From nobody Sun Feb 8 12:18:48 2026 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70B78315767 for ; Mon, 26 Jan 2026 09:27:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769419670; cv=none; b=UvJlHNQH8ehHCGP41E1pR9dUp1xOkQ3FIFDGHQcbYs7Dp5FPjKArC8jgnnkJjhLARQpV593IElAxsGVcXW+c7T77RwVvcvZGlLpbLN7bX9pw8G4HA/Sh9JTWOixXRtLQza0BFraaA3GHzFmxpuD24NhBD81C2s6jsiWqRrLMTcc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769419670; c=relaxed/simple; bh=Snsr3mPolXFOYkb1Z7QiTuDKvZ7CWWWgvwtzOf//RaI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uiamahEmAW+YQkjIuNgQ4hpQ1/EXCziAqEOc2QVrLG033N77D0AvYBg07Rh/Dnn1tWL2dnVKpQdieLB6go69ImdcI6urzZ4wyU9AtF+SdPPgK5b49dfSOCwEQKgRA3n462bCI9GNZgzpeI9bQBRIL+8gIHkhSSg09+/7c9r18VI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0NFcM/4E; arc=none smtp.client-ip=209.85.221.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0NFcM/4E" Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-4325aa61c6bso3282443f8f.0 for ; Mon, 26 Jan 2026 01:27:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1769419661; x=1770024461; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=yZdZOMr7ZD3YwJoCt91zHhXUsqIB0kktLgOb3PAMNCk=; b=0NFcM/4ERqE5OgzI+3MO1lGFB0qy+tcLqiHDcchYqUW8bxObkLvhXU2OMkbfa/I3um voF3Aytji6EfJfqEh5HOgnCL17s3ZmxFj5zNvtKFA/HMixZRSjaYWQeW3/j5dKTjVgtE jnDM/+2sbJHHjS1DkH4ikYKt4hIAMds7z0iLsrEMzYUxHlS0vzxaAFXl0BXl3tC6YkWX uKhl5OYDufxsBs3lNfhHZND7KL9Do9gmAWibAwv8Y/2DudautdN9vDnS6urf7rp19j42 acwuFKTRQ+Blv+m+NFzsYiR39xJw7DP18AVvUPSp2CDnT8BanHEZqMoBLV6GlMM1LPto Jk/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769419661; x=1770024461; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yZdZOMr7ZD3YwJoCt91zHhXUsqIB0kktLgOb3PAMNCk=; b=PrviPq+gqYuHj5AMPldYxAKzZzM1icK/Z9pIG3GgYqs0iwF5r/vwlEqujeg6BFAdBB 0YdXoBcYmSfvtcVReZt4qQOIgFzP3Y3jW+vywoWdZaq1skE6MS5j+zDG/quq7tHMIfQn +KNqyQlxorC6v4f9vJZIT1cQwdBfvYhTOd38S/SmqVMi2v0LWqf2sugZAFOKhiHVl8iw ay4rPEfG7bZ1kkh020H85eVoO3NQD/AETA11rhTI977Fq0l5aivGTgYeJs5nhFf79tZ9 w1OudZtda0bgaIptcIijvfTQc5NcPXNWvrIFxQNmI7aOMeASb5AULANWYVGrbPeJ838s Uxlw== X-Gm-Message-State: AOJu0YzSIKd9D8v2AfS1C4LWAc+TSdxpGn2nk9YMN0t3443UpfCSqK1e JTbxYuVJBmPVQaTytYaLgH031mWgUzLtXPMgRYZDLq7huFWVZSK+p4swH2Q1QLdcqWOZ6RwqO1d TEFybMNNI6/u+C4YJjw+YZYt+dotVosEEwCly2WmYk4sKUm1uHpzh9iIoDF8qlj15HpppCIbPwk anSZt/+oaCLrx1JjdjgGJgLBOTam+LqGLpcw== X-Received: from wrzj36.prod.google.com ([2002:a5d:6e64:0:b0:435:9c10:fc67]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6000:2404:b0:435:8aa1:ff4d with SMTP id ffacd0b85a97d-435ca0ef8a3mr5885706f8f.22.1769419660699; Mon, 26 Jan 2026 01:27:40 -0800 (PST) Date: Mon, 26 Jan 2026 10:26:41 +0100 In-Reply-To: <20260126092630.1800589-12-ardb+git@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260126092630.1800589-12-ardb+git@google.com> X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=3150; i=ardb@kernel.org; h=from:subject; bh=F75QV7Me+l51GTWjnCoV9En3fFQSXyPjTPLkcCDZb5k=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JIbPc2Gemlo8A9wThkJRzGY6PJTzf2MoqLFcKrppoVuQhs NAstq6jlIVBjItBVkyRRWD233c7T0+UqnWeJQszh5UJZAgDF6cATKSohJHhc4ORyLascs43x3uf 35Jr3LtsAV+q9K0/TMrOVoJ7G44kMjIsj5DZImpT/axLMlbhis6iO/Zz9tq5nVnIP9ko1zObxYY FAA== X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260126092630.1800589-22-ardb+git@google.com> Subject: [PATCH v2 10/10] arm64: mm: Unmap kernel data/bss entirely from the linear map From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Anshuman Khandual , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ard Biesheuvel The linear aliases of the kernel text and rodata are mapped read-only in the linear map as well. Given that the contents of these regions are mostly identical to the version in the loadable image, mapping them read-only and leaving their contents visible is a reasonable hardening measure. Data and bss, however, are now also mapped read-only but the contents of these regions are more likely to contain data that we'd rather not leak. So let's unmap these entirely in the linear map when the kernel is running normally. When going into hibernation or waking up from it, these regions need to be mapped, so map the region initially, and toggle the valid bit so map/unmap the region as needed. Signed-off-by: Ard Biesheuvel --- arch/arm64/mm/mmu.c | 40 ++++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index fdbbb018adc5..06b2d11b4561 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -1027,6 +1028,31 @@ static void __init __map_memblock(phys_addr_t start,= phys_addr_t end, end - start, prot, early_pgtable_alloc, flags); } =20 +static void remap_linear_data_alias(bool unmap) +{ + set_memory_valid((unsigned long)lm_alias(__init_end), + (unsigned long)(__pgdir_start - __init_end) / PAGE_SIZE, + !unmap); +} + +static int arm64_hibernate_pm_notify(struct notifier_block *nb, + unsigned long mode, void *unused) +{ + switch (mode) { + default: + break; + case PM_POST_HIBERNATION: + case PM_POST_RESTORE: + remap_linear_data_alias(true); + break; + case PM_HIBERNATION_PREPARE: + case PM_RESTORE_PREPARE: + remap_linear_data_alias(false); + break; + } + return 0; +} + void __init mark_linear_text_alias_ro(void) { /* @@ -1035,6 +1061,16 @@ void __init mark_linear_text_alias_ro(void) update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text), (unsigned long)__init_begin - (unsigned long)_text, PAGE_KERNEL_RO); + + remap_linear_data_alias(true); + + if (IS_ENABLED(CONFIG_HIBERNATION)) { + static struct notifier_block nb =3D { + .notifier_call =3D arm64_hibernate_pm_notify + }; + + register_pm_notifier(&nb); + } } =20 #ifdef CONFIG_KFENCE @@ -1163,7 +1199,7 @@ static void __init map_mem(void) __map_memblock(kernel_start, init_begin, PAGE_KERNEL, flags | NO_CONT_MAPPINGS); __map_memblock(init_end, kernel_end, PAGE_KERNEL, - flags | NO_CONT_MAPPINGS); + flags | NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS); =20 /* map all the memory banks */ for_each_mem_range(i, &start, &end) { @@ -1176,8 +1212,6 @@ static void __init map_mem(void) flags); } =20 - __map_memblock(init_end, kernel_end, PAGE_KERNEL_RO, - flags | NO_CONT_MAPPINGS); arm64_kfence_map_pool(early_kfence_pool); } =20 --=20 2.52.0.457.g6b5491de43-goog