From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1963314B6E
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419657; cv=none;
 b=cKMfxJB608VV7fW2/dXKcoGcC1+qCS+T+BEBb5n+hEy1ySr9lK9EumioOZQvzysPr76y/4PZObg7P9oEhRqYFsSynkrKwI/yyMNO2RLHzMCOlm5e6KHS7aoxgczVOIxcG97dWPyofw+1jfr/s70gE1A8JX7evemiTBzlcDqchys=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419657; c=relaxed/simple;
	bh=/mS5vrpdZEwApyEGgheVcW1Dk9n+fhKrSotOnCaSkhY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=B+/25faYvUbdPHKy6RaRM6zZjhIpDGJS867qK51U63azou1y6Pj0mNVMSne0lmNHv19w6FjdpUIzufuM66z2QgbAkAOvPNCxPfWXAvCfiUKkegSpIw2OgZUo+sbFkMQtEOsNXSQ87Or1+s3/ItEwi/cayimCcmsT2Z5uQxTsg+Q=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ZD5Y63PS; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ZD5Y63PS"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-47d4029340aso55824775e9.3
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419652; x=1770024452;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=6qZ1xUJ54mMbB8pErA6j09+CFNiU+H8FmdGJP4FuLNw=;
        b=ZD5Y63PSeo3WID4PYJ0iTfsSSlRE2VuKdmqHItt0SFRMc0PhJphJBBUwRP9RXU2XPK
         eZ6YvODxKymNIx2aaoyJVRgNrtpI87PlgRQq49/Hj/+NumwhPm5Av3cxu0pWAVOfY5qw
         lW66zAEYM6MV0cZwRxJUDkE1hZ8rAWj8SDFhpwUx8FJOQLU6j0WFAKiB26e0gOVptfqh
         jcwwYa7RXc5OhNdMG7Kj4y8pRl+dTKlohnhYdHHHQdPrTunA7HFQbOGEBmyhwZfyvczc
         QtsqTo0MlgIj66RNjLO4YOzqx1FA8yfnTtx4MIpLrYG2EpxRX3WiEHzRaQElemNqb501
         hNAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419652; x=1770024452;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=6qZ1xUJ54mMbB8pErA6j09+CFNiU+H8FmdGJP4FuLNw=;
        b=bL+PiJ2QM6cCCNOl/zkPtF+wWqR/LmPiwikkw6FNGmwiFUZ7JxCJLGyY2S6NTAFWcu
         PIKZ/lWCUQfo/BvFQaG76Hlm4MLnDXjz2tIX0RJ0tzpG/q7gHHW94oDJ54dZDgc0Evn8
         aZimDXN90eJ8fO1XV2nKAHmxKJ3faSfLzhLKUi25+mmjiS0yGwvVaG+aJNNFnOfdbMkk
         MTX4yj6sJ7ittOhWXLL+2MWC8ku2uRrta4N9oZsK90mjDHvPEjduBgalxajtMRte8hCB
         9MYthEEhyMTDFSzTLLxAmeP2YlMrGdcNNudNbTeOwFR/S0DmRZ3QiGAlpnDlPORuuzwH
         TOHw==
X-Gm-Message-State: AOJu0YxCMToEj6HzJ81HhM/HBee/9yGI/xiD4IIXiETGR2NXqnqWYhxY
	yfxTUD+OA+HOPFV3SMN7/tuGJuHMrHKOrAvxJQvqhwQl+IA4g+EHPM/fG4TSjiAsZL0OvOuYjKd
	tPDTnzjhkrYZf16lGJbvdfSXRUcy5vIJbflIXAUoXYsv78EefZhv3ttuUMzNdJ9sCcc4/1lx1LC
	3777NfrP4UNZQd1XYrNsH9ALJHzPO4eBdgOA==
X-Received: from wmjx21.prod.google.com
 ([2002:a05:600c:21d5:b0:47d:86c6:ebc9])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:530e:b0:47e:de9c:92ec
 with SMTP id 5b1f17b1804b1-4805ce4e568mr62717135e9.14.1769419652622; Mon, 26
 Jan 2026 01:27:32 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:32 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1328; i=ardb@kernel.org;
 h=from:subject; bh=yjZnKOVkP/d2XQBthJ6Tfy6lESqeO+RAZPKDjSMcLNk=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2P3RrmdrBB/NvJp+yD+g/JFb6zYT/Wk8p612/lZou
 XuN0cWso5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExkgyLD//JNB8KNeT646Wy+
 JbN44ZlbW3+dtXz0a8nSTb0s7nvXu3kx/LPunPdhadYT+SmCvVP9ZleuVH52kyW33TX8bkZFm5t
 YDScA
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-13-ardb+git@google.com>
Subject: [PATCH v2 01/10] arm64: Move the zero page to rodata
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The zero page should contain only zero bytes, and so mapping it
read-write is unnecessary. Combine it with reserved_pg_dir, which lives
in the read-only region of the kernel, and already serves a similar
purpose.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
---
 arch/arm64/kernel/vmlinux.lds.S | 1 +
 arch/arm64/mm/mmu.c             | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.ld=
s.S
index ad6133b89e7a..b2a093f5b3fc 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -229,6 +229,7 @@ SECTIONS
 #endif
=20
 	reserved_pg_dir =3D .;
+	empty_zero_page =3D .;
 	. +=3D PAGE_SIZE;
=20
 	swapper_pg_dir =3D .;
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 9ae7ce00a7ef..c36422a3fae2 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -66,9 +66,8 @@ long __section(".mmuoff.data.write") __early_cpu_boot_sta=
tus;
=20
 /*
  * Empty_zero_page is a special page that is used for zero-initialized data
- * and COW.
+ * and COW. Defined in the linker script.
  */
-unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)] __page_al=
igned_bss;
 EXPORT_SYMBOL(empty_zero_page);
=20
 static DEFINE_SPINLOCK(swapper_pgdir_lock);
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6AA8F313E2E
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419659; cv=none;
 b=ECnP/jOuwzahIZZX/yyde8QisQEg/8wIewTFR7LxhV9mDpQUsc3l0Bx1BlN2yNyByXonV20IDOevhKtfkaJwWhZTxPDH3G0LqR5Abv4E6iM8VHQWkKGH7aZZt7Z9nDVLWH1NXchrJ7PiY5koA2s6udewMIFnUgS9wjT2dpmcnTs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419659; c=relaxed/simple;
	bh=HbJ+s9ERQpCPv7mfOKNuDHBNCAoRV1bfJEOnQf27PWE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=AGXnF7kKb9cCNqLgRcnJtjckw5ybY7PXLwAfu6OXwgYbfWgtL7N6zzx6NYFTMkGNIMiOTRgPEHQxaY/i3THi9OeAjK294px6pTAiCmZpj4eVgzMryhIUBrNJvkNC1fzdoqIRy1LlwgkHXdLPKaIIzLKSFxtxlnUgc2t3ItbPSqU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=H5fl+pEZ; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="H5fl+pEZ"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4803b4e3b9eso34378295e9.3
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419653; x=1770024453;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Ir5Ku/kBhV1xo3f4cYFTds8Jwvu5+ARQt7mXP3/a2YI=;
        b=H5fl+pEZQo4XnLRNWl92/D8/B14EWNMoWKjkGM5xBMZdSyr7ylUAlqy0SbU0R3xm/s
         +h3XB7Hvxur1QOdGCh4sIJfRIiFfNLyPMH+WJ2X+vL6wGm/jS8aMg6cJ5nz4mJzZ1Yoz
         Ik3JMuVvPWuoT3/te0U28Ie/+qQrLregUpZRnbjxDFG+8Z6Z5EwYubBihlwHWvchOJy3
         35aRhBDSY0fRtaW93qL31Ql0TV6rAYROXUtVy1ANyJDS1EpCd3hDuumeLHKvQb9Cu9JC
         IpP+BFtfB3XeJTBS1tvVcadPUiJG5ozuSogYc2cjLEK1C36XHDRFTaj2auBI59v/Hzin
         l3sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419653; x=1770024453;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Ir5Ku/kBhV1xo3f4cYFTds8Jwvu5+ARQt7mXP3/a2YI=;
        b=WzGqWG4UPjrMnZuiuRs9CI9Pf2ZTRPcwuHdK0bTffdwbALZ6MkL6aHMvn40A15VF2W
         demmFmcsCPxesumNUkPHZWjFWyqsXLEG+K9E2ACiXEJayf5gd/fqoiXJRsKTsZdFIeHf
         kiKb3lN16V6oGXbdoG6jt1kSr5qmrh+FcUSppkLuikFW1IDnvXTwMCMq/5Qt4Dbs1tW2
         jOK7PGYUgqAG0P99qJgfCZ2ik5vkXjqoZBxiLYK6LBZ+YA+M40zMB4EXR9LokafJIyRC
         wZgw9SBQFZkxwPQ4vl7MBCPKODHHZ/5bG+xe0vOmETqNM5hvnLSQ60eki+n3+Pq9oQft
         kPXg==
X-Gm-Message-State: AOJu0YyxnabrVu56t5UjwTxCnlMiEeGCHnZVqmqvph2x054xbByqtZc0
	uN8tUzOf9zN0uipXnrDczBpfKTxDZ3nnBMP8acIYmP0UbWqKHARCYPtsHabcYv5+GC+TTtLx1ga
	ozsNLJ9xPzLFAXiscKBscGpQRBTB9RmuNVYrYzLmhm/d6X8C/n605b/x2ZicSFjKbpSljZDH73d
	tJCTrnt7Ur1zU6mb199aIYfC82QyUcyRzO5Q==
X-Received: from wmcu2.prod.google.com ([2002:a7b:c042:0:b0:47e:e4a5:c5f2])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:a08c:b0:480:3a72:5c10
 with SMTP id 5b1f17b1804b1-4805ce4f010mr77377385e9.16.1769419653485; Mon, 26
 Jan 2026 01:27:33 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:33 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1953; i=ardb@kernel.org;
 h=from:subject; bh=pPbGakq4Y87FHZEohxgZxqjL2z9m2SzmfynlW86oFBs=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2OPan3+7fij8ksibeLlIhSWt4tJNvstbmdqFDO+zh
 Vs5Pm3vKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNJ1mL4H17OOzNlTmVlZV79
 +YvKLROfvd2wtjzTXW/xIa5XnZcW/WX4zb5FfJ5ThmXau6Mv2BbW9E99PtvpwHdeVv7LhyP8mrK
 3MAIA
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-14-ardb+git@google.com>
Subject: [PATCH v2 02/10] arm64: Move fixmap page tables to end of kernel
 image
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Move the fixmap page tables out of the BSS section, and place them at
the end of the image, right before the init_pg_dir section where some of
the other statically allocated page tables live.

These page tables are currently the only data objects in vmlinux that
are meant to be accessed via the kernel image's linear alias, and so
placing them together allows the remainder of the data/bss section to be
remapped read-only or unmapped entirely.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
---
 arch/arm64/kernel/vmlinux.lds.S | 5 +++++
 arch/arm64/mm/fixmap.c          | 7 ++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.ld=
s.S
index b2a093f5b3fc..c089b83308a5 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -335,6 +335,11 @@ SECTIONS
 	__pi___bss_start =3D __bss_start;
=20
 	. =3D ALIGN(PAGE_SIZE);
+	.pgdir : {
+		__pgdir_start =3D .;
+		*(.fixmap_bss)
+	}
+
 	__pi_init_pg_dir =3D .;
 	. +=3D INIT_DIR_SIZE;
 	__pi_init_pg_end =3D .;
diff --git a/arch/arm64/mm/fixmap.c b/arch/arm64/mm/fixmap.c
index c5c5425791da..b649ea1a46e4 100644
--- a/arch/arm64/mm/fixmap.c
+++ b/arch/arm64/mm/fixmap.c
@@ -31,9 +31,10 @@ static_assert(NR_BM_PMD_TABLES =3D=3D 1);
=20
 #define BM_PTE_TABLE_IDX(addr)	__BM_TABLE_IDX(addr, PMD_SHIFT)
=20
-static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __page_aligned_bss;
-static pmd_t bm_pmd[PTRS_PER_PMD] __page_aligned_bss __maybe_unused;
-static pud_t bm_pud[PTRS_PER_PUD] __page_aligned_bss __maybe_unused;
+#define __fixmap_bss	__section(".fixmap_bss") __aligned(PAGE_SIZE)
+static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __fixmap_bss;
+static pmd_t bm_pmd[PTRS_PER_PMD] __fixmap_bss __maybe_unused;
+static pud_t bm_pud[PTRS_PER_PUD] __fixmap_bss __maybe_unused;
=20
 static inline pte_t *fixmap_pte(unsigned long addr)
 {
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8AF2314B88
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419664; cv=none;
 b=fyOhjkiypC47/vxUi215dwKHRtaCqBQ0iPAV3KX4qjbRYqogr1z4YATpTwMbiSSRwtLzRKMWUxHxEaRS9dWchqP60/HDAvZAddkTNarcOdQFnsDYNn7dXLrjXot2RrqVKWeWGVCieqVRdUyZAonnZiqd8PhDMJomE5oyCuYbvEI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419664; c=relaxed/simple;
	bh=SDlEjyekYdAdgWCCN+ljk7uFaBBvdsahPV/SeWDyUAo=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=OqGC8poY7bTcNsRNHeTjrsDYcy+cZ19A+DsyBqnFfB7LZj8yDwh9kcUrcAW+7ipVhVoRZXTfnRoRmMXQwX1DEl9aUlaUhi4N9ZUTvIFu6dpHv1N4hD89s+eRIt6IQT+0X91iXI5ZFtkA5hQiufa45FpkMRvY1vsogXOUvzHvo4M=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=4Kwv/I8I; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="4Kwv/I8I"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-47edee0b11cso25598595e9.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419654; x=1770024454;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=eLShc81E/+Lme+gJ9JRioNlppj/hbf+/HE944re/X2I=;
        b=4Kwv/I8IJ+MyBFnRp2bCEq9KETW5xPjyHJcUC+AZxE7QjdDuurltozvL1qxU2EXnni
         3R0P2u+9EpmgNp0kPBcpW6elQC6aoScd7Abk6+g7GuA9DpKHdg7vU/tc2AP3H7pPUHSn
         UinQ/oiWIVTvmRamev6B8LvcXxMnyenNEnBpFL4QLywUJa6J+WwwogYtdW93nZY0C7hw
         cgKTztWYKnZXCbiYImCJhGnOBC/3uSzhCkz12AsR3lj7yWVqJEso9ZjPwzF9Dq9IojmH
         mOBGqIGJ1ug8ylGfhrfhoFxIQTvmWpCHfH2wPMf9EFabXg0XzK/u+eC9uLGVenZeCx45
         mNLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419654; x=1770024454;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=eLShc81E/+Lme+gJ9JRioNlppj/hbf+/HE944re/X2I=;
        b=NAPXjx2mvEephcMJTffGMtrzP4xzJ3+JZYWToo4zzaDaKIqG+KTHlXrS3ZrAj3+7lr
         O/IL0Qs//UkJKftBLT0I6mG6CW3HYMx+GR2kUWe/wjmUbzjUChRj0II7P/XEmrF3vF2k
         5bn5sgWiA8aKLdCj1XOyulwrPBjlF9ZyRfSYT3yKiOt/BAIgyVapKrUo0xRUWu+DaXsY
         P24XPQY65cLhtzUSxSnJG/ov0kHCPfV66yNQ7b0TcohzFRSSbofoouVj4MD39kYzpiCk
         TvM2DdbiD80kYbdk5hqFzaTC9HFwfTvrBKdvlKJ8sNoDqrukc5ny/vM1dJuDcFJog8AN
         NyEA==
X-Gm-Message-State: AOJu0Yx7AokiIHBeRUdlpbV9FSnucwiKXCIP8X1KHyoVsQqGyyTy5Yfu
	PEoShBdh8V2cCdkSrtx14EXLsdm4nI8ku80HR+ow+jDKAmLD+VfNs8EnGCiPVR9bImpwhZ5ZkJr
	BxHtfuSlNZWRzRg9Y9mzHvP8hREkmRV6lDa919ORztKyYUjsBmR4n9bp1OeeVUmT4ZGsLVAbaJ/
	ukymD64JPR61Mr5qcuYUtSWihBX/fvpvXEIA==
X-Received: from wmbjw6.prod.google.com
 ([2002:a05:600c:5746:b0:480:3842:3532])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4689:b0:47e:e78a:c831
 with SMTP id 5b1f17b1804b1-4805d0668famr63022225e9.36.1769419654312; Mon, 26
 Jan 2026 01:27:34 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:34 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=874; i=ardb@kernel.org;
 h=from:subject; bh=Gtkmu5xUf/IdJr0kiShY6X4TSbxJqYA0pGP5tteQQSc=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2EOMl1Oe+ZtxwpPOV9LiF4RXP+tbf+lo+TXjL389J
 m2duYmho5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzkSiQjQyt7cfCidwej5f/9
 5p7Qf1Jt4vfD9tERNyW+nXLVefgp8xkjw8lZxm6uxhc5n927XLbV0/fcU+dXx87Oeyi4gG+7QvH
 jeEYA
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-15-ardb+git@google.com>
Subject: [PATCH v2 03/10] arm64: mm: Permit contiguous descriptors to be
 rewritten
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Currently, pgattr_change_is_safe() is overly pedantic when it comes to
descriptors with the contiguous hint attribute set, as it rejects
assignments even if the old and the new value are the same.

So relax the check to allow that.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index c36422a3fae2..9d39de3cfe67 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -141,7 +141,7 @@ bool pgattr_change_is_safe(pteval_t old, pteval_t new)
 		return false;
=20
 	/* live contiguous mappings may not be manipulated at all */
-	if ((old | new) & PTE_CONT)
+	if ((old | new) & PTE_CONT && old !=3D new)
 		return false;
=20
 	/* Transitioning from Non-Global to Global is unsafe */
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1EF1314B64
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419663; cv=none;
 b=riZiDI0i6v9rd2EvDt79S1jrXp3bohJsC24cwhZtErtKUwkJsaYs6ciC197UkUKocy6PSrMTJ0ZWCjqNx3VVPF3g3M74blOZ+Ab3w6rN/b9n9Pl1S3MDqL6P/mdLf4Iu6bFILqYxh0Ku/cEk9LL0jEIkPdQt6k7mdCvYRwjOYBE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419663; c=relaxed/simple;
	bh=WN6YXntB7ynWmYDfMOyDTlCaEG9QY5IuBLboPg+a/7E=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=SQaTf6E1yDN3FUBAhmHcNdtfiRDgQTn1dmi9jddzc+PYSbfJif1G8/f12l0hVq/5TMLM6vqhuP/Onki12R/zBYEJIHAiSQu9xoqiHShtnrNjh8dEP3r/Gr9ZOlbbRMPysnTA362TZbHw/Ad/27NQkMRQlsNhEjx3fiFK8t3/UlU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=RLqPvPju; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="RLqPvPju"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4801c1056c7so28133975e9.2
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419655; x=1770024455;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=u1TMSr5rZgNu0o3nZo8UO5URLLTIdBmObavXa1u2Zj8=;
        b=RLqPvPjuOwRSD/DGmlq6YEpq+qGsPPmUTA2W9d9YL0DGyn8zeMhhyVY8+2MJ/gfjkT
         y1VZyIZmNVVgUth5cV6uDqS+WUqjMVsh4sZlNoToQh7gnYF1q1AajGuuzbQc8GAwvC9R
         AkQTJsC2onpq4aeXcvC5lSe/xFRDfaPUqSgOj3aFiuDbOPZDzbry5HplTgvaF/sKDgUj
         5h+lqJ9Avm4R5lqt9HWc8+ACR3+RCXiCQa4oSSkUXa3Z0ZmhHm5CCB80qLQ3FqG6wBBY
         s0jP28yij6ZRjifoWMvuc/ossdjHECRwoRtrNtR9ZDvWZsJA/CtgHUoo5u8hbbrmksXO
         vYbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419655; x=1770024455;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=u1TMSr5rZgNu0o3nZo8UO5URLLTIdBmObavXa1u2Zj8=;
        b=S8xolFMqlJ1+GgkRH9HyEFZczNQeZK/g/m7/dWPGujdVPrb2Ce5hy23vlE3I1ysRh7
         j4At62AvoggFOKBgNru0mRqIlAad8B4VEdMWdXhTdYDWNPYNqkr8xC4H6RCy/oVfwDSd
         vwE16ijSj6aI2csF8Akgpp9dyK8YfVZpJWJpdVTgtpheMS7/CAiJUnivgJ0vZ5Oh7WVZ
         Kl92mZqh/2PlESCU7wiXLURSasmaDex1/03mOQg452DDGkbbwUenm+YnwBe/wkbsP9Re
         CVF1FGzZgSMHoDKxqAalZFVUMuRqzykWq+tNSVMQNflo2Afr8OAJ1XM1ekPiT4b819Y6
         UVfw==
X-Gm-Message-State: AOJu0YyLnRwEWiXMmrc2L9Yc9TEdgrcAC4VP0y+6HA7gmRJkhoK3ytV1
	rXM6qcHUI8mQWt3XxZgyBZ8BTv5RF7xlYmBG6sfqQOI9B1usuW4FFNfWuzEPhiCacsci+LG6JtZ
	E508AKTg22qLiSQGpMyvMd8yFsDhfttDWkObXQQ9cJnDHr5hLFzIisO+i96je7Qi+VK3MghS1RR
	83zR+A3EE+yR+9zEsNz5sxCemu07Cb6WcONw==
X-Received: from wmqd15.prod.google.com
 ([2002:a05:600c:34cf:b0:480:4a03:7b65])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:820e:b0:477:9a28:b0a4
 with SMTP id 5b1f17b1804b1-480609fdeb9mr36093305e9.0.1769419655128; Mon, 26
 Jan 2026 01:27:35 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:35 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1290; i=ardb@kernel.org;
 h=from:subject; bh=EuE34ANBL0zVmq4k3+FqMRHYv5MWLB6u2FtpmZwmAd0=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2NP6wE/2nDvLTPL8JZbbO+74uCDvbPXcOZ0xtqJM7
 MeUfvR3lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInEWjH89zjjYLlk9/MzAj/s
 Ld5fusylOnFKjwdb/sa9yiqHVKNkJRgZ5gZzSKnMy3t55rdrWm7btM+br+6/bMRvz21dEsYnZdv
 NAgA=
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-16-ardb+git@google.com>
Subject: [PATCH v2 04/10] arm64: mm: Preserve existing table mappings when
 mapping DRAM
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of blindly overwriting an existing table entry when mapping DRAM
regions, take care not to replace a pre-existing table entry with a
block entry. This permits the logic of mapping the kernel's linear alias
to be simplified in a subsequent patch.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
---
 arch/arm64/mm/mmu.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 9d39de3cfe67..28cc3cda042c 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -262,7 +262,8 @@ static int init_pmd(pmd_t *pmdp, unsigned long addr, un=
signed long end,
=20
 		/* try section mapping first */
 		if (((addr | next | phys) & ~PMD_MASK) =3D=3D 0 &&
-		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
+		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0 &&
+		    !pmd_table(old_pmd)) {
 			pmd_set_huge(pmdp, phys, prot);
=20
 			/*
@@ -385,7 +386,8 @@ static int alloc_init_pud(p4d_t *p4dp, unsigned long ad=
dr, unsigned long end,
 		 */
 		if (pud_sect_supported() &&
 		   ((addr | next | phys) & ~PUD_MASK) =3D=3D 0 &&
-		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
+		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0 &&
+		    !pud_table(old_pud)) {
 			pud_set_huge(pudp, phys, prot);
=20
 			/*
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E902A314A6D
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419666; cv=none;
 b=RgJuyk3WWy2USq9dl27BT/rKzX8GfP2BufkjjoY876xCnTAwgZo2E34foeFRT2GnrUjcYR/1EQVj6CnlUrZ/86zQszeKCe+dz6qGFFuZqD+mGCXIjHVhAP8NHHdduhnkt8cDIdVH/B9l0gMpxuM3QDRJpB1MyxbFQ9tT6FhloR0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419666; c=relaxed/simple;
	bh=fJbjU4lPsrWz5rpCDXB8BW3dRsBQgJaUJe7WcXD0bIQ=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=iW4iiHr0RS8M9iLapvOHvtnoCpJ3TE1ciPQPmDNlTMGXUKaaBa8ugUeQnb5R8Vn1iWf7ntzbtvcy8+YHeLJqrNc5F64JHf6G9PmPswGjbRKCuHaBvEqGWivbFAsKGO+MQ8BtIR0E+A4fAh4u8udU2Q7ji9T1RFw3ZilqDTqoAOk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=jgBqTZdS; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="jgBqTZdS"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-4802bb29400so76518815e9.0
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419656; x=1770024456;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Q7QZsFTSOh849rOV6LRsDiE1RAQq4Vm6P1yBesuKlE0=;
        b=jgBqTZdSiYdvZ2BTP94nU2eax+aNYN+pTw+A4BeF1qblau5OvJ9/THTzI9qBXI1ySo
         syP9l6Eg5ufr8dt1sUDnblH+ern8pOiQW+3sqtX+m1SZ1zPvmFiT4H3f5eu876usDV1m
         FpbmtH5vjPqQWBS8o/xbeRM9g5wac2Eh4KjxyiOLSigRW1gFP3y+4mf+zD6zf5HhAD6V
         IVC7ZFfNkZN3QSACRAugiEJY8MIlwUj6bBqWHJW0RsiHtubXphTEavQGkrqCmW6zXnkX
         B+KJbatbf/Y3WuY0sQV86RfKwACO7iovfpWBKYy7YqHZ2Nuzx7ELenn9eyTHOPZ8RGcO
         T80g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419656; x=1770024456;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Q7QZsFTSOh849rOV6LRsDiE1RAQq4Vm6P1yBesuKlE0=;
        b=k207fFeXxOnXAEwPd0jEb74bENs/vilUD4KnkxVLBVWkW6/2FqAb+RiCZIS3ifOSiF
         tt5y80Tff9fgFHuUXYhLS7lr8irc/0FVm+3YWZ2JDmOo5CvooRNvuUA0G/zLxLGvLqxe
         rVcBN8A6dDClhua52BhOogjcHH1+TYLYteJzJ2zoHOR3NLRsplKfMQustL8WP25vl+Xr
         oSqUsVsQvj+F8jt08TW1hX+UvOANAh2WCuZtXA5XRfi2jXZn7dXESkDx3V+TErYUI9Fr
         mibQlBdy3fXN+vAzWbuF5wQI96u75bb42xal/GEKT9Z/J/Hn6uDD1P6Q7YgGlqEkTL/o
         BTXw==
X-Gm-Message-State: AOJu0YwhgtxdoJs3Jo7bigfnHDVjv2WgdfPa8nfM4Drok1LBU3wmoy8G
	rCoRIPdRvIJ0Ytt9o7CK3KDDnvhk4z57s7pjgb0T69G92RfYjdExxMXGpD6jk7kZXZPKlxPGZl/
	hBCo+D6HJvDWhmvtFhGaMPNfbLLx/XOZKKfnKeeHjqBl1QRry6oBFn7qBn2LMHckaVuSVK33eAy
	JgxIx0cJujxs9YAdgE+d+5iA2K4/DeujvIIA==
X-Received: from wmba22.prod.google.com
 ([2002:a05:600c:6dd6:b0:477:988a:7675])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4f43:b0:477:a54a:acba
 with SMTP id 5b1f17b1804b1-4805cf5f2b9mr73678575e9.17.1769419656035; Mon, 26
 Jan 2026 01:27:36 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:36 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2647; i=ardb@kernel.org;
 h=from:subject; bh=gTtNtodtCpnKfAIP/yDCxL7y5gOaP+fLKD5+ODcsG54=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2DP4c6/cvLuKPOWa81fyz1g4a51h+fLeU3u7soOsT
 nnqbnnfUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYS7cbwP99754VFqcZznjJ1
 Xu8xP5ztEZb8nnMu44t3UrWSFo//lzEybHsbpvN4084X24Xl5myK0lpz6udkN5MTqXyGJY8/3xR
 y4QMA
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-17-ardb+git@google.com>
Subject: [PATCH v2 05/10] arm64: mm: Preserve non-contiguous descriptors when
 mapping DRAM
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of blindly overwriting existing live entries with the contiguous
bit cleared when mapping DRAM regions, check whether the contiguous
region in question starts with a descriptor that has the valid bit set
and the contiguous bit cleared, and in that case, leave the contiguous
bit unset on the entire region. This permits the logic of mapping the
kernel's linear alias to be simplified in a subsequent patch.

Note that not setting the contiguous bit on any of the descriptors in
the contiguous region can only result in an invalid configuration if it
was already invalid to begin with.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
---
 arch/arm64/include/asm/pgtable.h | 4 ++++
 arch/arm64/mm/mmu.c              | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgta=
ble.h
index 64d5f1d9cce9..cb2c4525e49a 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -224,6 +224,10 @@ static inline pteval_t __phys_to_pte_val(phys_addr_t p=
hys)
  * Returns true if the pte is valid and has the contiguous bit set.
  */
 #define pte_valid_cont(pte)	(pte_valid(pte) && pte_cont(pte))
+/*
+ * Returns true if the pte is valid and has the contiguous bit cleared.
+ */
+#define pte_valid_noncont(pte)	(pte_valid(pte) && !pte_cont(pte))
 /*
  * Could the pte be present in the TLB? We must check mm_tlb_flush_pending
  * so that we don't erroneously return false for pages that have been
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 28cc3cda042c..d7faa98f427c 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -230,7 +230,8 @@ static int alloc_init_cont_pte(pmd_t *pmdp, unsigned lo=
ng addr,
=20
 		/* use a contiguous mapping if the range is suitably aligned */
 		if ((((addr | next | phys) & ~CONT_PTE_MASK) =3D=3D 0) &&
-		    (flags & NO_CONT_MAPPINGS) =3D=3D 0)
+		    (flags & NO_CONT_MAPPINGS) =3D=3D 0 &&
+		    !pte_valid_noncont(__ptep_get(ptep)))
 			__prot =3D __pgprot(pgprot_val(prot) | PTE_CONT);
=20
 		init_pte(ptep, addr, next, phys, __prot);
@@ -330,7 +331,8 @@ static int alloc_init_cont_pmd(pud_t *pudp, unsigned lo=
ng addr,
=20
 		/* use a contiguous mapping if the range is suitably aligned */
 		if ((((addr | next | phys) & ~CONT_PMD_MASK) =3D=3D 0) &&
-		    (flags & NO_CONT_MAPPINGS) =3D=3D 0)
+		    (flags & NO_CONT_MAPPINGS) =3D=3D 0 &&
+		    !pte_valid_noncont(pmd_pte(READ_ONCE(*pmdp))))
 			__prot =3D __pgprot(pgprot_val(prot) | PTE_CONT);
=20
 		ret =3D init_pmd(pmdp, addr, next, phys, __prot, pgtable_alloc, flags);
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38F87314D17
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419667; cv=none;
 b=EWaYZW2OWGVVDcGWsxHXOIz7ZjValEgIq82fS9yhTstRfZQFS7eKunID3Misou0Gc6L93ufGgHjECcOJP8U40JU2sJj5N0njlKROo8iuMFs5Z+G/Ph/6WO9IanGd3EJbQC4MLHYNtlfzdGjdl4ktf5BUgyN1q6vN/aEvO/uyx10=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419667; c=relaxed/simple;
	bh=aWvImcQIG2Lxet7GuE/7T19bLGTXrPIqmOHZ8YE7GsQ=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=WLCuWnmFfIxDgffRRxejcDvqWXzN54B5TTMtf9vTd6YZt8FjVsnNSNwOxwj44nJr2PFdSmQ1773TORcYvU5O5Ps+4m88vgRTyCJoSaF1F3/TR6rk68bKlGOrhiQrmyK34ZzFihG4zRXsWAV20W+jM4Bj+vIvPp6tcB9BkWlSY5A=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=RGOGKD2c; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="RGOGKD2c"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-47edf8ba319so41067885e9.2
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419657; x=1770024457;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=dus1eDjKV8+fyJlWa6CeOHr5Q8TfY7EJ7ksMCXuuvE8=;
        b=RGOGKD2cJDEe0CTcDGvkbUtum9duw3g+s9znv7LUz7k2nKjXjKJeE5vflHP1EWG0by
         Mo6BHwz3rBXDqp6YpdjKKrKPGIpVz33yQvni16gjG/uzpA8r9Z3+WmB678OpPrJitXkO
         p6lXxSfN7CMfoCJxsc6T43vz/a1aHkgUY5OEGEEJ7GkeF66b7I6YaTQ/falBLzsGwEYi
         ibQP0xqwQ0CnXkraQj+r792g0jXEnhUgpgg7BUC2TtY14/inN4ItF+z49Q5RZZSW9d9g
         t5fl9MRfjT8NGHAmxCXWbw/FMqxIZK7rDP/aq/yMufmw2pg/wB4Mad34Ai5mRFYFV7BX
         oi/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419657; x=1770024457;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=dus1eDjKV8+fyJlWa6CeOHr5Q8TfY7EJ7ksMCXuuvE8=;
        b=RyBRNo7uZdoDJtNoGt7GNhZGXXK8NKqK+tIbbgS8LjwDt8fpgLLxW0i8UKUP6T+469
         xepi8Db6786NjQUG0i32yCewuxutkbGFwwlbzV8qkFNu+t4C8eWQRjksLXteyWK0hFJK
         vCoDnQMVhVAAPaBqmJ6PQ/aytMbzs1Bk+avHk/0hivxE3QyJX3LsSw2khaEGBTycPVd7
         D39K75+j+C1E2DAjiaaBzDA+C6Y2N88g1phHDqSUxf/d2O2/gX+tePMocd4zBrVV3HfJ
         vrQiPv+/TGpKOG8rpQSYOzteW1WHWYswpfd7DLQz0U7TraMX6fAhZqghpl+6eMS9tmmy
         guug==
X-Gm-Message-State: AOJu0YxcvAwLaHE58ZIlPEiKsbwa7cLUazwqWKsfo/CrloOmIo0j11Wt
	lR0cWzRuat8miWtq7VcLzWX7TdRv7XQp/h+TJtK+x4uVWlw1DQ/fqveOUMVm+iDnzTs9xXRdpnX
	OeWBsUkalo5xUk3oIcILBGplP615dO1lweNDIQ2SzVGhCYgUrf0E5XZojttN7snp/dh+1/g4onL
	R4hPiUmR2t4cCeYYcinf9p9JCd1gRhtOKhKQ==
X-Received: from wmlf14.prod.google.com ([2002:a7b:c8ce:0:b0:480:4a03:7b6b])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:528d:b0:477:54cd:200e
 with SMTP id 5b1f17b1804b1-4805ce3f893mr62195305e9.1.1769419656709; Mon, 26
 Jan 2026 01:27:36 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:37 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=916; i=ardb@kernel.org;
 h=from:subject; bh=AbBNGoFlUmz8DhotcNagR6+hcZWJ6aqvLIQOSvGP0oY=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2Ctw67qkcsYnkz6HVyaIFV/R/hlm+kvXoVE7kZW7Y
 APXosqOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJEbfxn+R/2O9dR21crak6f7
 +c5MiwrF2xnXXYI4zDR6lOzKa4V2MPzTu6eudlBgRo3JnMb/EVvfGrmcsfoU/mC9Z4jaodsrJ+x
 jAwA=
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-18-ardb+git@google.com>
Subject: [PATCH v2 06/10] arm64: mm: Remove bogus stop condition from
 map_mem() loop
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The memblock API guarantees that start is not greater than or equal to
end, so there is no need to test it. And if were, it is doubtful that
breaking out of the loop would be a reasonable course of action here
(rather than attempting to map the remaining regions)

So let's drop this check.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
---
 arch/arm64/mm/mmu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index d7faa98f427c..377bdc4d84a1 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1158,8 +1158,6 @@ static void __init map_mem(pgd_t *pgdp)
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
-		if (start >=3D end)
-			break;
 		/*
 		 * The linear map must allow allocation tags reading/writing
 		 * if MTE is present. Otherwise, it has the same attributes as
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B804314D2B
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419669; cv=none;
 b=XNuNaKfMcqwYyPseUa3/8LfWxMSptEMaWXkxmjYcyV0/jDQBfrH8K53X7TaCLK6mrcJuVmE+95MlkrWcbVTiE961Xq3SBqNjnksh6F0LQZPAWnP3zZu03L0aPe+DjTQkBJe8KDyue61N1tj3z9TRoL7AqfMjR6Z+Saf/kBsb27Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419669; c=relaxed/simple;
	bh=L7cwOKvPXcZOjJ1SmTkNcTugFF5grDnvPTTvVyQz3Ic=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=AHEc8glb20Nm9nXcGT5mkD+SqNo4VEbR7fLz/z9cPFlDu1YtNi9kU5WHi4G9esCHhvGn8APFjhUoKHjKCWzZ5ncxnaqSHTpXSnzuD/irNBN2aP8WbU8qzb1UYBjV1DZdBJ8qI0hGjvIVHOa4PWqjqyd6p5EWXi8PybI5xGjHjUE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=v8k53LdU; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="v8k53LdU"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4801e2e3532so29092415e9.2
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419658; x=1770024458;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=6c13B4dAZW2mAGZnzKmX4nddpklZOgYUawWDxi2JBv4=;
        b=v8k53LdUdOb3QWY4/FWwKOcNXT9CYUoT5rOVay1W5GAKiIYHDcwm/9Ns9y7Ox2Rsfy
         g4kTTWqlx9MkH+6xAq1J71H/dQ73bTU2t1Bw28SCCmWZCo1s0xWTPwOkC3tCx+GHvEWt
         e1BTQ85z/0n55NsjzzIHu86ESZNu9H/jUgoxy8dn9aBAs1udZqh4JGKbp1sK1AwlBQiQ
         FbJT5nBHhmow3Roa2VF/iAlmd3PmkTBwLb0VIYcEiqjHGYOzSoMCDawhrZn/04cSdQ+D
         FMdGETDaafRz3Yzy5fH9N+aAfJuF7CqpodMuWdVu5MtIBHlQ0TfdRAgzbNapcWFN8PPU
         jJaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419658; x=1770024458;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=6c13B4dAZW2mAGZnzKmX4nddpklZOgYUawWDxi2JBv4=;
        b=tjY1mOvGFIgFI2QA+9OtXhUoSZUASgx15Vl427aXJ5Ndl5Od/5j8PF5aeiF8/k/l0W
         81ZtsLPUkijIiCR6Q+Xn8J5T7xM3/o4FF+iYOlMwiGur5zdoem5yfKpGp57uXL2vhHs4
         7VXRWWcIsKGvDPCqZyqDJlhOWeduox5Etgx/e1gQL1+Sa38Xs5E1woM4T7r7ie5qS+Mf
         CJQUnnj2KlzQbpA9ABnriUjZhsXwfl6hEmPjbO6Cs7hHlqRfEZGvFem0Rqfs1zjVcZ2s
         ZsMVOo+WVp/8b5Zh+xizYRT7/NX9voMc2kQfKITLpxSiTp2KM/bvPN32ePEGSJvStpYo
         wY5g==
X-Gm-Message-State: AOJu0YxoIx54qxRf6Gi2DlecLwSmzQu0CFZbImmiJivrFt7Ud7fIj7Pb
	fdbE/CFMTu6Ie7kOi5LxhOrYvtgsxKzONHJnT4L583jutbwigmgmlXgTZpcaC1Ki56eUdMIFh7X
	v9zdeCr5dpgPOn6x6XgBwME74A81phIuSR2YzP3LJ6aZCrRYtNKRJYgk+1z+1LP/4BY5+ilaTRM
	NASFGqp1mGPVYB0qgCHwp4aGq0YdQZlKyrwA==
X-Received: from wmbjw5.prod.google.com
 ([2002:a05:600c:5745:b0:477:7aa2:99cb])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4592:b0:46e:49fb:4776
 with SMTP id 5b1f17b1804b1-48063973de2mr13675465e9.11.1769419657809; Mon, 26
 Jan 2026 01:27:37 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:38 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3337; i=ardb@kernel.org;
 h=from:subject; bh=3Dm3E0e2jB3pb2AJ/LEeXuocNeiU12Y5ft9q6XhOB74=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2OuSwELFPPtn3tW6gekaj0/clPAoOR+hfaN7W0y1q
 lTWW76OUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJHNQQx/eO/+MwrUbC/XWVhk
 zVG5JVvZOvLKmcMbHqhvutM+RYzvDMMfzoLCiVmn310unfv/g/VMhmN756dHaPJc2rFMTOP9zg0
 a7AA=
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-19-ardb+git@google.com>
Subject: [PATCH v2 07/10] arm64: mm: Drop redundant pgd_t* argument from
 map_mem()
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

__map_memblock() and map_mem() always operate on swapper_pg_dir, so
there is no need to pass around a pgd_t pointer between them.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
---
 arch/arm64/mm/mmu.c | 25 ++++++++++----------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 377bdc4d84a1..80587cd47ce7 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1020,11 +1020,11 @@ static void update_mapping_prot(phys_addr_t phys, u=
nsigned long virt,
 	flush_tlb_kernel_range(virt, virt + size);
 }
=20
-static void __init __map_memblock(pgd_t *pgdp, phys_addr_t start,
-				  phys_addr_t end, pgprot_t prot, int flags)
+static void __init __map_memblock(phys_addr_t start, phys_addr_t end,
+				  pgprot_t prot, int flags)
 {
-	early_create_pgd_mapping(pgdp, start, __phys_to_virt(start), end - start,
-				 prot, early_pgtable_alloc, flags);
+	early_create_pgd_mapping(swapper_pg_dir, start, __phys_to_virt(start),
+				 end - start, prot, early_pgtable_alloc, flags);
 }
=20
 void __init mark_linear_text_alias_ro(void)
@@ -1072,13 +1072,13 @@ static phys_addr_t __init arm64_kfence_alloc_pool(v=
oid)
 	return kfence_pool;
 }
=20
-static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool, pgd_t *p=
gdp)
+static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool)
 {
 	if (!kfence_pool)
 		return;
=20
 	/* KFENCE pool needs page-level mapping. */
-	__map_memblock(pgdp, kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
+	__map_memblock(kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
 			pgprot_tagged(PAGE_KERNEL),
 			NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kfence_pool, KFENCE_POOL_SIZE);
@@ -1114,11 +1114,11 @@ bool arch_kfence_init_pool(void)
 #else /* CONFIG_KFENCE */
=20
 static inline phys_addr_t arm64_kfence_alloc_pool(void) { return 0; }
-static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool, pgd_t *p=
gdp) { }
+static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool) { }
=20
 #endif /* CONFIG_KFENCE */
=20
-static void __init map_mem(pgd_t *pgdp)
+static void __init map_mem(void)
 {
 	static const u64 direct_map_end =3D _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
@@ -1163,7 +1163,7 @@ static void __init map_mem(pgd_t *pgdp)
 		 * if MTE is present. Otherwise, it has the same attributes as
 		 * PAGE_KERNEL.
 		 */
-		__map_memblock(pgdp, start, end, pgprot_tagged(PAGE_KERNEL),
+		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
=20
@@ -1177,10 +1177,9 @@ static void __init map_mem(pgd_t *pgdp)
 	 * Note that contiguous mappings cannot be remapped in this way,
 	 * so we should avoid them here.
 	 */
-	__map_memblock(pgdp, kernel_start, kernel_end,
-		       PAGE_KERNEL, NO_CONT_MAPPINGS);
+	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
-	arm64_kfence_map_pool(early_kfence_pool, pgdp);
+	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
 void mark_rodata_ro(void)
@@ -1402,7 +1401,7 @@ static void __init create_idmap(void)
=20
 void __init paging_init(void)
 {
-	map_mem(swapper_pg_dir);
+	map_mem();
=20
 	memblock_allow_resize();
=20
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com
 [209.85.221.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5C7C30BB97
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419672; cv=none;
 b=qEHmN6aWPyHDetUNVAGPh8TjrfpEr3OiPmApdVkCMFdLELSsrMMjcRMeSEtUOQrFwXARyjY1R5mVDvy4ub0d1TxkqwXldaRhvBS+MFM7noLTjSw4Ec3FFnI92m/bREnDKeFjsEB1xyJPB1dXiEvNAzvtLaoD4ii+aHf2/tjJqhg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419672; c=relaxed/simple;
	bh=eOZxdfp+SkQpWoEGHHoNmGNt43Cj2bFHD64PO1PoxcY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=sREgTYZioGBJHCCDgH6vn0gX+87Z7p9dfnUaFSBsgzf5NheaXjjwFvbCZAjOnJgvqLNcnjA60Qd3nbjjasqRWan7KEhmyNDs2S+Ip2RTHN/qyjZGF1sW81O1XxjSwb1sdX0ZNzaPjtD1F9TuuG/d/QYpoWdpTE0XoZSkHHIKNSk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=HzTPL8u0; arc=none smtp.client-ip=209.85.221.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="HzTPL8u0"
Received: by mail-wr1-f74.google.com with SMTP id
 ffacd0b85a97d-43591aacca2so3425790f8f.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419659; x=1770024459;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=b8bN9+0hC3i3UFjsrkDr4IprbTkXXnydf0YR/5ee3vw=;
        b=HzTPL8u0DUBdBDXktsLag4GAIbWhhkRukNPTDCTT19lJX+hDu25JOHipxeql9DyYPD
         cK688SHicVfHWwXiU+IayRY1HGmNQr89DLw79ZOcWeFfA0a9cf1Xe8RoWWMKKGRKghjE
         whyKdNo5UFj610lJpOK8pYgVE43xGnZa9P4qxDgUuxF7uOdmAUF4Psp1jlfElEZcCgHi
         ijIhrwPIskSgigQS5gIgPTVzmLjfS2yCXQ9ozDNa7KtAUNLhnZxcYXxr8/EMsSqbuA1Q
         E5G71YQaIvM/1rBu6k38OTg8yzvNPMVYjGuC6IjYyTbcAgc3KPS07QsraQHT2Ztc+IPV
         9N3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419659; x=1770024459;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=b8bN9+0hC3i3UFjsrkDr4IprbTkXXnydf0YR/5ee3vw=;
        b=u0wqd+MkjaDmzLxHuy6iDh7bXTU8AQ1kIyTCcbY9OnROq6vY29pWcqBtEt0ET5J7mF
         JvGr9zeiKewSmfhM70EiYHJwwWcaOo+VDIwZS78wlg/+mLbh/VsMfQAOfmtQl6kNtO0n
         mcJVoxpg1zRIPdpHvePiHfJn77j69zRpBrm6o1+gk1NW/m0/tJ67jYJjSTQvsuhfkAJz
         wxzLqNaP5MoDTAFOLslVXIgQ+pfv0YjoRXiKBEujIhOmql0Y6HvSyP7SIvVzKvVpKaj3
         FXx/Mv4ZRg085s3Mb+0dc7HhV6pt0wPufkdnvbdtxjVcgghwvYQre5UJ+eh6mW5FR+Kl
         DbAw==
X-Gm-Message-State: AOJu0YxcfwCB9mhUI0HUkYV5kre08mJUJjgiUHpXv2QJXukbo5cvNKDy
	ipicaV5SMZaM6VXhXtPQnf3USVT71haBMy3miE7kTqoq8rx5WKKUMHhl7pG4UBf082tFuyu0ZVk
	RW1KeBhiHGlJ2lTQKF6tM35fF/poigUYMnaKNpyw/naqS2BPlGNRjnrd7yrrkbfDXemHmDcfvf3
	9wamGzVHU9SCElETw2CS840iINrhjK9Vu4PA==
X-Received: from wrbdr5.prod.google.com ([2002:a5d:5f85:0:b0:432:88c1:541b])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a5d:5d13:0:b0:431:3a5:d9b2
 with SMTP id ffacd0b85a97d-435ca118f36mr6760253f8f.39.1769419658842; Mon, 26
 Jan 2026 01:27:38 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:39 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2557; i=ardb@kernel.org;
 h=from:subject; bh=rmNx3d+lMCnRD7RyRmlDmsqGvXRKVebRVRFOk/lmgBM=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2Ht90uP/C7a8ZzjyqPW2xDP/95rlGYwt6qU+phEnL
 px4eD6lo5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwk6BMjw5GoSb/fmtytkImd
 eHq7FbuE3cT6f/frWTyZ3XeefH+Wcw0jw/nZt/eXOC9L5jR185u4va11Jwd33uYWuSBv5xkpTtp
 /WAA=
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-20-ardb+git@google.com>
Subject: [PATCH v2 08/10] arm64: mm: Don't abuse memblock NOMAP to check for
 overlaps
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the DRAM mapping routines respect existing table mappings and
contiguous block and page mappings, it is no longer needed to fiddle
with the memblock tables to set and clear the NOMAP attribute. Instead,
map the kernel text and rodata alias first, avoiding contiguous
mappings, so that they will not be added later when mapping the
memblocks.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 27 ++++++++------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 80587cd47ce7..18415d4743bf 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1149,12 +1149,17 @@ static void __init map_mem(void)
 		flags |=3D NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
=20
 	/*
-	 * Take care not to create a writable alias for the
-	 * read-only text and rodata sections of the kernel image.
-	 * So temporarily mark them as NOMAP to skip mappings in
-	 * the following for-loop
+	 * Map the linear alias of the [_text, __init_begin) interval
+	 * as non-executable now, and remove the write permission in
+	 * mark_linear_text_alias_ro() above (which will be called after
+	 * alternative patching has completed). This makes the contents
+	 * of the region accessible to subsystems such as hibernate,
+	 * but protects it from inadvertent modification or execution.
+	 * Note that contiguous mappings cannot be remapped in this way,
+	 * so we should avoid them here.
 	 */
-	memblock_mark_nomap(kernel_start, kernel_end - kernel_start);
+	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL,
+		       flags | NO_CONT_MAPPINGS);
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
@@ -1167,18 +1172,6 @@ static void __init map_mem(void)
 			       flags);
 	}
=20
-	/*
-	 * Map the linear alias of the [_text, __init_begin) interval
-	 * as non-executable now, and remove the write permission in
-	 * mark_linear_text_alias_ro() below (which will be called after
-	 * alternative patching has completed). This makes the contents
-	 * of the region accessible to subsystems such as hibernate,
-	 * but protects it from inadvertent modification or execution.
-	 * Note that contiguous mappings cannot be remapped in this way,
-	 * so we should avoid them here.
-	 */
-	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, NO_CONT_MAPPINGS);
-	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2B36314B78
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419668; cv=none;
 b=gUrg5qWUXafyX7sQyD7yi6d/dkXf6kG57NSVgpId40P4EFW8rv8ntUgT9mdd6EWS9ojAWPAcmEDCCetllpGgm4SLGqh09URIjjUpwb1zUpPndRF07KDSegXX1wsFCgRdexew+rKV5Rl6y6D5aJRQat569A+vNGr6V5qJi5eQjNo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419668; c=relaxed/simple;
	bh=Gxq4ie03bv9H1pRh3OM+DBK3rL8bxlKAHagD9uGKsVw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=KRLUjv3WXjpSMNDS0ly4KFd8EZCPIVc2kQOVzhVw7h+m8CiR0CmVu0j5O1YQdpc56PpEtzavq6/bjp8jyQhiskiDri4KkOyIcOdeLLQh7gFvjvYEm3iwZgWAG2dSk8b5NtnYgCOMqq1g2NUspvXWUYZwCKAoNMKmbOCQVORHyTM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Ap5IDeU1; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Ap5IDeU1"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-47d62cc05daso41419045e9.3
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419660; x=1770024460;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=qFepSabf96QcVfXCKhTiM0/xD6vjSZxLElXj77bKxb0=;
        b=Ap5IDeU1nUozan2BOaUVG3wo1hJ+VdqpjtDvftHp6RLZMVQlKi2NE+4hi7JYlNmgMi
         4IkWzjolexttRk5Gqv1HljqRPWVVpHIyNvIdxx2Jl9Bomi0a1WqZQ9GvS1VDA+8Gxl+U
         IrsOtrQwYbcmUsEXNaDm0vEYl0Srmfe0TQbqjFCO3USR1BfA4W8K/2TOg5PRqs2NWIyv
         PPgBu9A5ZMV93nGtjRz1qj609sC4fEC5Y0e8lqnui7paMcWggCXTS/6IseirEmLN/B7E
         BtZNxptJTgWvSNUwBgMXHmnSxjtyAg12b3tZ27Po7OTsCqg2gbiICnzt9rzvKj4W6m+k
         OXgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419660; x=1770024460;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=qFepSabf96QcVfXCKhTiM0/xD6vjSZxLElXj77bKxb0=;
        b=QCdtLZ4UM0JGGyOdv+7vl7bltWOwKVSU+k0FKJ+ngczfHav+mbdpFsRoos3X1mrwEH
         fNisxJN0JEbQCaQBV1RasV2quDgW+zmMBrWNmImQUt/TWiiFoQuUbiSmD++jA8LfHl/f
         6dvR9Wl14wkqfzNd9Jo1myiBCucgPw2B/qObw/UnqQdxSLJj0ljs+0viIUAMGuuLGzP9
         N48GXxAfO1n8e/6P0xgiy2RPlg0VsPyzw0HIrb9Ruf6zqsZUDrDdfJ0e6jkejnwSDnXi
         2iR3o5dv47BCplmyBGnujux9l6gn8zV77svPp7Ox9H7HFZRqZVNTcB/LnrdzRMPll7pA
         jX+A==
X-Gm-Message-State: AOJu0YwG4LyDeq5yRJRIE4qK5n6xTrdsu7QVHW1g6L4OC7ilytsqCHgY
	i0BX2Kv8ugiPq9+zyPCke+lF1CsyrCGpSHXoBOMJuVrQoXyaSpKHnJSYyq9vNg0gkDsuUGDQXy+
	Dl6o07PDPf1EknowBkqAPA7l663r/oeOA2gsR1CEiLhu3yt/wqtn8+4aPoP3DwhI5R7Y8DewS8x
	WlXTNALGs+uPSenvW9m1M8WNTh2yEjabcqgw==
X-Received: from wmlz11.prod.google.com
 ([2002:a05:600c:220b:b0:47d:8744:3dc3])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4f8e:b0:45d:d97c:236c
 with SMTP id 5b1f17b1804b1-4805cf6699cmr52231985e9.21.1769419659870; Mon, 26
 Jan 2026 01:27:39 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:40 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2789; i=ardb@kernel.org;
 h=from:subject; bh=jiHSf63B3FCpPY5LRg5zb9pMV7UOm8DsB0K5QVCNRaU=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2PvMs/ffLc8t0UhLlfXbtjQx61Xhpd9aidZnP7BJe
 a3lidXtKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABN51MXwz0quV/X2CbNbF+fy
 zWmfb8/PosuzbKH55rsCnUf0XFObfRkZpuns+C7x8Nb8GRsO3Z0lduATA0vcHI4NP3wiZ77cf3R
 jExsA
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-21-ardb+git@google.com>
Subject: [PATCH v2 09/10] arm64: mm: Map the kernel data/bss read-only in the
 linear map
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

On systems where the bootloader adheres to the original arm64 boot
protocol, the placement of the kernel in the physical address space is
highly predictable, and this makes the placement of its linear alias in
the kernel virtual address space equally predictable, given the lack of
randomization of the linear map.

The linear aliases of the kernel text and rodata regions are already
mapped read-only, but the kernel data and bss are mapped read-write in
this region. This is not needed, so map them read-only as well.

Note that the statically allocated kernel page tables do need to be
modifiable via the linear map, so leave these mapped read-write.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/include/asm/sections.h |  1 +
 arch/arm64/mm/mmu.c               | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/sections.h b/arch/arm64/include/asm/sec=
tions.h
index 51b0d594239e..f7fe2bcbfd03 100644
--- a/arch/arm64/include/asm/sections.h
+++ b/arch/arm64/include/asm/sections.h
@@ -23,6 +23,7 @@ extern char __irqentry_text_start[], __irqentry_text_end[=
];
 extern char __mmuoff_data_start[], __mmuoff_data_end[];
 extern char __entry_tramp_text_start[], __entry_tramp_text_end[];
 extern char __relocate_new_kernel_start[], __relocate_new_kernel_end[];
+extern char __pgdir_start[];
=20
 static inline size_t entry_tramp_text_size(void)
 {
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 18415d4743bf..fdbbb018adc5 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1122,7 +1122,9 @@ static void __init map_mem(void)
 {
 	static const u64 direct_map_end =3D _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
-	phys_addr_t kernel_end =3D __pa_symbol(__init_begin);
+	phys_addr_t init_begin =3D __pa_symbol(__init_begin);
+	phys_addr_t init_end =3D __pa_symbol(__init_end);
+	phys_addr_t kernel_end =3D __pa_symbol(__pgdir_start);
 	phys_addr_t start, end;
 	phys_addr_t early_kfence_pool;
 	int flags =3D NO_EXEC_MAPPINGS;
@@ -1158,7 +1160,9 @@ static void __init map_mem(void)
 	 * Note that contiguous mappings cannot be remapped in this way,
 	 * so we should avoid them here.
 	 */
-	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL,
+	__map_memblock(kernel_start, init_begin, PAGE_KERNEL,
+		       flags | NO_CONT_MAPPINGS);
+	__map_memblock(init_end, kernel_end, PAGE_KERNEL,
 		       flags | NO_CONT_MAPPINGS);
=20
 	/* map all the memory banks */
@@ -1172,6 +1176,8 @@ static void __init map_mem(void)
 			       flags);
 	}
=20
+	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO,
+		       flags | NO_CONT_MAPPINGS);
 	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
--=20
2.52.0.457.g6b5491de43-goog
From nobody Sat Feb  7 19:41:36 2026
Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com
 [209.85.221.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70B78315767
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 09:27:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769419670; cv=none;
 b=UvJlHNQH8ehHCGP41E1pR9dUp1xOkQ3FIFDGHQcbYs7Dp5FPjKArC8jgnnkJjhLARQpV593IElAxsGVcXW+c7T77RwVvcvZGlLpbLN7bX9pw8G4HA/Sh9JTWOixXRtLQza0BFraaA3GHzFmxpuD24NhBD81C2s6jsiWqRrLMTcc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769419670; c=relaxed/simple;
	bh=Snsr3mPolXFOYkb1Z7QiTuDKvZ7CWWWgvwtzOf//RaI=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=uiamahEmAW+YQkjIuNgQ4hpQ1/EXCziAqEOc2QVrLG033N77D0AvYBg07Rh/Dnn1tWL2dnVKpQdieLB6go69ImdcI6urzZ4wyU9AtF+SdPPgK5b49dfSOCwEQKgRA3n462bCI9GNZgzpeI9bQBRIL+8gIHkhSSg09+/7c9r18VI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=0NFcM/4E; arc=none smtp.client-ip=209.85.221.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="0NFcM/4E"
Received: by mail-wr1-f73.google.com with SMTP id
 ffacd0b85a97d-4325aa61c6bso3282443f8f.0
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 01:27:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769419661; x=1770024461;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=yZdZOMr7ZD3YwJoCt91zHhXUsqIB0kktLgOb3PAMNCk=;
        b=0NFcM/4ERqE5OgzI+3MO1lGFB0qy+tcLqiHDcchYqUW8bxObkLvhXU2OMkbfa/I3um
         voF3Aytji6EfJfqEh5HOgnCL17s3ZmxFj5zNvtKFA/HMixZRSjaYWQeW3/j5dKTjVgtE
         jnDM/+2sbJHHjS1DkH4ikYKt4hIAMds7z0iLsrEMzYUxHlS0vzxaAFXl0BXl3tC6YkWX
         uKhl5OYDufxsBs3lNfhHZND7KL9Do9gmAWibAwv8Y/2DudautdN9vDnS6urf7rp19j42
         acwuFKTRQ+Blv+m+NFzsYiR39xJw7DP18AVvUPSp2CDnT8BanHEZqMoBLV6GlMM1LPto
         Jk/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769419661; x=1770024461;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=yZdZOMr7ZD3YwJoCt91zHhXUsqIB0kktLgOb3PAMNCk=;
        b=PrviPq+gqYuHj5AMPldYxAKzZzM1icK/Z9pIG3GgYqs0iwF5r/vwlEqujeg6BFAdBB
         0YdXoBcYmSfvtcVReZt4qQOIgFzP3Y3jW+vywoWdZaq1skE6MS5j+zDG/quq7tHMIfQn
         +KNqyQlxorC6v4f9vJZIT1cQwdBfvYhTOd38S/SmqVMi2v0LWqf2sugZAFOKhiHVl8iw
         ay4rPEfG7bZ1kkh020H85eVoO3NQD/AETA11rhTI977Fq0l5aivGTgYeJs5nhFf79tZ9
         w1OudZtda0bgaIptcIijvfTQc5NcPXNWvrIFxQNmI7aOMeASb5AULANWYVGrbPeJ838s
         Uxlw==
X-Gm-Message-State: AOJu0YzSIKd9D8v2AfS1C4LWAc+TSdxpGn2nk9YMN0t3443UpfCSqK1e
	JTbxYuVJBmPVQaTytYaLgH031mWgUzLtXPMgRYZDLq7huFWVZSK+p4swH2Q1QLdcqWOZ6RwqO1d
	TEFybMNNI6/u+C4YJjw+YZYt+dotVosEEwCly2WmYk4sKUm1uHpzh9iIoDF8qlj15HpppCIbPwk
	anSZt/+oaCLrx1JjdjgGJgLBOTam+LqGLpcw==
X-Received: from wrzj36.prod.google.com ([2002:a5d:6e64:0:b0:435:9c10:fc67])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6000:2404:b0:435:8aa1:ff4d
 with SMTP id ffacd0b85a97d-435ca0ef8a3mr5885706f8f.22.1769419660699; Mon, 26
 Jan 2026 01:27:40 -0800 (PST)
Date: Mon, 26 Jan 2026 10:26:41 +0100
In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260126092630.1800589-12-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3150; i=ardb@kernel.org;
 h=from:subject; bh=F75QV7Me+l51GTWjnCoV9En3fFQSXyPjTPLkcCDZb5k=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2Gemlo8A9wThkJRzGY6PJTzf2MoqLFcKrppoVuQhs
 NAstq6jlIVBjItBVkyRRWD233c7T0+UqnWeJQszh5UJZAgDF6cATKSohJHhc4ORyLascs43x3uf
 35Jr3LtsAV+q9K0/TMrOVoJ7G44kMjIsj5DZImpT/axLMlbhis6iO/Zz9tq5nVnIP9ko1zObxYY
 FAA==
X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog
Message-ID: <20260126092630.1800589-22-ardb+git@google.com>
Subject: [PATCH v2 10/10] arm64: mm: Unmap kernel data/bss entirely from the
 linear map
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The linear aliases of the kernel text and rodata are mapped read-only in
the linear map as well. Given that the contents of these regions are
mostly identical to the version in the loadable image, mapping them
read-only and leaving their contents visible is a reasonable hardening
measure.

Data and bss, however, are now also mapped read-only but the contents of
these regions are more likely to contain data that we'd rather not leak.
So let's unmap these entirely in the linear map when the kernel is
running normally.

When going into hibernation or waking up from it, these regions need to
be mapped, so map the region initially, and toggle the valid bit so
map/unmap the region as needed.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 40 ++++++++++++++++++--
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index fdbbb018adc5..06b2d11b4561 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -24,6 +24,7 @@
 #include <linux/mm.h>
 #include <linux/vmalloc.h>
 #include <linux/set_memory.h>
+#include <linux/suspend.h>
 #include <linux/kfence.h>
 #include <linux/pkeys.h>
 #include <linux/mm_inline.h>
@@ -1027,6 +1028,31 @@ static void __init __map_memblock(phys_addr_t start,=
 phys_addr_t end,
 				 end - start, prot, early_pgtable_alloc, flags);
 }
=20
+static void remap_linear_data_alias(bool unmap)
+{
+	set_memory_valid((unsigned long)lm_alias(__init_end),
+			 (unsigned long)(__pgdir_start - __init_end) / PAGE_SIZE,
+			 !unmap);
+}
+
+static int arm64_hibernate_pm_notify(struct notifier_block *nb,
+				     unsigned long mode, void *unused)
+{
+	switch (mode) {
+	default:
+		break;
+	case PM_POST_HIBERNATION:
+	case PM_POST_RESTORE:
+		remap_linear_data_alias(true);
+		break;
+	case PM_HIBERNATION_PREPARE:
+	case PM_RESTORE_PREPARE:
+		remap_linear_data_alias(false);
+		break;
+	}
+	return 0;
+}
+
 void __init mark_linear_text_alias_ro(void)
 {
 	/*
@@ -1035,6 +1061,16 @@ void __init mark_linear_text_alias_ro(void)
 	update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text),
 			    (unsigned long)__init_begin - (unsigned long)_text,
 			    PAGE_KERNEL_RO);
+
+	remap_linear_data_alias(true);
+
+	if (IS_ENABLED(CONFIG_HIBERNATION)) {
+		static struct notifier_block nb =3D {
+			.notifier_call =3D arm64_hibernate_pm_notify
+		};
+
+		register_pm_notifier(&nb);
+	}
 }
=20
 #ifdef CONFIG_KFENCE
@@ -1163,7 +1199,7 @@ static void __init map_mem(void)
 	__map_memblock(kernel_start, init_begin, PAGE_KERNEL,
 		       flags | NO_CONT_MAPPINGS);
 	__map_memblock(init_end, kernel_end, PAGE_KERNEL,
-		       flags | NO_CONT_MAPPINGS);
+		       flags | NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS);
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
@@ -1176,8 +1212,6 @@ static void __init map_mem(void)
 			       flags);
 	}
=20
-	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO,
-		       flags | NO_CONT_MAPPINGS);
 	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
--=20
2.52.0.457.g6b5491de43-goog