From nobody Sun Feb 8 17:37:05 2026 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5C7C30BB97 for ; Mon, 26 Jan 2026 09:27:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769419672; cv=none; b=qEHmN6aWPyHDetUNVAGPh8TjrfpEr3OiPmApdVkCMFdLELSsrMMjcRMeSEtUOQrFwXARyjY1R5mVDvy4ub0d1TxkqwXldaRhvBS+MFM7noLTjSw4Ec3FFnI92m/bREnDKeFjsEB1xyJPB1dXiEvNAzvtLaoD4ii+aHf2/tjJqhg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769419672; c=relaxed/simple; bh=eOZxdfp+SkQpWoEGHHoNmGNt43Cj2bFHD64PO1PoxcY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=sREgTYZioGBJHCCDgH6vn0gX+87Z7p9dfnUaFSBsgzf5NheaXjjwFvbCZAjOnJgvqLNcnjA60Qd3nbjjasqRWan7KEhmyNDs2S+Ip2RTHN/qyjZGF1sW81O1XxjSwb1sdX0ZNzaPjtD1F9TuuG/d/QYpoWdpTE0XoZSkHHIKNSk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=HzTPL8u0; arc=none smtp.client-ip=209.85.221.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="HzTPL8u0" Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-43591aacca2so3425790f8f.1 for ; Mon, 26 Jan 2026 01:27:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769419659; x=1770024459; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=b8bN9+0hC3i3UFjsrkDr4IprbTkXXnydf0YR/5ee3vw=; b=HzTPL8u0DUBdBDXktsLag4GAIbWhhkRukNPTDCTT19lJX+hDu25JOHipxeql9DyYPD cK688SHicVfHWwXiU+IayRY1HGmNQr89DLw79ZOcWeFfA0a9cf1Xe8RoWWMKKGRKghjE whyKdNo5UFj610lJpOK8pYgVE43xGnZa9P4qxDgUuxF7uOdmAUF4Psp1jlfElEZcCgHi ijIhrwPIskSgigQS5gIgPTVzmLjfS2yCXQ9ozDNa7KtAUNLhnZxcYXxr8/EMsSqbuA1Q E5G71YQaIvM/1rBu6k38OTg8yzvNPMVYjGuC6IjYyTbcAgc3KPS07QsraQHT2Ztc+IPV 9N3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769419659; x=1770024459; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=b8bN9+0hC3i3UFjsrkDr4IprbTkXXnydf0YR/5ee3vw=; b=u0wqd+MkjaDmzLxHuy6iDh7bXTU8AQ1kIyTCcbY9OnROq6vY29pWcqBtEt0ET5J7mF JvGr9zeiKewSmfhM70EiYHJwwWcaOo+VDIwZS78wlg/+mLbh/VsMfQAOfmtQl6kNtO0n mcJVoxpg1zRIPdpHvePiHfJn77j69zRpBrm6o1+gk1NW/m0/tJ67jYJjSTQvsuhfkAJz wxzLqNaP5MoDTAFOLslVXIgQ+pfv0YjoRXiKBEujIhOmql0Y6HvSyP7SIvVzKvVpKaj3 FXx/Mv4ZRg085s3Mb+0dc7HhV6pt0wPufkdnvbdtxjVcgghwvYQre5UJ+eh6mW5FR+Kl DbAw== X-Gm-Message-State: AOJu0YxcfwCB9mhUI0HUkYV5kre08mJUJjgiUHpXv2QJXukbo5cvNKDy ipicaV5SMZaM6VXhXtPQnf3USVT71haBMy3miE7kTqoq8rx5WKKUMHhl7pG4UBf082tFuyu0ZVk RW1KeBhiHGlJ2lTQKF6tM35fF/poigUYMnaKNpyw/naqS2BPlGNRjnrd7yrrkbfDXemHmDcfvf3 9wamGzVHU9SCElETw2CS840iINrhjK9Vu4PA== X-Received: from wrbdr5.prod.google.com ([2002:a5d:5f85:0:b0:432:88c1:541b]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:5d13:0:b0:431:3a5:d9b2 with SMTP id ffacd0b85a97d-435ca118f36mr6760253f8f.39.1769419658842; Mon, 26 Jan 2026 01:27:38 -0800 (PST) Date: Mon, 26 Jan 2026 10:26:39 +0100 In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260126092630.1800589-12-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2557; i=ardb@kernel.org; h=from:subject; bh=rmNx3d+lMCnRD7RyRmlDmsqGvXRKVebRVRFOk/lmgBM=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2Ht90uP/C7a8ZzjyqPW2xDP/95rlGYwt6qU+phEnL px4eD6lo5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEwk6BMjw5GoSb/fmtytkImd eHq7FbuE3cT6f/frWTyZ3XeefH+Wcw0jw/nZt/eXOC9L5jR185u4va11Jwd33uYWuSBv5xkpTtp /WAA= X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260126092630.1800589-20-ardb+git@google.com> Subject: [PATCH v2 08/10] arm64: mm: Don't abuse memblock NOMAP to check for overlaps From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Anshuman Khandual , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel Now that the DRAM mapping routines respect existing table mappings and contiguous block and page mappings, it is no longer needed to fiddle with the memblock tables to set and clear the NOMAP attribute. Instead, map the kernel text and rodata alias first, avoiding contiguous mappings, so that they will not be added later when mapping the memblocks. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 27 ++++++++------------ 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 80587cd47ce7..18415d4743bf 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1149,12 +1149,17 @@ static void __init map_mem(void) flags |=3D NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS; =20 /* - * Take care not to create a writable alias for the - * read-only text and rodata sections of the kernel image. - * So temporarily mark them as NOMAP to skip mappings in - * the following for-loop + * Map the linear alias of the [_text, __init_begin) interval + * as non-executable now, and remove the write permission in + * mark_linear_text_alias_ro() above (which will be called after + * alternative patching has completed). This makes the contents + * of the region accessible to subsystems such as hibernate, + * but protects it from inadvertent modification or execution. + * Note that contiguous mappings cannot be remapped in this way, + * so we should avoid them here. */ - memblock_mark_nomap(kernel_start, kernel_end - kernel_start); + __map_memblock(kernel_start, kernel_end, PAGE_KERNEL, + flags | NO_CONT_MAPPINGS); =20 /* map all the memory banks */ for_each_mem_range(i, &start, &end) { @@ -1167,18 +1172,6 @@ static void __init map_mem(void) flags); } =20 - /* - * Map the linear alias of the [_text, __init_begin) interval - * as non-executable now, and remove the write permission in - * mark_linear_text_alias_ro() below (which will be called after - * alternative patching has completed). This makes the contents - * of the region accessible to subsystems such as hibernate, - * but protects it from inadvertent modification or execution. - * Note that contiguous mappings cannot be remapped in this way, - * so we should avoid them here. - */ - __map_memblock(kernel_start, kernel_end, PAGE_KERNEL, NO_CONT_MAPPINGS); - memblock_clear_nomap(kernel_start, kernel_end - kernel_start); arm64_kfence_map_pool(early_kfence_pool); } =20 --=20 2.52.0.457.g6b5491de43-goog