOlMdOpmotj6qZ9EA09+7PjLcCNG3JCJn+NAbQJ7ywUcdJdN1 z0zT66d6keRw8fzaxs/cXYSzx/y6CfzNQyu5koJIAY6R4EbSrEyKI41l3J32+qn/vI/6 7Bsg== X-Gm-Message-State: AOJu0Yw2Ou9BrtCHimUzf9luX+jhgymRd6XkbMTGn5lhPHbdUOeo0bAT ez1lWCVTH4pC7WOIdTW5iLQjG/arKcBXHSWMD44u6DX3ZNn+A376aSgqFeCr9DTKw+QoABvAXJs gCTRbDsRfllySaYMpLyCQsw9auMolHBN/mDxt1963Dy4MFzhxO3digciusMcM1vcxqSqtlZgK0c 0WY1LNoaR4F/qgch/W7Lyq7raFkXdGM8ok1Q== X-Received: from wmpl26.prod.google.com ([2002:a05:600c:89a:b0:47e:dc0c:276f]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1c28:b0:45d:f81d:eae7 with SMTP id 5b1f17b1804b1-4801eb109e0mr143811185e9.28.1768841782028; Mon, 19 Jan 2026 08:56:22 -0800 (PST) Date: Mon, 19 Jan 2026 17:47:51 +0100 In-Reply-To: <20260119164747.1402434-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260119164747.1402434-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=912; i=ardb@kernel.org; h=from:subject; bh=ntHgf/B5rJ53w9Bpw1t4lvz9osH4/R661+iGUCVVrMg=; b=kA0DAAoWMG4JVi59LVwByyZiAGluYDWjUrFAokWqtXDSeMp+fXT75fRWyZSWbI99Ms6WNd75g 4h1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmluYDUACgkQMG4JVi59LVxCrgD/Z9M5 i4NwfvsUUSXv+UZafROf6v5ISFsyVqAdG/yUKToBAI84KHD/NB176E35kaZByGlx6nYy+/owAfj bvWNO+8YO X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260119164747.1402434-9-ardb+git@google.com> Subject: [PATCH 3/4] arm64: Move the zero page to rodata From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The zero page should contain only zero bytes, and so mapping it read-write is unnecessary. Move it to __ro_after_init instead. Signed-off-by: Ard Biesheuvel Reviewed-by: Anshuman Khandual --- arch/arm64/mm/mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2a18637ecc15..d978b07ab7b8 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -68,7 +68,8 @@ long __section(".mmuoff.data.write") __early_cpu_boot_sta= tus; * Empty_zero_page is a special page that is used for zero-initialized data * and COW. */ -unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)] __page_al= igned_bss; +unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)] + __ro_after_init __aligned(PAGE_SIZE); EXPORT_SYMBOL(empty_zero_page); =20 static DEFINE_SPINLOCK(swapper_pgdir_lock); --=20 2.52.0.457.g6b5491de43-goog From nobody Sun Feb 8 04:11:30 2026 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 722BE2F360A for ; Mon, 19 Jan 2026 16:56:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841786; cv=none; b=tBxnvsrKKQXrfi207IfvzLdSs4axTytdaZyk21Uix2ako43Q2Bf2KpqWJ6RescgSGgpJOvRpOEDvr/dk7ArPUBz1RNoy7eINNNsmPaClDxwfpUwIovjPKog+RKAPwzaaZ1K1ArGmAXy4cVY7FzTjWvwIguEA8QAcYQVohAcCRI4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841786; c=relaxed/simple; bh=JeQwVjuVQ0xF1q76mPBesPoJDEbrkYN4EZcEzfje69U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Dz8gfZdXIIPeSxkngvJy390fwB01wgcFzzmg3q2x4Z6lvW3EP/OivO6ytxDN+4xr0A+cVGv9Q6OJieA1W7Dh618AVhDBFmixHnnVTeaDgCIFDzdG9XQzDq7fj0iVPTaKmLSow38szQwU9EpsPp2yTWTDGlKTg1pxJd9Ac0y/oS4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=a2oRuGbl; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="a2oRuGbl" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4802bb29400so27048815e9.0 for ; Mon, 19 Jan 2026 08:56:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768841783; x=1769446583; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=s4EUsFWvfNG6jYO8IfY/OM++lXiUoY+wEqYUoCpTy24=; b=a2oRuGblFgherNdSsiT9DGVW61Csb7mS2eltU5lQ2r8PagPXlWLLgBVyUT4Qj5GY9X p0dApmFJKG3i3Zh/xBOT8H/RXQhyKRTDicBjRxxo6qNG4Ahv/pFFVEVnKI4V4oykNiOB Ck+3VwQdjUeODBOIQdJ/SmNWrvw0QhKqTKAmSyZiiN+7CwNspI5S3Ex8demKNT0iK32B GSXqbtp3o8ep7RfP2YRS/01AJgbEMb3ut6d+14Bv9aTWag5wXG+BoZJf/3X5xmrCkin7 lxb9DQRIgJWU0KFwNRPmsdiiRR8rOHDcKHl8hof7I+LeNWc39Mb+RClXvpqBSj2JAvyt TCKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768841783; x=1769446583; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s4EUsFWvfNG6jYO8IfY/OM++lXiUoY+wEqYUoCpTy24=; b=NneyI+56nbCQNNebo+xwF0tXDG5mEkFc4JvnTCWuoq7TWjEXzlxAw9eXZfNSb9VuGe 7TwAraZ56C7hOW9CoFFY2tRJNCXr0JawdYWTwVh+sTdaIb4xGLgbdk8KyYaGZLahyOAh WiA3eC8ssZmL5U358ZmUj4gX5HWJDFv2sZGe5yEMILzBiOJbvIBvorVULi6nR9kMNsPV H7rnefUXRzdoW5mVE4Fsa9ORnO6P6vX4dhwdpHYUFoKg3+BaMcI3+fHmuK8R5su73okH gbrHitBG/oDxaYhxsTi7CaG1RTJGSs5mbBdSAab8m+F74qm+QNp4GkO15J7nzitDhPs/ yubQ== X-Gm-Message-State: AOJu0YwMKICsDmXxnY/FCO1mwtL7n3V31zRbAMebF471q3eC0XqmykOp zws2Mr8zAwrR869ZcdT9QeZMQIwb6Giweet9Wpq8lUjBUmBg9xkZOvW680h1+8BW9Z+9+hF4vhS tOBNT9YX8Rweh4fO90nLpEplcuwCYcUXXylOJHKkKNmCdAgcIeH2ZNDLMVrDVQvbBuy+Uy6cCAf mJPvtD30gj0oDQYcJuIqKo2xzAuZPEijFpZA== X-Received: from wmbil25.prod.google.com ([2002:a05:600c:a599:b0:46e:1e57:dbd6]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:c4a4:b0:477:7bca:8b2b with SMTP id 5b1f17b1804b1-4801e2fef34mr171303545e9.15.1768841782852; Mon, 19 Jan 2026 08:56:22 -0800 (PST) Date: Mon, 19 Jan 2026 17:47:52 +0100 In-Reply-To: <20260119164747.1402434-6-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260119164747.1402434-6-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2890; i=ardb@kernel.org; h=from:subject; bh=HeK0fa8eNZm3Eo/TOMdG37o/i93rJtICIBf0MiUiyLQ=; b=kA0DAAoWMG4JVi59LVwByyZiAGluYDagcqUCy3hpyhYgUZ3by359BPtdnqvGGIUf1J2q5Ky8V 4h1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmluYDYACgkQMG4JVi59LVwiAAEAgPny UNC2NLOejTSjxWEADXgkQHtHk7sF7wOU/hyIz6sA/3fsOe3Kx6zKyfjmM753VqL6Q0RxK1tUOYJ IOcLB1eEB X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260119164747.1402434-10-ardb+git@google.com> Subject: [PATCH 4/4] arm64: Unmap kernel data/bss entirely from the linear map From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The linear aliases of the kernel text and rodata are mapped read-only as well. Given that the contents of these regions are mostly identical to the version in the loadable image, mapping them read-only is a reasonable hardening measure. Data and bss, however, are now also mapped read-only but the contents of these regions are more likely to contain data that we'd rather not leak. So let's unmap these entirely in the linear map when the kernel is running normally. Only when going into hibernation or waking up from it do these regions need to be mapped, so take care of this using a PM notifier. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 35 ++++++++++++++++++-- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index d978b07ab7b8..7b3ce9cafe64 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -1024,13 +1025,13 @@ static void __init __map_memblock(pgd_t *pgdp, phys= _addr_t start, prot, early_pgtable_alloc, flags); } =20 -static void remap_linear_data_alias(void) +static void remap_linear_data_alias(bool unmap) { extern const u8 __pgdir_start[]; =20 update_mapping_prot(__pa_symbol(__init_end), (unsigned long)lm_alias(__in= it_end), (unsigned long)__pgdir_start - (unsigned long)__init_end, - PAGE_KERNEL_RO); + unmap ? __pgprot(0) : PAGE_KERNEL_RO); } =20 void __init remap_linear_kernel_alias(void) @@ -1041,7 +1042,7 @@ void __init remap_linear_kernel_alias(void) update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text), (unsigned long)__init_begin - (unsigned long)_text, PAGE_KERNEL_RO); - remap_linear_data_alias(); + remap_linear_data_alias(true); } =20 #ifdef CONFIG_KFENCE @@ -2257,3 +2258,31 @@ int arch_set_user_pkey_access(struct task_struct *ts= k, int pkey, unsigned long i return 0; } #endif + +#ifdef CONFIG_HIBERNATION +static int arm64_hibernate_pm_notify(struct notifier_block *nb, + unsigned long mode, void *unused) +{ + switch (mode) { + case PM_HIBERNATION_PREPARE: + case PM_RESTORE_PREPARE: + remap_linear_data_alias(false); + break; + case PM_POST_HIBERNATION: + case PM_POST_RESTORE: + remap_linear_data_alias(true); + break; + } + return 0; +} + +static struct notifier_block arm64_hibernate_pm_notifier =3D { + .notifier_call =3D arm64_hibernate_pm_notify, +}; + +static int arm64_hibernate_register_pm_notifier(void) +{ + return register_pm_notifier(&arm64_hibernate_pm_notifier); +} +late_initcall(arm64_hibernate_register_pm_notifier); +#endif --=20 2.52.0.457.g6b5491de43-goog