From nobody Fri Apr  3 08:27:06 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA20A3C9442
	for <linux-kernel@vger.kernel.org>; Fri, 20 Mar 2026 15:00:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774018818; cv=none;
 b=IHepgbdz3E7UV8I+b2aj8ysZpWRB5OGDRBMZGDmQHbB86D933FPXYiDYk2VrAYO/JDeFGtu+Q4cwZcUx/6pD7D5PEdh+KzE3JsKWhFmzJ32AHtY7CF6dmmUBAvgyjkkNXxSWOCdNWKG6Xjw79n1G7yvMWEkKmWZv02GDQgujPK0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774018818; c=relaxed/simple;
	bh=HVhid55KAMA64LXH8K7EKWVDpjjCZUptBd/c4Vbba8U=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=mEgdQn3lSbPM5SlwZri9clBlKYtnSCZSVQf8oSc+eu1BfRj8lqVwTEqf6lLcH+s6+S0IADDuCUu8QPFgKc+sdNVO1TtXvZHh3ZbZS+4zbDhf8veRcfZGvSyMNOq6+JTyozYeV3rclKjrADJ25cbrdRe7jzv6x4ABNt9crEwOgrQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Uz4RZ9Ox; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Uz4RZ9Ox"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-486ff4498b2so5344615e9.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 20 Mar 2026 08:00:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1774018812; x=1774623612;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=mjzcF7K4l6kuyuHp5hOrQQC0yTx4zgF02dd3Je0OTIw=;
        b=Uz4RZ9Ox+VSuV/A/HrOVowMzXNWven71FWTwP8diFNGmlmGIJn1eLuEdPhQXl0ZCuW
         Y6JmEquTMpqR79BGg1AeSkYOgHvD/U8zBZxItn8R5Ptlc6lXPFBpAMIukz66yb1k7VeN
         tFY31UjCBUb3UxHLGpz0ui4L+IFsSjFdAPXRJSusW5RKRQBTEkwdvS4KSFPZ2warE4VA
         zvegqZqetbMvYmYOHqV4FmikXZC0qLM1kSE1nCVJ6a1CC/7BS48wnlZeaiTwxewHtMm2
         T90+CeJWf8LouDqL7DKiCIzx+f6CZZYKvXbmhDKH72+Cn8Z+wt1QjsbCQQdB7lguqIbJ
         Z1fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774018812; x=1774623612;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=mjzcF7K4l6kuyuHp5hOrQQC0yTx4zgF02dd3Je0OTIw=;
        b=nhig558mYKj9a7X7+7ARdivNx/d6XoDGV2GFK8dLKu31CJ2xi5oanv3ck0vaPvXF8t
         O+4+wSRketf/gz8UEN6w79C9gqwJW1V4P2vI3dS0I3Ns0rlRR9X9pQfLWiZQYADPMGIs
         k3dY2bxGXmJvWBKECW0DAnOx3Pc5BTzOJYnef5cv1++jIx5cB0xdtnLvNnK4PUHxjUzu
         1sXVUUgxh57lsc6dahbUT1kKWKRc/YBQsV8lHOojgaxuVyTEbXYdGkrz77p+XrEP/pqw
         swXMA7sFgT9nDRA18vKtbQqdl00F/0ZVjNpqKsnfQbG3HN6Q0Lvsqa9uXxUtxPC3OpRw
         8iTg==
X-Gm-Message-State: AOJu0YwKZeg6BA0z+hrAAQBs1BI+Yust3RetGO69K8hppOWCu5g9yDOr
	shT5fTL4vZtczHEtlUzNPEMuEh5KJnljnqcobMLE/UCrS5QbulTGNKqqUe+W0mLPc559PAQwcDl
	ywOU1j+10ZyyeGf+6qKPqQagiyJyJLk7SDtMBE/zhi80wllR+8UptaXrnApJ1vMYK7Trzghlxq0
	kplGygcC2rDZM41ITWSFxAnMp4C+jNB/8sQA==
X-Received: from wrbcp39.prod.google.com
 ([2002:a05:6000:4027:b0:43b:5b92:aa63])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:a402:b0:485:5981:1423
 with SMTP id 5b1f17b1804b1-486fede720fmr41862035e9.3.1774018810476; Fri, 20
 Mar 2026 08:00:10 -0700 (PDT)
Date: Fri, 20 Mar 2026 15:59:46 +0100
In-Reply-To: <20260320145934.2349881-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260320145934.2349881-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2314; i=ardb@kernel.org;
 h=from:subject; bh=e+g1FyvCjZvn4UCkoUHoA+5i42in8tqyf6pjup/50iM=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIXNvwrPN+XcrfM5u2LGPW+l33FZpAYFdgfsmi8y9Msn/u
 Okuo4KajlIWBjEuBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCRpS8Y/juyPTwoeO9PblKs
 9p6b8z4Y8ecpv3vDdOhIwerefXKx7vIM/wMC9nOH+KRE51akbLd6u845sLdNp/q7lFtNWsibC2F
 cnAA=
X-Mailer: git-send-email 2.53.0.959.g497ff81fa9-goog
Message-ID: <20260320145934.2349881-26-ardb+git@google.com>
Subject: [PATCH v3 11/13] arm64: mm: Don't abuse memblock NOMAP to check for
 overlaps
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org,
	catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the DRAM mapping routines respect existing table mappings and
contiguous block and page mappings, it is no longer needed to fiddle
with the memblock tables to set and clear the NOMAP attribute. Instead,
map the kernel text and rodata alias first, so that they will not be
added later when mapping the memblocks.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 23 ++++++--------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index b52254790fda..34ad45a2d95f 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1128,12 +1128,14 @@ static void __init map_mem(void)
 		flags |=3D NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
=20
 	/*
-	 * Take care not to create a writable alias for the
-	 * read-only text and rodata sections of the kernel image.
-	 * So temporarily mark them as NOMAP to skip mappings in
-	 * the following for-loop
+	 * Map the linear alias of the [_text, __init_begin) interval
+	 * as non-executable now, and remove the write permission in
+	 * mark_linear_text_alias_ro() above (which will be called after
+	 * alternative patching has completed). This makes the contents
+	 * of the region accessible to subsystems such as hibernate,
+	 * but protects it from inadvertent modification or execution.
 	 */
-	memblock_mark_nomap(kernel_start, kernel_end - kernel_start);
+	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, flags);
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
@@ -1145,17 +1147,6 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
-
-	/*
-	 * Map the linear alias of the [_text, __init_begin) interval
-	 * as non-executable now, and remove the write permission in
-	 * mark_linear_text_alias_ro() below (which will be called after
-	 * alternative patching has completed). This makes the contents
-	 * of the region accessible to subsystems such as hibernate,
-	 * but protects it from inadvertent modification or execution.
-	 */
-	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, 0);
-	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 }
=20
 void mark_rodata_ro(void)
--=20
2.53.0.959.g497ff81fa9-goog