From nobody Mon May 25 02:41:54 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4196E370AFF
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203904; cv=none;
 b=uvKzOXa3a4LwV1DftHzGhUVdRIhC38gDDmca/GdK3DOCpz2BMBig59sNhJyXbAWwLN52DjhjnD/JC7eOTKiOZfatqfst2LlQGhJmhVbclqZzgmf9Y4H5gP9MVNqN7yW8MQhve45lqOXX25Qhhl8OsSzYKPMGEigj3+utj3Umy1c=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203904; c=relaxed/simple;
	bh=j6rU7HZIbA29M7FJgo6c6eUkDTWk/GsM8wAUoAZDqWY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=lOJdJIsLVrGWUPnuDC33CmQv0NbfN8zQPG2FNznOaI1vpCIbiaXvZ0bI63k92YTD5fYcOo157jZA91KLweatfsw/S3BPcDqCe0coy/vhI4Ra6DBCbzDE2xY6Gg9aMgYnjxv8V/wOBanz13hk9FWzRvlpN/SOJ/ivppy3ZlWUHew=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=E3hhQl15; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="E3hhQl15"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-48ff0eb77b5so38407885e9.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203896; x=1779808696;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=psqo5lxuXKrUhh3uDGGTtGkdaLsuRg1me0VLpzKluKY=;
        b=E3hhQl15latC20TMGsogDQrmbHcjjvdU94KsgJ63dwefCWcAAeiCXxwLMmswPkpGN6
         gHhv5Hv0UxPqfMTSCVRNMwnA+OkJZQFCnnzPUsHb92VL715RJPvFHpkNKULvPKZMpe76
         ZP01tD5H7VkPPYJNjFi/z0OZjiwG3MpwxMikG+S4PyEsmlJpHKkcpnbXB1Fr0luvEqDH
         n1Fu1Fu39z1V5j5ji+QeHnAoBVAseaDQwZTAxV6NACsTOEwuJj1fJYl7M+YXN2HPc1F9
         9uWPndSm+J46932aGqmVWHSkMDxDGYdbRrWQGxJmlScroKcEB8zt5mUcmo3x6SEEQhrY
         zi8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203896; x=1779808696;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=psqo5lxuXKrUhh3uDGGTtGkdaLsuRg1me0VLpzKluKY=;
        b=omuqYG3T/fTroIPnli6MR0PflVvLYRRkPx3G27bq93j3ntKvOBiA9Y4xxsV5c3X+1i
         ppyRKGpNnNFl08yvWOGibczzjfFNA++Y0cZpuXO8iB1jN3q/CJhQwcHLvruB9nvCvLLZ
         gUDA7Rpy8BLdE8krYbaJ+FxSnt2o1j4VjBDTIjjGVaupZwJRKzz3yknWcScWM7f6Wlx6
         HtUOY+CXJh7LGbSuQvXNFxK20NwiP4Ue/cCbK6U57zwn5VQbjXGSpn2L16AD8rR9d1Z3
         AvT0LOL8DIjadHDbMsLhcrIR0XGzPB8tY6BAFO2GnMMeCj0i3A6uJgX6lzB/Cdon4VD3
         jtrQ==
X-Gm-Message-State: AOJu0YzMs6VP6GgDKGV7Er3EJf0sSaeHNWiNp+zHgpDHZmzgb64DJtt/
	ZTXO6Iu+j5/0FdoL9nFXfQQY0xBBM3nhgpwxKtH1M2Wtyz+Sna51slu2dcBNzN1a1yB8t59uYA=
	=
X-Received: from wmrc10.prod.google.com ([2002:a05:600c:aca:b0:488:7b85:acf0])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4e46:b0:488:bc6a:528d
 with SMTP id 5b1f17b1804b1-48fe632243cmr328900025e9.22.1779203896424; Tue, 19
 May 2026 08:18:16 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:18 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=911; i=ardb@kernel.org;
 h=from:subject; bh=uYqf26ha3K7mBUMG5pQkMvA1333YXFAF+bz49QK3I9c=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7nCKotCqPVHbJlU/P5+WPXNtRp6U1LQXbxdfmBE1Y
 0raotU9HaUsDGJcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiOm8YGdZPT5zjozhLrdzq
 W9rh4yk/1SbP27vU5sihNukc80LNiGCGf9ocz6d5P87N5VjR8+WxStrSZ0/T/5+7djo9/dI6ySM
 2HzkB
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-16-ardb+git@google.com>
Subject: [PATCH v5 01/13] arm64: mm: Map the linear alias of text/rodata as
 tagged
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Before moving the empty_zero_page into the .rodata section, make
sure its linear alias has the memory-tagged type. This is needed to
ensure that cpu_enable_mte() will be able to initialize the tags
correctly.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index dd85e093ffdb..0c3d97f120e1 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1195,7 +1195,7 @@ static void __init map_mem(pgd_t *pgdp)
 	 * so we should avoid them here.
 	 */
 	__map_memblock(pgdp, kernel_start, kernel_end,
-		       PAGE_KERNEL, NO_CONT_MAPPINGS);
+		       pgprot_tagged(PAGE_KERNEL), NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 	arm64_kfence_map_pool(early_kfence_pool, pgdp);
 }
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com
 [209.85.221.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFEF4403EB5
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203904; cv=none;
 b=YvjeyRO4z+v8+VffZrk0WNhoA2ykHgMpavHbjFso/lne6sreAYP+52yVBZ4wCuMR5RhLFeFLKuA+P63VzVqC2GjL0m+Qbo2YLlnrjUFQqKHFqeaanpZYF9846rPaJH6/LPu5bA5/jSjr4qjNA7bI67Mc6qEUhXf27ubkzTbLjDE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203904; c=relaxed/simple;
	bh=EcCV5oiqJ9JAPSVTsVn4yK+SKuY8ffWGfqNYSRswBVM=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=X56+HFB5AMn56mLySEg7yykr65NBVjrl8r3E1K3GfjMhaavfnT7GH4qLo/B4O2NXFvyj50lCBy+V3Y6PCyvBX35oz7SZhSwoqGJCHEl3Zh6qmLiOURn50G8mjg/DQT5OgFPGtTQcm0BHb2WJosT9Vw7Se2CICg1ON4lCerHkTBw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=P0UBYXvq; arc=none smtp.client-ip=209.85.221.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="P0UBYXvq"
Received: by mail-wr1-f73.google.com with SMTP id
 ffacd0b85a97d-45aeac88af4so3096288f8f.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203898; x=1779808698;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=+5i5xhw6twfeNJpf3X2JDAmvPKwL/v73NW4xnl1R+ac=;
        b=P0UBYXvqq553Ac3DEB4dR/ZBAqVnRjmAhZ4dII3cBHQkEYHG/jBqRZQEY2ZqbuFl6K
         p7MfkxeVrE0kZW1GMo6SBtZQ95NunAk51LIMN7Cr9/kZT6HaKKeegrpjL9bb4S8AlQRj
         YYHKz+XX07X3PuttfZCsXmpg8BzgipPuCrAs7TMqEMAwHOMg+Yn4S/HKulCIBjRin2Qv
         7iNcEiG/DuPaAyby5T4/aXE47YW7yY25YCBxgIt76sp+XgkhcgeBGTArmJNDFpNxw/Ss
         UtnXxcCeyKrIbiRHVzWLbpMYtwHtTgY6+hfVJIZcYXb3YSifHCBX8x/zIl5tLkWjNNQu
         eEww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203898; x=1779808698;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=+5i5xhw6twfeNJpf3X2JDAmvPKwL/v73NW4xnl1R+ac=;
        b=Jsw7Xjz9zychX+rmSj76HdsPsUF9hHvYpiYF143rtD7jT7Or7uGWmuyskIE6Dei82F
         ANt7Vgfacul2RAWqTAORnN8z+PrAx0V5UCvCWjwogXlbKOGt1+3/EDuJHdEsqKNuxaaq
         jtuC49vNraqrPFbluC/7T4uQ9BWGqwMbkO4V/F0RCm02yZFgi4tZeOvDVIxkQSVFU1WI
         i7H3zSR8DfFP3Ga8WW/QjhDuUu7ulW8Y/D4t+q0rCz6vVTc79RTwLCRfNjk5N4jzRhR2
         SKelf5yKSCeXydcCGqpLLyjfBmwb1mZ+7XudllvDITQEgcWYwPDs8cYSe+kfK16pi67N
         KV9Q==
X-Gm-Message-State: AOJu0YwiMF+AfLw0DfXg7Ryjdzq3UbeA2NoBM3E+FjmllfVFJCM4/tLk
	pReIEIRPb8lZT8uJza6bJR9TSpsESiIdii2mcSDZGd/zBcB1KosUI1T5mwHHZDrVzQrUdBEzNw=
	=
X-Received: from wmbh13.prod.google.com
 ([2002:a05:600c:a10d:b0:48f:de63:8504])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:314f:b0:490:389:7644
 with SMTP id 5b1f17b1804b1-49006db5bc0mr175687615e9.17.1779203897655; Tue, 19
 May 2026 08:18:17 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:19 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1898; i=ardb@kernel.org;
 h=from:subject; bh=Q2W2jspPsv5GaJ5WLwu7DWsztQb/bK6wx+1BuMiTXuk=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7sieu88v/5i8jruVR773wtIjbld/Wm40nSSe+cjgw
 YcLqYJ8HaUsDGJcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAiGZMZ/nBZtdgr2B5a5Wj+
 iUmAZ231tSsO7SFntz3bed73yPGbq/8yMpwpsb8stmR1T9S10AhOGdXn+2LnfX0psDCo8O08yUs
 6T7kA
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-17-ardb+git@google.com>
Subject: [PATCH v5 02/13] mm: Make empty_zero_page[] const
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, Kevin Brodsky <kevin.brodsky@arm.com>,
	Feng Tang <feng.tang@linux.alibaba.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The empty zero page is used to back any kernel or user space mapping
that is supposed to remain cleared, and so the page itself is never
supposed to be modified.

So mark it as const, which moves it into .rodata rather than .bss: on
most architectures, this ensures that both the kernel's mapping of it
and any aliases that are accessible via the kernel direct (linear) map
are mapped read-only, and cannot be used (inadvertently or maliciously)
to corrupt the contents of the zero page.

Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Acked-by: David Hildenbrand (Arm) <david@kernel.org>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Feng Tang <feng.tang@linux.alibaba.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 include/linux/pgtable.h | 2 +-
 mm/mm_init.c            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index cdd68ed3ae1a..67aa23814010 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -1993,7 +1993,7 @@ static inline unsigned long zero_pfn(unsigned long ad=
dr)
 	return zero_page_pfn;
 }
=20
-extern uint8_t empty_zero_page[PAGE_SIZE];
+extern const uint8_t empty_zero_page[PAGE_SIZE];
 extern struct page *__zero_page;
=20
 static inline struct page *_zero_page(unsigned long addr)
diff --git a/mm/mm_init.c b/mm/mm_init.c
index f9f8e1af921c..46cf001238c5 100644
--- a/mm/mm_init.c
+++ b/mm/mm_init.c
@@ -57,7 +57,7 @@ unsigned long zero_page_pfn __ro_after_init;
 EXPORT_SYMBOL(zero_page_pfn);
=20
 #ifndef __HAVE_COLOR_ZERO_PAGE
-uint8_t empty_zero_page[PAGE_SIZE] __page_aligned_bss;
+const uint8_t empty_zero_page[PAGE_SIZE] __aligned(PAGE_SIZE);
 EXPORT_SYMBOL(empty_zero_page);
=20
 struct page *__zero_page __ro_after_init;
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com
 [209.85.208.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE2FC31A7E2
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.208.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203905; cv=none;
 b=lEgPrtEMGBHNQSuLph0USXgUoZ8rm/DU5iUbxdaFZ9cfhPHe+zkfuyfXzU63m6EhuvNDSwMutLilSVVyFnxP6+PL6z9LX+J5Pl90rT/UNT9z3hCdcb/NKJrnSQKcnz2IzEqgqZUpA1QYjje8P43lDWtDwN6C8tq+pEjHIq9VHW4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203905; c=relaxed/simple;
	bh=KmGmn0A1vPAphpKuU3bO8917OBfaKgId61epxa7mCa4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=bdrxfYA1zsvKaZ4RicoknMQihGeJ8KRMel1SvIzIGnpHLkx+4U2FDZLCnNTJIQVgjQ3zX6BoEqketB2xrGAbukYHdmZkPGtwbElVwSuIGQHgr9aQ3fW7F7WIP3qPbg6KbIxz0v0iPRURok/FWkNMPZkWK2VVTCJdSWtTF8+VVog=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ZNszrF3N; arc=none smtp.client-ip=209.85.208.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ZNszrF3N"
Received: by mail-ed1-f74.google.com with SMTP id
 4fb4d7f45d1cf-67c2ce99bc4so3485876a12.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203899; x=1779808699;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Yp6Vbx6VcvTlYXuJmWR3cijY2UdMz6wPDbvvga5K5vY=;
        b=ZNszrF3NlNg0pNtX133e+Y50W+QqKwHFJynztsg4jX+VsvHmrxqxb12LVvEAQWbr2k
         cNa9Eruynu4f7hH6VV1LCBqn1PFq17+DvCzlbLSN1gEEYbXajES8G9ajX87Ec6GCuUdq
         a6eXI+Nib7OL2ienCzuMcL2ZefEnZPbeFm3Yn7/TUDqFL535fBb2lGj6lgjwZABlYwz5
         YEyH9hbS9cGEoND/CuRtaBFV6Ms6JfjZuBtGTpt//JQaNVX9kO0x4N+ka/pqeRGZ6IuE
         0YRAvXEaLKf+xZczwC1uO9WUmUs38e4JKdp833YwIdcgpctscPQeTXqNQI7p+Dwb4d0L
         AptA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203899; x=1779808699;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Yp6Vbx6VcvTlYXuJmWR3cijY2UdMz6wPDbvvga5K5vY=;
        b=X3sHHPMHjS63tol2EPs4A9asBjnhRGHKxoNalnxOTSUXy/Yudshoqf14iKKDZKNWao
         9KUAgNHNWY4pe9ROICSylQ6dHdniU+FXffs1MAQgxQxV7h6rn6Ppro7IfShm8G/JqKkC
         mjabeVNY/RpugDIhep8ehQU0QyBIbyoqiTt6O6abZmaV01T1lDa8ymhCNjVqf29pTuMJ
         80vJTNpR/XayyXOA6UWAhfAimpfYeU60GEd/aK3u8q6NJlQGUfjr0cGe6kfCSHuw1wqa
         0VCAfAkp+ZtxUaTDg9AUmMkKcgrlVlLnBK29JYntdhLjn5CPKXrYyLnRpSUAmB/liu+A
         a9YQ==
X-Gm-Message-State: AOJu0YwZq1IvXUHfln/D0y3PtEOq7bBKLfKDaCtS7JNy9K02AUbrXW0M
	PD6bz5DicyhlodiXzDZV6roWCeyxe5IKChQPO8pjo3bB7pnLCpLvTWVsY8dQwmxczEgg6BzZCw=
	=
X-Received: from edsf17.prod.google.com ([2002:aa7:d851:0:b0:671:9d2f:2d21])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6402:5bcd:b0:676:e2c2:9034
 with SMTP id 4fb4d7f45d1cf-683bd28c712mr5773883a12.13.1779203898712; Tue, 19
 May 2026 08:18:18 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:20 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1340; i=ardb@kernel.org;
 h=from:subject; bh=HzOxyKiU5x0X81nyNN6N0/Tb7jNyzDNJ+OLc9lYWfgE=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7pi9g01ZksV39oqUid92yXdN31TMeWavqc7HepeVn
 ou6vJ93lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInsXsTIMCthp3fF8SvKomoF
 iluWR+6SSIx6NPH2/8ubVl9Q2u1f78zwh7+qQj0w+5yX82v9mfsl5YIO6kjNEn/++tknw1+qm6J
 6eQA=
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-18-ardb+git@google.com>
Subject: [PATCH v5 03/13] arm64: mm: Preserve existing table mappings when
 mapping DRAM
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of blindly overwriting an existing table entry when mapping DRAM
regions, take care not to replace a pre-existing table entry with a
block entry. This permits the logic of mapping the kernel's linear alias
to be simplified in a subsequent patch.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 0c3d97f120e1..bd2764f02a7d 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -256,7 +256,8 @@ static int init_pmd(pmd_t *pmdp, unsigned long addr, un=
signed long end,
=20
 		/* try section mapping first */
 		if (((addr | next | phys) & ~PMD_MASK) =3D=3D 0 &&
-		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
+		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0 &&
+		    !pmd_table(old_pmd)) {
 			pmd_set_huge(pmdp, phys, prot);
=20
 			/*
@@ -379,7 +380,8 @@ static int alloc_init_pud(p4d_t *p4dp, unsigned long ad=
dr, unsigned long end,
 		 */
 		if (pud_sect_supported() &&
 		   ((addr | next | phys) & ~PUD_MASK) =3D=3D 0 &&
-		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
+		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0 &&
+		    !pud_table(old_pud)) {
 			pud_set_huge(pudp, phys, prot);
=20
 			/*
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com
 [209.85.221.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B92E403EBF
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203909; cv=none;
 b=OEFf2PpucHSGSMN7wWM8pw0zcpes3D8Ze/bkkfHtJpuxB6NpHDxW7g8fudWLJ1Ws3Num3qo3YBL3qc2NB6gcCq3gOjfKRhSYE6G8P+l6in8Tac3kOqcm4V6z8mmW0CNbA6UgHSHXYyTY+jcuP5ljtTfU/zpafevRMGe2NOKjQ2A=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203909; c=relaxed/simple;
	bh=cV4GnrxgpfSiRWGIE0KjY9GsjzBjpUWNYquDFvlGNqY=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=lKli76+3g+yMO0xs8j4OM1cq6nUbE5y3VuqIvaHh/jJOoZIKKjjdNA6dgK90MSxwhuFyI3o5pMjALzTBQzqKKqNPkIKDJrHxMS0VGbFJxoo/w9jna3N2ccFZe0rRlvU1aawkhrOINKul3DxYhhFLIzdYfQgmKXLwrggGkT901Hg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ITMgyJgb; arc=none smtp.client-ip=209.85.221.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ITMgyJgb"
Received: by mail-wr1-f74.google.com with SMTP id
 ffacd0b85a97d-45e7c7289c3so2170529f8f.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203902; x=1779808702;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=CS1BtfvkhqK/WG7QMDSO/xvMHjZnFGS59EcNSZDS0Dk=;
        b=ITMgyJgbSlBpSJSEgDuMGfqt0pAv1dtNtPpnPeNI4eD1BRhO8Pjf7FDLS+VWtXiWBY
         CvrPRFL6p29+sxzJ0C3n0HJ8BdVIaTGKYV+cRB8jdGMVrSiTgQjXrfhSYO+WRq1KIGN+
         LvgBYLgztb+h7TWTdoePdGw6sAOXwaFf7nPRr/UHQlAOsg/JFUsEZmZN7D39Mh/sTNBm
         iTeHlIRzu5ohiv1sMCss999G/sXTfwab9Sep3wuf4uGLmzc6daVKyU/pEPzLApUyfahZ
         Kr5yC8ZxfSIt0oHFWh8Ad5YJRpP4hA7mB5hqRiLSceaOZAlsBbxEvge4516ohzpYjbcg
         zjfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203902; x=1779808702;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=CS1BtfvkhqK/WG7QMDSO/xvMHjZnFGS59EcNSZDS0Dk=;
        b=RYfxR2GIC4QTD1Tsgd7dnAiCcstZYAPNlh+BglwdsI/Qoxnj6+LSkT/dv3oSphrZu0
         pHrZ00N5haPxCe/HekNcoJYykPjJF5UZV+WEHj8BKEVLrFAfEJfyHzk6KLBFfZ3JSnfw
         YVS1YT43KxpNTjKXvskAiTy05DXiOpuwZ9QJ0odFo9fpqyePS7+Hms9dwkrXk2SO9ySw
         wQuhvqtUBBzhaMu58DqjHQC2OTCNC8KiH4d3UklJfWa5ZpMB6/u9+pfY9B5aRPdVExpp
         YCl081AD5MJFejwXC2HwWYKgetNz1whMezIISfM737V16jcobgKnu//gwvHadvWezsag
         /CQw==
X-Gm-Message-State: AOJu0Yx720vVY8uL4i6J7rlqG7TEh0HtEDZjFwSWCBesb3XtUQbW/GYF
	zjmb0EcyRKtN68udOAfulONV8+Idn4wf68IO8gWyV6u9Kuxw+93jXpghkCL1RsmMtN78tRCYjQ=
	=
X-Received: from wrbhg12.prod.google.com
 ([2002:a05:6000:1e4c:b0:43d:7480:5bfc])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6000:2885:b0:44b:5a37:36c4
 with SMTP id ffacd0b85a97d-45d941b198fmr40017031f8f.26.1779203900883; Tue, 19
 May 2026 08:18:20 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:21 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2697; i=ardb@kernel.org;
 h=from:subject; bh=suqWUpRPoN3mdRoFNlLmQlr8b1d/8QdQDtjxwFffruk=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7vhPi2CHG4Vsp5Yef6FSIcbLk+jJoX4rguX5KsV15
 tJ3GHk7SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwERu5DMy9C7UkCzh3eQ0N8Zg
 EeM83iu5V5tysvp+HHm5smhdUXqWOyPD3pP9D/9fkf3xM3Jr+f7UbV8D2Y/5b+u9ur+madPEK3o
 nOQE=
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-19-ardb+git@google.com>
Subject: [PATCH v5 04/13] arm64: mm: Preserve non-contiguous descriptors when
 mapping DRAM
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of blindly overwriting existing live entries with the contiguous
bit cleared when mapping DRAM regions, check whether the contiguous
region in question starts with a descriptor that has the valid bit set
and the contiguous bit cleared, and in that case, leave the contiguous
bit unset on the entire region. This permits the logic of mapping the
kernel's linear alias to be simplified in a subsequent patch.

Note that not setting the contiguous bit on any of the descriptors in
the contiguous region can only result in an invalid configuration if it
was already invalid to begin with.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/include/asm/pgtable.h | 4 ++++
 arch/arm64/mm/mmu.c              | 6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgta=
ble.h
index 4dfa42b7d053..a1c5894332d9 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -181,6 +181,10 @@ static inline pteval_t __phys_to_pte_val(phys_addr_t p=
hys)
  * Returns true if the pte is valid and has the contiguous bit set.
  */
 #define pte_valid_cont(pte)	(pte_valid(pte) && pte_cont(pte))
+/*
+ * Returns true if the pte is valid and has the contiguous bit cleared.
+ */
+#define pte_valid_noncont(pte)	(pte_valid(pte) && !pte_cont(pte))
 /*
  * Could the pte be present in the TLB? We must check mm_tlb_flush_pending
  * so that we don't erroneously return false for pages that have been
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index bd2764f02a7d..4c6ef0d35714 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -224,7 +224,8 @@ static int alloc_init_cont_pte(pmd_t *pmdp, unsigned lo=
ng addr,
=20
 		/* use a contiguous mapping if the range is suitably aligned */
 		if ((((addr | next | phys) & ~CONT_PTE_MASK) =3D=3D 0) &&
-		    (flags & NO_CONT_MAPPINGS) =3D=3D 0)
+		    (flags & NO_CONT_MAPPINGS) =3D=3D 0 &&
+		    !pte_valid_noncont(__ptep_get(ptep)))
 			__prot =3D __pgprot(pgprot_val(prot) | PTE_CONT);
=20
 		init_pte(ptep, addr, next, phys, __prot);
@@ -324,7 +325,8 @@ static int alloc_init_cont_pmd(pud_t *pudp, unsigned lo=
ng addr,
=20
 		/* use a contiguous mapping if the range is suitably aligned */
 		if ((((addr | next | phys) & ~CONT_PMD_MASK) =3D=3D 0) &&
-		    (flags & NO_CONT_MAPPINGS) =3D=3D 0)
+		    (flags & NO_CONT_MAPPINGS) =3D=3D 0 &&
+		    !pte_valid_noncont(pmd_pte(READ_ONCE(*pmdp))))
 			__prot =3D __pgprot(pgprot_val(prot) | PTE_CONT);
=20
 		ret =3D init_pmd(pmdp, addr, next, phys, __prot, pgtable_alloc, flags);
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E99DC3ED3D8
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203912; cv=none;
 b=Rzsw8SybFYlkpUvu6Iatoouu69+mcWNEiLLZXsMOmhWdqr1MjLRX92Y/w+8bXQ5FjkHfR/vQcyz1sOfHu12xnZvPcTdUaxvC3F5+kMCWlpcVD6KP+geq62GW/0jUX/dpUSdtdwl0EPIDeJzDDjb58gq5CMaynA0RCX5/V5V6VHA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203912; c=relaxed/simple;
	bh=9sBG4RmDDHDyT14kf4TeIb21ZFRmWbzOoDL28EV+qxs=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=b2UeWcBx9Hg5jeW9IcmXAc4WUsioSex9H3Vm5iRl6w/Je9YuDu3yMis74psmr1R0UU1MZrFsBJlCcCx5LG9hlzuInu+wiQ6sBJ7nnrBEnMAOGlw61BDdqfgq++noFCCxbLqSaTGiOtHZ+KJlYGd//lakxj8J46msCZUEUkVOmM4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=WNDyTptm; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="WNDyTptm"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-48fdca5c638so29452995e9.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203903; x=1779808703;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=1BqpbKAWZ7q/0CP68ZcgDWV1seLRY3kHiP/caX3fZn0=;
        b=WNDyTptmV/HyT4q2akMyjokUVuQ0ABJgXzxza+WAYuuomEYAJLE/OBp1kzZ2/ZgES+
         ZaL1NeVCXqlt2D1PhEA02/LD04hcxhUkGo5ax6EYwNCsZsyBkDYvF2KxPsZtk73ArNlE
         uQGL0jpx2LJLCVzafJWirC4sDB29mh3VoFJuLunsKOiEKrMblMCB4gnAHgM3Ct8gY/nD
         5CophrOi4wS8Dwwb6RVQ6VI7mnylXiPAKxvvYRicUmBlsrzYuKRR/ErhLHEQuyZo8uOx
         q53n1/FEObskoORqI4wAsrk0Ygspm5sbzM20ZFhGR0wHj9+l9p5cgWQHMe6lMNWBSp4y
         QHog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203903; x=1779808703;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=1BqpbKAWZ7q/0CP68ZcgDWV1seLRY3kHiP/caX3fZn0=;
        b=V1v52MNUzuRBjVS/htF7CGv+v9ylviBuvxp7wbrfcCH2P/8dJX7tF2fTT0VtXulKuJ
         55DNo8YD13/KFvsXgarfXtbduB7FJZTytCu89itUJy5BwN84aNPyzVKow2VFOQBrRXI/
         6Dit3Rdv90OFkINZ88dPXLRdk/3po+m6vN6ake9eUBxSIEKyoIkELPtoRmU5Ag9pDyma
         JWpXOFCdOsVR5yNs+0Mpb3Na5C/n9FJmMrtLmrC3otFdsm0ZP08c3ou7SS1wP/WL2dO5
         xNCFRErjdhMECPJdqiW0HTC2ndZV5n3xy6cgg1fY9+HPIGU9WAW78b5lqHPpPm47J+h2
         TvWw==
X-Gm-Message-State: AOJu0YzMvXREfdlhQi66xqB8h+HUgwoC4iW1+2S3/mePMc3yJys9iH2F
	JNmnb7qPy8FlN5m0unO/Sw4fACRXikEQ9WJXdnTmpb8E0RsNsnfODiPrhRPyQn4Fi4I+G/QY+Q=
	=
X-Received: from wmlz4.prod.google.com ([2002:a05:600c:2204:b0:48f:f301:5115])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:34c7:b0:48a:54fd:54ea
 with SMTP id 5b1f17b1804b1-48fe60ecd93mr316640905e9.12.1779203902737; Tue, 19
 May 2026 08:18:22 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:22 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1021; i=ardb@kernel.org;
 h=from:subject; bh=Ku3pRDk9G9j/NzX3V+jyzDs6V1KXE9BKuYBtWjFzJCA=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7uSdmn8Xi1/JLnzWebNMa9qxsDn1W/8/E5t3/2356
 9nLJq5821HKwiDGxSArpsgiMPvvu52nJ0rVOs+ShZnDygQyhIGLUwAm0jeVkeF+J9sCHsZM9s+P
 1wYpNRk982/e72CvdncSS6EzizDTPX2G/yXHhFfdUP9v++DE/9cvj37ZIBhl2cD+iFf1/KEVwWU
 yrUwA
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-20-ardb+git@google.com>
Subject: [PATCH v5 05/13] arm64: mm: Remove bogus stop condition from
 map_mem() loop
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, Kevin Brodsky <kevin.brodsky@arm.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The memblock API guarantees that start is not greater than or equal to
end, so there is no need to test it. And if it were, it is doubtful that
breaking out of the loop would be a reasonable course of action here
(rather than attempting to map the remaining regions)

So let's drop this check.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 4c6ef0d35714..cd841a392b44 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1177,8 +1177,6 @@ static void __init map_mem(pgd_t *pgdp)
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
-		if (start >=3D end)
-			break;
 		/*
 		 * The linear map must allow allocation tags reading/writing
 		 * if MTE is present. Otherwise, it has the same attributes as
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com
 [209.85.208.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63A62403EA6
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.208.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203915; cv=none;
 b=JCQ+K8GnXe1gryI1KlbbcPhnj5FvgIwAdcJgOrrl04S0U5UlnQSGWpxzWNvI4B0SxQyhcGQVA+HPxLaEFApYSu49/RyqBknX103QrVEQiau/DSGcSERrYfKN7vWMjHeEEpUvKvJ4MMM26aVyXfk5pVLbqF4ms8EUuFSv27l4UPQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203915; c=relaxed/simple;
	bh=YLa7AFkxj76L3n1yAO/JVQaGfx0SNyfxJ5mN27SAYPg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=pZMDIHfKufYwpcDSGmyInZBb2iHLU1mmffCreU+GWiIlupueHVqEQWnrd6EC6EJkQ5yH88nMUfMOKAyzuO2S/WBPHQUZZPVTyWPwSCqHNmqM0izOCK68ym3Nc+x6EEUxP+s7TJcUqM26PVRrS0oRa8b29siV3EcDhiq+DtZktPU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Y6yGeM4z; arc=none smtp.client-ip=209.85.208.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Y6yGeM4z"
Received: by mail-ed1-f74.google.com with SMTP id
 4fb4d7f45d1cf-67f7c414c58so3639588a12.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203904; x=1779808704;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=ablq7SDSYy4OVFkmF058uoPsxyfZ6hOzCdrY1mFL1gw=;
        b=Y6yGeM4zG+84LDNQpOZwcAl9pilzYEQfdyUcQXh+gEUloPuAyiBo0OA1arw8zVKD5j
         UaVeow6V1ZncxhK1BXDfTQANsAXONsTm+HDwLVLRQzSdki05RKFvFij2Mglbcz5wiM+S
         sL/CFc+TLLL+Ljf69xSRKfJYrmf/IUzTCAjI9jjSaEaCJvrIDjRt4P4gh/T/DCgM/d8s
         MTsHo8tenFF7IpYExecnyFbrZaEOFGmLBAWQvdDNFNltqAjDqToYq9fAnLaxnPBC8T4S
         eAGkg0/pwxGcs0RYmfCMi7d9R8wXuB6RB/oBzRVrjlvzC4rkHY9sllYvHF5rz60/MOj5
         0jaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203904; x=1779808704;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=ablq7SDSYy4OVFkmF058uoPsxyfZ6hOzCdrY1mFL1gw=;
        b=O1FMGH8RgxoO7I7671DXd+JjEmkgGpOslFlUtotWZE+Y1M7XkH9Y/E2ij1Y0DHb1HK
         zySZGcDxi6mLDjEEeKKWy1fFyEBamhuG1CDpeeGBZ02ibVhESlni0e7WdEHDKOCE8K4e
         Pjvv4AamLupDPIgaPyvq/47Sc2faCQ7MBGLffADpx0PEnc791rYwGl0RMLn2hqq1dode
         AGbSKV685qaXvZ+oGNr1PuBgQGBNVIQo+5um+kotrqYxdpIUllL0OKx98Pf2/Cpbfta4
         IAKR52OUuIoEVHLlt30DbS3jwWTm+xXzp6CtrFtzXzwajJ0MHjh8nqTeodEURs27kPAV
         RoTw==
X-Gm-Message-State: AOJu0Yx0zbCDRjdmBnrRB1G5MJtP7Hn2+6zzpko1CeWbWWX/NvtQFOnw
	O7Zy+9cbvlQiq/+lsHmFa8mE6ZylLq0/ncTbpag1cdC1uz3za012qmkMHl2v0/38vZYB3XiAjw=
	=
X-Received: from edbes15.prod.google.com
 ([2002:a05:6402:380f:b0:684:6ea:e4eb])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:aa7:d5d6:0:b0:67b:7a8f:3e2c
 with SMTP id 4fb4d7f45d1cf-683bd38d8b7mr7725381a12.25.1779203903770; Tue, 19
 May 2026 08:18:23 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:23 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3481; i=ardb@kernel.org;
 h=from:subject; bh=x6k1+hxAgsJePfYGlvJneg2rmFUShXoMj4/fbl0R3E4=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7tQtN6G1hgdtjmgLWLOkd5w6PlPKS1nrbeH9NZPkW
 yVueP/qKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNRMGP4X3OrUs34rDx3WHeP
 pWTXf/+ikjP81+7duOheUz55P7PXI0aGv4L+DLsrlFS2MG23Y1S+X9HDsL3d9bP+5tYiBT1N60J
 WAA==
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-21-ardb+git@google.com>
Subject: [PATCH v5 06/13] arm64: mm: Drop redundant pgd_t* argument from
 map_mem()
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, Kevin Brodsky <kevin.brodsky@arm.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

__map_memblock() and map_mem() always operate on swapper_pg_dir, so
there is no need to pass around a pgd_t pointer between them.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 26 ++++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index cd841a392b44..0405fac18959 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1039,11 +1039,11 @@ static void update_mapping_prot(phys_addr_t phys, u=
nsigned long virt,
 	flush_tlb_kernel_range(virt, virt + size);
 }
=20
-static void __init __map_memblock(pgd_t *pgdp, phys_addr_t start,
-				  phys_addr_t end, pgprot_t prot, int flags)
+static void __init __map_memblock(phys_addr_t start, phys_addr_t end,
+				  pgprot_t prot, int flags)
 {
-	early_create_pgd_mapping(pgdp, start, __phys_to_virt(start), end - start,
-				 prot, early_pgtable_alloc, flags);
+	early_create_pgd_mapping(swapper_pg_dir, start, __phys_to_virt(start),
+				 end - start, prot, early_pgtable_alloc, flags);
 }
=20
 void __init mark_linear_text_alias_ro(void)
@@ -1091,13 +1091,13 @@ static phys_addr_t __init arm64_kfence_alloc_pool(v=
oid)
 	return kfence_pool;
 }
=20
-static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool, pgd_t *p=
gdp)
+static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool)
 {
 	if (!kfence_pool)
 		return;
=20
 	/* KFENCE pool needs page-level mapping. */
-	__map_memblock(pgdp, kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
+	__map_memblock(kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
 			pgprot_tagged(PAGE_KERNEL),
 			NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kfence_pool, KFENCE_POOL_SIZE);
@@ -1133,11 +1133,11 @@ bool arch_kfence_init_pool(void)
 #else /* CONFIG_KFENCE */
=20
 static inline phys_addr_t arm64_kfence_alloc_pool(void) { return 0; }
-static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool, pgd_t *p=
gdp) { }
+static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool) { }
=20
 #endif /* CONFIG_KFENCE */
=20
-static void __init map_mem(pgd_t *pgdp)
+static void __init map_mem(void)
 {
 	static const u64 direct_map_end =3D _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
@@ -1182,7 +1182,7 @@ static void __init map_mem(pgd_t *pgdp)
 		 * if MTE is present. Otherwise, it has the same attributes as
 		 * PAGE_KERNEL.
 		 */
-		__map_memblock(pgdp, start, end, pgprot_tagged(PAGE_KERNEL),
+		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
=20
@@ -1196,10 +1196,10 @@ static void __init map_mem(pgd_t *pgdp)
 	 * Note that contiguous mappings cannot be remapped in this way,
 	 * so we should avoid them here.
 	 */
-	__map_memblock(pgdp, kernel_start, kernel_end,
-		       pgprot_tagged(PAGE_KERNEL), NO_CONT_MAPPINGS);
+	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
+		       NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
-	arm64_kfence_map_pool(early_kfence_pool, pgdp);
+	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
 void mark_rodata_ro(void)
@@ -1421,7 +1421,7 @@ static void __init create_idmap(void)
=20
 void __init paging_init(void)
 {
-	map_mem(swapper_pg_dir);
+	map_mem();
=20
 	memblock_allow_resize();
=20
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com
 [209.85.221.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AE7C403E97
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203913; cv=none;
 b=Ko2i2ing17neTov1OpikDCojUeE3Hsl9B8u4ZnWMjJXalCW9kxCesl1ceiM7J62l1TGhA6arADNZCZiAxyTjtiBlgkvxXC1YDCqBF5jVkmwgX745CxhHg4+aN6TKSU4dSYBijVxlQAz7HMfiqmDzih4sSoXu99AxynU+DMuPHBo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203913; c=relaxed/simple;
	bh=jjYhcW/kbMDe/UK3BjYp/roCAIoFYhxhPdWkrX5A06k=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=FNUyE2vhihrxBr1GH+QpjAw+6vbehlkJhaddESSOHHmS/b/d1mUfGFmNQqiMIKY8K1ZU7mu5e439TtPZX7Cm4Tavvamwaq4itswEW9xYXoTAyttOQspfzF1gF0xGrGh188Jbjha5f8/FMBvMgUv0zVnqIN343PiPIeVAmlv+Z5E=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=kzkNmIE/; arc=none smtp.client-ip=209.85.221.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="kzkNmIE/"
Received: by mail-wr1-f74.google.com with SMTP id
 ffacd0b85a97d-447f2ce5556so3173272f8f.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203905; x=1779808705;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=EjHc0cb+NE/2F+UEf5a5kfxEL68f5+QTn7aAzw8hvjg=;
        b=kzkNmIE/f6woXRLWC7RjhzEH6PZSgJA0ZdZ1OgryFCZBDsP2/sCfObgnjPRY7fT9aI
         xL19lFCSJNXpOSPtBi6VCno1b63rhj9jSGzJOAXl5dyvFuPD06355UwkmEuVLd9/rl3C
         Nb6/9Ot38Vfx3P6OBcOfvucIPGHCvloK1pgqA8Y/gz26Awq4MGmLGxZuF4oE6nW8xx+a
         Q/P7yfdtWK2HOwyesbhN5sjC+IMuQx2WNrswxcKw/ndo01w53FfgtcrjuwJloRjFywtZ
         1U2bUZjslbrUqHRYYJanAAevPrqTL5dyRb0O4MDpDRQlXzaU17LnON1GKM3iyPVSMFOD
         84hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203905; x=1779808705;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=EjHc0cb+NE/2F+UEf5a5kfxEL68f5+QTn7aAzw8hvjg=;
        b=mfrXp79URbaFpkeTneVco8L0PTXpAlFPahkLSLh7QUxVWarl2q3/k4RIEeUJTRx7KU
         mNeIipfvDIbze5wza2qqW8EOd7+89/mnSZ/TNyqZ1G9B7xwDpw+2hFattW3g7XfyJZ+J
         pD8fmRLHcfM1XFBzPMfj4428LV9nEQV/hR/tMoWaDS2zgTApGE3ETx/eMNNCPlOQ2uZR
         3BoHim0CKGu4B/eFTZKxno75aNT5hZMQ3rVQjciTamnhMiyhp8stOrKH3kSpjnMDDFBe
         HnsBJBSdN4NPQ4gQqAclAlQobZIiyN95StkOQqcTXbp8zW9Eojzxxmyc67xKPW6q2VbM
         gR5Q==
X-Gm-Message-State: AOJu0YydCPLthbWhET1v8JbFw1WSyRM+zAle8li09S6gzqIRN5AreT/j
	GX7vMwpWma+pIeB3cs0VzDnPSLK0m37d8NjJ22lh2HQiUkMEkwpg9+QaPgeOk7GXwtaAtbhZPA=
	=
X-Received: from wrjb13.prod.google.com ([2002:adf:e30d:0:b0:45b:cad1:2df1])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6000:2c06:b0:45d:4fc0:fe0a
 with SMTP id ffacd0b85a97d-45e5c5dd346mr33349921f8f.32.1779203905296; Tue, 19
 May 2026 08:18:25 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:24 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=914; i=ardb@kernel.org;
 h=from:subject; bh=DzlMi7mku98t808/4L/IevsaqNhHNBA7ZPaOWGTKp3M=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7ozjx5JHO2c9Tvz2bbb1UYGuFVGxfyOk/Lcl39l/K
 H2HsKVMRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjI0z2MDCcD0w4yfjZVbdjI
 l/1mdYzWeoF7uf/65CXWOutIPTyn6s7wz/CboZoY8yGh2dyvFDVyd1ef1EtQfpqkvm298dz7pw+
 +ZwAA
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-22-ardb+git@google.com>
Subject: [PATCH v5 07/13] arm64: mm: Permit contiguous descriptors to be
 rewritten
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Currently, pgattr_change_is_safe() is overly pedantic when it comes to
descriptors with the contiguous hint attribute set, as it rejects
assignments even if the old and the new value are the same.

So relax the check to allow that.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 0405fac18959..7cecd25aa83b 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -134,10 +134,6 @@ bool pgattr_change_is_safe(pteval_t old, pteval_t new)
 	if (pte_pfn(__pte(old)) !=3D pte_pfn(__pte(new)))
 		return false;
=20
-	/* live contiguous mappings may not be manipulated at all */
-	if ((old | new) & PTE_CONT)
-		return false;
-
 	/* Transitioning from Non-Global to Global is unsafe */
 	if (old & ~new & PTE_NG)
 		return false;
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78CA9400E02
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203920; cv=none;
 b=JlmNdZ0H7vAtTkrMxwKQA8mhDT2ccKSL9SzueKACwRPIWMVSStAa/+hdYpV1RMmDb+B7nEAR1cd8UdM72JI8a4vCHpoezkt5xGBnBEGUCyCcZ92eeA222/seAuT/5Cnf8bL6Pdc5C205N045F+iJLWmGHjqVYjzsAYT0ORjo/qI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203920; c=relaxed/simple;
	bh=knC4g4vfRe0gTn61rwNTsW2MQUnpP1477OnZ0UpSvpw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=jaEYp7FUTANaLawiXZOUQThSrA6Amnuh6Gbit2o3ufzx+ahd8RA/LL0J1rDKhI4oYAWOz6+90luLxymDSfI1iVB1tjPKlrzC66TGlsZXFlwWlef+HECnVdth1pcSSChCjgSn9nIWWqFTmI6kGJaeYfxURNeLhUwVreHZ2/W0WiY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Yee5kq+f; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Yee5kq+f"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-48fd3449e6dso22914125e9.3
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203915; x=1779808715;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=PfDfE++F3RWl/ExerU/oKoiEmKgLmIzVBxPm6lUCPRg=;
        b=Yee5kq+fyuPy/JOkDb/Ro2TGYCcxzoU+gG2ixU+UKP1H4G10IUwnjRa1A+F3RwG70z
         IufiAZREfsVRV9idiGuG9TX1+kSnMrpVBiBbFK0X/vP5dyb2sxWl80Ny1wuwKkQKuRIA
         QyQzMOrgbC1j4o7Kak/XcisxOh4wdLZCVm9yrXWy6AzvvoZPVpkI7ZYDMVKNZC6uGv2C
         mibofyfPAUp+VeBoqjEbERuH9uggrB9LGoO2TCkY+l8HyYm2eRIiWMMkMjqeyFie7x01
         LK4u6IR0ZJCVESjEFD/Gco9DNUZFpIyYlekVRmGlYyTXya1xFbyl8X5iCACJMtlLnEtL
         1srQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203915; x=1779808715;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=PfDfE++F3RWl/ExerU/oKoiEmKgLmIzVBxPm6lUCPRg=;
        b=m8xoRrPDc+peOXfhaHqjc07mFSJUyT+oMePazTkgh1nApygtYYe8a3ad3RyzwkSwys
         AEXxpp05ATwLSa3XHMbl/Se8pmpA2DkIh15oCrZerqjDyurfaNN3+u/kQbYQGnm/wSIi
         oBH8MCG2vUV7gskzbCgo7jdF9RQHl4lvOU+M/9n4TaIEc3fRc/sPcMUfQ2Ur1DRGnYYt
         uuBDw4/KPpVtcNwuci9jBaNEBFy4ofUdAKMiTGnhooVkhqgauNG1Ddxop8wyHSN3NoYn
         LE39Kv0rpaxwu7lrC/bTlOmnnHRcMROWHXSsCTAFrGO8cW8WENT7ayDN84xt3OzPfQD/
         I2Ug==
X-Gm-Message-State: AOJu0YwPFMxFIIf9f8mslOxUFBYGoJ8xFmsJw/hr0oWd75hF+ykT/mc7
	Pcn8+9Qq39n2gVMrF5qDXLlDxzv+eJtAK1009Mm784W27HIbyF38e+TQd3GiJkdnm908r8bZRQ=
	=
X-Received: from wmba2.prod.google.com ([2002:a05:600c:6dc2:b0:48a:5c24:d305])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:34d3:b0:48e:6db3:ff3a
 with SMTP id 5b1f17b1804b1-48fe63270fdmr290761875e9.16.1779203914736; Tue, 19
 May 2026 08:18:34 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:25 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3142; i=ardb@kernel.org;
 h=from:subject; bh=oIF//MguREFG3HyKwOy+szVys8PN/RKtASFWmsHeRws=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7qyjai6rA2NnuvzBPcb5HcUWrJeV8kP0p63Z/GDyg
 rrEP3UdpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCIftBkZnt9bsqtX63WH7NG/
 r+plOE+Kat8O/Px/l8Tn0Pv1vFYc/xkZlu6eNVN6it3sFw7TGMSfrdvezmPDmlIWMfNT3b8Tb5/
 UMwEA
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-23-ardb+git@google.com>
Subject: [PATCH v5 08/13] arm64: kfence: Avoid NOMAP tricks when mapping the
 early pool
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the map_mem() routines respect existing page mappings and
contiguous granule sized blocks with the contiguous bit cleared, there
is no longer a reason to play tricks with the memblock NOMAP attribute.

Instead, the kfence pool can be allocated and mapped with page
granularity first, and this granularity will be respected when the rest
of DRAM is mapped later, even if block and contiguous mappings are
allowed for the remainder of those mappings.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 25 ++++----------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 7cecd25aa83b..224fec6ce9d7 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1067,36 +1067,24 @@ static int __init parse_kfence_early_init(char *arg)
 }
 early_param("kfence.sample_interval", parse_kfence_early_init);
=20
-static phys_addr_t __init arm64_kfence_alloc_pool(void)
+static void __init arm64_kfence_map_pool(void)
 {
 	phys_addr_t kfence_pool;
=20
 	if (!kfence_early_init)
-		return 0;
+		return;
=20
 	kfence_pool =3D memblock_phys_alloc(KFENCE_POOL_SIZE, PAGE_SIZE);
 	if (!kfence_pool) {
 		pr_err("failed to allocate kfence pool\n");
 		kfence_early_init =3D false;
-		return 0;
-	}
-
-	/* Temporarily mark as NOMAP. */
-	memblock_mark_nomap(kfence_pool, KFENCE_POOL_SIZE);
-
-	return kfence_pool;
-}
-
-static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool)
-{
-	if (!kfence_pool)
 		return;
+	}
=20
 	/* KFENCE pool needs page-level mapping. */
 	__map_memblock(kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
 			pgprot_tagged(PAGE_KERNEL),
 			NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS);
-	memblock_clear_nomap(kfence_pool, KFENCE_POOL_SIZE);
 	__kfence_pool =3D phys_to_virt(kfence_pool);
 }
=20
@@ -1128,8 +1116,7 @@ bool arch_kfence_init_pool(void)
 }
 #else /* CONFIG_KFENCE */
=20
-static inline phys_addr_t arm64_kfence_alloc_pool(void) { return 0; }
-static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool) { }
+static inline void arm64_kfence_map_pool(void) { }
=20
 #endif /* CONFIG_KFENCE */
=20
@@ -1139,7 +1126,6 @@ static void __init map_mem(void)
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
 	phys_addr_t kernel_end =3D __pa_symbol(__init_begin);
 	phys_addr_t start, end;
-	phys_addr_t early_kfence_pool;
 	int flags =3D NO_EXEC_MAPPINGS;
 	u64 i;
=20
@@ -1156,7 +1142,7 @@ static void __init map_mem(void)
 	BUILD_BUG_ON(pgd_index(direct_map_end - 1) =3D=3D pgd_index(direct_map_en=
d) &&
 		     pgd_index(_PAGE_OFFSET(VA_BITS_MIN)) !=3D PTRS_PER_PGD - 1);
=20
-	early_kfence_pool =3D arm64_kfence_alloc_pool();
+	arm64_kfence_map_pool();
=20
 	linear_map_requires_bbml2 =3D !force_pte_mapping() && can_set_direct_map(=
);
=20
@@ -1195,7 +1181,6 @@ static void __init map_mem(void)
 	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
 		       NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
-	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A7CF403EB6
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203923; cv=none;
 b=N5AYlMXkmhK2Vsfcl6Tk0GQrUQ4FTM32rL/cCAI0vqIC7fdsxWIvabrSKN864afcvC9zpOSYIhvvqiVkqzF0IPVjDkUAR40xBJZrWh46q037gIVyMVurbubrHgoXkkOZ18N3XSCONrdqeUoMsR47TqvVJ3fvBV+1ro4fTB03qgI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203923; c=relaxed/simple;
	bh=BpyhR/DkcI+vdlfgGNG1TzB22JyPApdAXwmLfX2Op64=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=eghH6mZbkqsrm8XWqsVQN3606o0CuyVmgafhnQSIEOxCUY0Dm+l+4jPnVWkOCjWOPhX/bELGJs4xcv3Un9d7WgvqKyLZIixypAV2WJXegvk0jwui7H7BZR2oxphSvhtkVT1D7jCk3kU+O2hPzOdElrAqTE+Lhq25D6ky+3ADGsM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=G0SDucgo; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="G0SDucgo"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-48fd2b502e2so34027315e9.2
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203916; x=1779808716;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Kwt+xg304itl9Q4y9dyVOqGujD4Vg308m/u0QoJNJxg=;
        b=G0SDucgoMsLF3thAcfoczmim6SmyNOzBWSqKuGOvRZXzLnXmwE+FtsfMBnea9VIjt3
         Dgnd7SgSyaxWfeGE035o6ZwsmK/KT46b1x95zoTJz1a9mDGPx5Yvu7txT9GGrk0LFPh8
         MWEipc8XEqnJeRKPx9XDdqPn2sxng05D6z5Epei0zEBor2NVe0WvpCpKfIsfxidJ/gtY
         B6spQ4dQFSR45jpn0qNjX7drfNgsR9QlWOq0f8B7wJWGMvs1rNx+Emuq286G1Y4C2sIY
         LvyYJ0GTrOBUCFwyaZtjndl+k+zHyjj5Ce4XC2394QkIBYzBC+WK+s/8FCFlNoKwxrJk
         u38Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203916; x=1779808716;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Kwt+xg304itl9Q4y9dyVOqGujD4Vg308m/u0QoJNJxg=;
        b=ZtersnN2Ebo+zSQiYG/uqDiHc7r0b5KHOWuVfq/A5dMSxU3TrhvTW0y0aQB8aooOk6
         LnboS0BV6zxN5g/4TTkvu0M89mqQjMCTfaKavCx8/ZhEY0Q+UvkiyBT3ynupqjDUxIWz
         2Udp7ourLAyqUW7qw/qbCiVQWRB1fLhKjJYFasY99y8ewAszlzGbxkYczrIVAIi5jb8g
         JE5PJQFNCjO/yV0SP4OINBiZpQQhscw/SK6p2zsyltMJEZn3wQW1dEPPgesDVC6I3KKR
         83UWJGmm6BSGfhUHJ/wZOpooYutHZLLjkA6Gg2flTrwRzJeKXlB6KXm5khZbyXjxjzpN
         qerw==
X-Gm-Message-State: AOJu0YwsEf3UL6+hwqNdJR3hnXcr4k26FkC2DEwtIqeqmTEdyG6Co0dn
	OW6iNN2nLD/i1Wu9rknJMC3xo7OLY6gbuIQpWIzdmqGGoBAAw5qdD0pNhiQG7Huckq54JvbuHg=
	=
X-Received: from wrnz14.prod.google.com ([2002:adf:ec8e:0:b0:44c:f516:cbb4])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600d:10:b0:48f:e230:2a1b
 with SMTP id 5b1f17b1804b1-48fe6630137mr253844655e9.30.1779203916085; Tue, 19
 May 2026 08:18:36 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:26 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2933; i=ardb@kernel.org;
 h=from:subject; bh=7JrpdyvPdL1s+/ehcMcKhbiYpfIb7J1bzPCRFLZDLcg=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7ryfbU3x9e+3LC5ff7rx1wuN2GTFbXOe32Cu8cvPz
 vnOfNO8o5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExk+TyGf3p7cv4pVosZ/Xm/
 ZG+Uf4emX6NSUtiWg5fCHzPUTj/CqszIsCmn+ghHSolWRsbsiRLlU/nvMRWcb3cMSLc8eOJ2yY5
 aPgA=
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-24-ardb+git@google.com>
Subject: [PATCH v5 09/13] arm64: mm: Permit contiguous attribute for
 preliminary mappings
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

There are a few cases where we omit the contiguous hint for mappings
that start out as read-write and are remapped read-only later, on the
basis that manipulating live descriptors with the PTE_CONT attribute set
is unsafe. When support for the contiguous hint was added to the code,
the ARM ARM was ambiguous about this, and so we erred on the side of
caution.

In the meantime, this has been clarified [0], and regions that will be
remapped in their entirety can use the contiguous hint both in the
initial mapping as well as the one that replaces it. Note that this
requires that the logic that may be called to remap overlapping regions
respects existing valid descriptors that have the contiguous bit
cleared.

So omit the NO_CONT_MAPPINGS flag in places where it is unneeded.

Thanks to Ryan for the reference.

[0] RJQQTC

For a TLB lookup in a contiguous region mapped by translation table entries=
 that
have consistent values for the Contiguous bit, but have the OA, attributes,=
 or
permissions misprogrammed, that TLB lookup is permitted to produce an OA, a=
ccess
permissions, and memory attributes that are consistent with any one of the
programmed translation table values.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 224fec6ce9d7..d4ad9e4766a6 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1000,8 +1000,7 @@ void __init create_mapping_noalloc(phys_addr_t phys, =
unsigned long virt,
 			&phys, virt);
 		return;
 	}
-	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL,
-				 NO_CONT_MAPPINGS);
+	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL, 0);
 }
=20
 void __init create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
@@ -1028,8 +1027,7 @@ static void update_mapping_prot(phys_addr_t phys, uns=
igned long virt,
 		return;
 	}
=20
-	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL,
-				 NO_CONT_MAPPINGS);
+	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL, 0);
=20
 	/* flush the TLBs after updating live kernel mappings */
 	flush_tlb_kernel_range(virt, virt + size);
@@ -1175,11 +1173,8 @@ static void __init map_mem(void)
 	 * alternative patching has completed). This makes the contents
 	 * of the region accessible to subsystems such as hibernate,
 	 * but protects it from inadvertent modification or execution.
-	 * Note that contiguous mappings cannot be remapped in this way,
-	 * so we should avoid them here.
 	 */
-	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
-		       NO_CONT_MAPPINGS);
+	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL), 0);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 }
=20
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13325407CDF
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:39 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203926; cv=none;
 b=BlshzXA90DJ9mm8icVRYhqDeqMOsriKHn1y6NGLtPWew/9e3WLDx5jAlJADIKJAg6SjJ99HcVAgnkpt7Fp12ZSutY8Ivo+Dba7o5UeORXFPzVG2d1cnQLeQxpgHEXrAyfh0ruXyg6yyD9am5y6onZmgoIEoLyzp7AIDiLzmVdBY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203926; c=relaxed/simple;
	bh=TC3oNeRclJA2LSfSctl8UoXdAgKSWVLe3BZ18G4Pjko=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=BGs1HZhdHWqzew4UWA/tjL6ll1cakSLUjLiM6oXwOO+e+OIpy7L8DEOWSYW1G8ozJhUHpQPY1ueptjSAqhWT39C18mBa162HQDE1EKs8l6roIMwfPxqPGd/ObiSUkV3V7Lw/coY7uXYEMAF81w916qGYfGQdmVXtFLZ4rqh9Tb0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=CHW5vsBk; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="CHW5vsBk"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-48fea6292a5so16214685e9.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203917; x=1779808717;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=3jz5HVOoTF+6wyIXVi1PRz6mG2EpkE1nqqXU3A/HO1M=;
        b=CHW5vsBkY5PjNYAInY/kn7xn9dfJmL+rpyhyOf2xxh4iFy4VFGrYA97K9AQMi2HeOy
         rrjG3+sI/sJhqHgYMN5lJ1HgXgex0geW26gYp2m2pfGo2Mo8Eb2BpqBeZTB7VexQBPtB
         ZyIaDEBpNWD0W4jJTRBhlEK0u09OLKoe/lNEZU7goR7r4EfbC/xuaW1Q4yFp7NfbN8iW
         ERg9eGjJ+uI6DJtLm8EXc0xIKQEMWgl5lP4Ygg5OwoS3S84l2jFm+0CM1ulsTp3gGaMR
         DP7Tn3vlQ8B6t6scqoZruofCu2G2me/VJYwe0ln+SoVIrDN7UJ0LYH6OZ4Qw8R1qgG8q
         bWcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203917; x=1779808717;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=3jz5HVOoTF+6wyIXVi1PRz6mG2EpkE1nqqXU3A/HO1M=;
        b=shHgMKbT7uokMCsyCBI9j+WbnD2+1NX17Qe3tspzA64GDXKnQ1p+RglsGntdj0Nvi/
         Jm+OuB9Tzv1nLEmvmygDkJMOcamCuFP9CTEU+hN0g2oq4BPhInr/n4PHGzCDTyhYccb4
         iTyyFiMqKcGxpzm5wnmQ0jQjRIXR+FYK3G7doCnA8yrGL380G9jKAplFe5AZoF20UImL
         zGSR8RkHm7sS/ZI772E41uEU6J3KuQhW405lucNeN5e55rLeRGve1DSomVibSRe8zEfp
         YeyX5b5IcgLTWf9V5tCX3POZy0EFZvUJz/H47JBpND6MZDQnFqvxK2HLDA9/119+TeKO
         K3xA==
X-Gm-Message-State: AOJu0Ywwz5qn/cQauDqMuJhvF9LWUIOabxE9kYWEq5Xb6UOSHO13dVPg
	6CluhzfWXdn+UH0g8bPniV02G8zK1WfNOPFmFlXJrJmkQCpr2UxSm0cXJ9OIEf6cN4xhnw9bKA=
	=
X-Received: from wmgb4.prod.google.com ([2002:a05:600c:1504:b0:48a:5909:4ec0])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:3b27:b0:48e:7854:1608
 with SMTP id 5b1f17b1804b1-48fe6516b54mr287879475e9.25.1779203917004; Tue, 19
 May 2026 08:18:37 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:27 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2309; i=ardb@kernel.org;
 h=from:subject; bh=UkAnTwiseYdN3aottp779GEWC8HTyTdJGgqvssDeFDs=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7oLF8bs37COMHj7P+n7snJGyv9rm41dMbMS8zptLS
 tXt/7u3o5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExkZRAjQzevZ0Wao2BR6VYx
 Id/GxVnnL9mVyHGzz3i8hW3B1yMN5xj+St4OTmgr/7Gk+JVAuEzcFYW67LpiNmefmmsV5/P5Y/2
 YAA==
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-25-ardb+git@google.com>
Subject: [PATCH v5 10/13] arm64: Move fixmap page tables to end of kernel
 image
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, Kevin Brodsky <kevin.brodsky@arm.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Move the fixmap page tables out of the BSS section, and place them at
the end of the image, right before the init_pg_dir section where some of
the other statically allocated page tables live.

These page tables are currently the only data objects in vmlinux that
are meant to be accessed via the kernel image's linear alias, and so
placing them together allows the remainder of the data/bss section to be
remapped read-only or unmapped entirely.

Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/kernel/vmlinux.lds.S | 10 ++++++++--
 arch/arm64/mm/fixmap.c          |  7 ++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.ld=
s.S
index e1ac876200a3..64c7bf4b7176 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -349,10 +349,16 @@ SECTIONS
 	_edata =3D .;
=20
 	/* start of zero-init region */
-	BSS_SECTION(SBSS_ALIGN, 0, 0)
+	BSS_SECTION(SBSS_ALIGN, 0, PAGE_SIZE)
 	__pi___bss_start =3D __bss_start;
=20
-	. =3D ALIGN(PAGE_SIZE);
+	/* fixmap BSS starts here - preceding data/BSS is omitted from the linear=
 map */
+	.fixmap_pgdir : ALIGN(PAGE_SIZE) {
+		*(.fixmap_bss)
+	}
+	ASSERT(ADDR(.fixmap_pgdir) =3D=3D __bss_stop, ".fixmap_pgdir should follo=
w BSS")
+
+
 	__pi_init_pg_dir =3D .;
 	. +=3D INIT_DIR_SIZE;
 	__pi_init_pg_end =3D .;
diff --git a/arch/arm64/mm/fixmap.c b/arch/arm64/mm/fixmap.c
index c5c5425791da..b649ea1a46e4 100644
--- a/arch/arm64/mm/fixmap.c
+++ b/arch/arm64/mm/fixmap.c
@@ -31,9 +31,10 @@ static_assert(NR_BM_PMD_TABLES =3D=3D 1);
=20
 #define BM_PTE_TABLE_IDX(addr)	__BM_TABLE_IDX(addr, PMD_SHIFT)
=20
-static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __page_aligned_bss;
-static pmd_t bm_pmd[PTRS_PER_PMD] __page_aligned_bss __maybe_unused;
-static pud_t bm_pud[PTRS_PER_PUD] __page_aligned_bss __maybe_unused;
+#define __fixmap_bss	__section(".fixmap_bss") __aligned(PAGE_SIZE)
+static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __fixmap_bss;
+static pmd_t bm_pmd[PTRS_PER_PMD] __fixmap_bss __maybe_unused;
+static pud_t bm_pud[PTRS_PER_PUD] __fixmap_bss __maybe_unused;
=20
 static inline pte_t *fixmap_pte(unsigned long addr)
 {
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com
 [209.85.221.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38581400E03
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:41 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203925; cv=none;
 b=pBZb6b7F32UcjSLEI+sboW7ncsztn/UUIaTzkH+oxM4jvKqVDzKHbWp4619oNeYm8KVCY/1P0ItzN4kz5zhwcAF8s0DQTWaNe0PD5JDSNO3tXKckj6pfkC/lVWV+eL6y+1I3fcM8ixYKexMQKxKdDOCyZwfOcFWQu5tU4HQll2A=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203925; c=relaxed/simple;
	bh=KUfM0kCsvzoV91L7wxPHBXsPFMsGuCcaR7mHuCtnKQM=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=TITzPAWRSzdmUPRsUdiCa/cZQ+4JePsXGp1lSB+v1DROlSghaDhfoZYOUGTlAak/TVEbHRjTmGhB5NkpuV6hZUNl0DnkJwJP7H5YaiAfApLwRnk2rn47OGPspDvqWZEcui8HXWniGtahYX4WLmYv9JeNowSCAAbGCr4jI1mEDz0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=LKlSS0X2; arc=none smtp.client-ip=209.85.221.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="LKlSS0X2"
Received: by mail-wr1-f73.google.com with SMTP id
 ffacd0b85a97d-45e78dd7baaso2549219f8f.0
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203918; x=1779808718;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=PeNX/sq3qAeE+0Jgb2gDcjXZ+vgfMIqyhOsW6MWEq5o=;
        b=LKlSS0X20p8gLRj6FPklGejGgn8SeinNyCjBwlxmRwUifgtB97XoC2xhlOxqZumAho
         TObjTyVhQ6xH++wTqMf6wU5iwRVtjnUSFzGfESSrzuuCVf65eBg6wa4QFYzpXuQKEl/a
         Wo9vzeFyZBtZKXrQsv6feROai17cUVyrRFstWga4Nvpp1b9vptMY2tcftjgREAGLhhD5
         JW5apKcTpYXEwfMmGdYs87qcV13UMM9yCacK/6VuKgUMAn7yFqQ8jFZCgj/uNB/sD7pr
         p7wxr9X6eGwkfrLLmmXzc+cbRl4Kd9UGSN9nAtYydiWJyrnvkr4shxdMPDPeNuC+PDsY
         YFJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203918; x=1779808718;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=PeNX/sq3qAeE+0Jgb2gDcjXZ+vgfMIqyhOsW6MWEq5o=;
        b=N6W7RDgxM0HEG+rq+2h6mbn1ymL0d2dDv1nF7QMkggDuT6zyrKw+kP6EvDxh2JE8nu
         GyTxrKB+GD5yOJJ1thc5MB3GRvnvIm1NonB8/5reS6/0g2tLV/VKLdZtfdNzKpa39GSd
         l13vsdzeR3owNLMluU8pgRYcAAnBo2JDwO1oLJdACwSPg7PP2jDm04p7/mkhiw339TMi
         5JpHRtoyAf1EUEM3jVi+xNTv7RVYA8rvm+ohHNuVllEQ9i2OJUK2hy5NxkU+CfoPZiwA
         mbWrenmbrNMiAEgD6aWBAVU7sg/3WGEg735XsNBJcn7fk2kG3idKb+FezlDcjVF2P7zU
         t4+A==
X-Gm-Message-State: AOJu0YxMvSGKOuBfDVxNXh1pLU3JNLv3S/h4zP6VZlC2iCED0pYkQpnQ
	qz7LiEd4PH5yahZKTrx1lafLts946Uj6RTruOQgRj4QdwWeE9/7uL4qD6wTlG0mZgF7i2JZVCg=
	=
X-Received: from wrvg5.prod.google.com ([2002:a5d:5405:0:b0:45e:75ad:a480])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6000:2dc2:b0:43d:1c4a:37c
 with SMTP id ffacd0b85a97d-45e5c5b39admr32448104f8f.4.1779203918084; Tue, 19
 May 2026 08:18:38 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:28 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2478; i=ardb@kernel.org;
 h=from:subject; bh=MII6/zkHQg51STWxgZiHeZfac7n0lgddhJ/OqCE9V7w=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7tKMjFO7jkszG8aGhd+QSjw303b/L077+SfKAjY8/
 6G1aQ5zRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIzniG/0F3vjE8XuemeP5j
 peqFf91N8ZO/FNi7BhXKyu7ySV6pZM7I0CP+aGHaheKW3W4s3w4K31V9s2v3jofeLfIF7f9+95p
 8ZAMA
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-26-ardb+git@google.com>
Subject: [PATCH v5 11/13] arm64: mm: Don't abuse memblock NOMAP to check for
 overlaps
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the DRAM mapping routines respect existing table mappings and
contiguous block and page mappings, it is no longer needed to fiddle
with the memblock tables to set and clear the NOMAP attribute in order
to omit text and rodata when creating the linear map.

Instead, map the kernel text and rodata alias first with the desired
attributes, so that they will not be remapped later with different
attributes when mapping the memblocks.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 24 +++++++-------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index d4ad9e4766a6..dcff1a538f20 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1148,12 +1148,15 @@ static void __init map_mem(void)
 		flags |=3D NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
=20
 	/*
-	 * Take care not to create a writable alias for the
-	 * read-only text and rodata sections of the kernel image.
-	 * So temporarily mark them as NOMAP to skip mappings in
-	 * the following for-loop
+	 * Map the linear alias of the [_text, __init_begin) interval
+	 * as non-executable now, and remove the write permission in
+	 * mark_linear_text_alias_ro() above (which will be called after
+	 * alternative patching has completed). This makes the contents
+	 * of the region accessible to subsystems such as hibernate,
+	 * but protects it from inadvertent modification or execution.
 	 */
-	memblock_mark_nomap(kernel_start, kernel_end - kernel_start);
+	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
+		       flags);
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
@@ -1165,17 +1168,6 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
-
-	/*
-	 * Map the linear alias of the [_text, __init_begin) interval
-	 * as non-executable now, and remove the write permission in
-	 * mark_linear_text_alias_ro() below (which will be called after
-	 * alternative patching has completed). This makes the contents
-	 * of the region accessible to subsystems such as hibernate,
-	 * but protects it from inadvertent modification or execution.
-	 */
-	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL), 0);
-	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78476407CF0
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203926; cv=none;
 b=DuUiNa/DzHxZOYOUpxxwlY7HEMNucTOib2WvS6DEQgqRLsBacY5sqv/NUg1WQNnLnjgFg1G7dc4ezavPL9zVHjTBfa2d+xd0CmYUAm6z4RgR/BM4yQR/qA2eWnSZ9PCB7OreSYr9kSK0NGlt62DF5eJrBd1rCrpsBFJifi2alWc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203926; c=relaxed/simple;
	bh=UqlZ4sVMNBq3jADPvj71EOWeBmtBvOcuiOCtXpeGEn4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=T1WVrVycgVEcf0SaKbnoBsybLouzZkCR+QIh73nhIb/jgFmidYWMzw0geBEoA9EnpfMGustQ70Psn7zkSUuamefu6oIBiOmrlTUyuSMfgcgyWWYXA9C2u7TAH4nOaOmmKfJ6Tvwm/I8RlCIVf8zOowQIsoK/CFwF5wfzs39h144=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=JObmqfQW; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="JObmqfQW"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-48fda34ed0aso14582255e9.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203919; x=1779808719;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=bEcGnBezuQEwMCEt3W5bYotUgDgNX6KXYvPMaE0362Y=;
        b=JObmqfQWgqwOHX0CK+Kwc6SSj2iVIShI1UfCl5qiyeUkbkwkAs9NFEdR3KTkN2b8NZ
         S3D/Q8CLhoFh0IJt2DPWvyk8nV5k0IzXItaTnHwtg6youGhIWB4SHuU1Y2Pa1iWI055M
         w/+6fe/2oObee7NHlSW68nYMbuUKwdi1yfkPl0nwjXfRaFvvDe09l6UHQuxUmiSHnazj
         idr4aYLcUO7emLOYgL/8kRyNBZIH20R9qSgjBgbD96Iyqy67EMK6zK1l25m4JkMBFIkb
         zXymdBGtTWJBa6qrkRpQJd2ZZjMJjKffOy/+YmRyMLsoqbSXFHv9LVLBTp+ETY0YHotu
         5yxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203919; x=1779808719;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=bEcGnBezuQEwMCEt3W5bYotUgDgNX6KXYvPMaE0362Y=;
        b=htuOdljKxtJbjdHV3y+70ekstFFjgH956Cw2DaNP7Pj8Isx/cVX+qL0rlydNjawPrf
         qNzDabLi5PRxNxnVPLOjW+bhVlRpkynKOTD/r5IyaDgombFjnBFmJ1Q5HtcnbO/tE5Nw
         whWGekLA+V7ef+3z7BoZxNJJfawM9KhTRvJv0y20ktxnH+NLyY44Ow65YHAjr1TCk6Ks
         KfOVVF3hKHfV5S0x287+2RGKA1j7FtGTzQGBzol59j/VcY9uW6Rb4HXrrq3+s0fIdgsd
         4KjQye90rFJEwQXYvjmncXV694vBYtSBEBWr2L6BFzQB4kQfHXoUs64fN8qKGjBJZT7I
         ExtA==
X-Gm-Message-State: AOJu0YyEh8p1zzLIUz/d8EgZAyBQRYjpPG7ACiiFhiNEfITlCalMOkaT
	D5uH+mrBFxdSUeN/gFYmeRKSF3q4k+5xrDpWRSkZeXB56NaUMcp5cHQWKUGjxHinFcI2kfks2g=
	=
X-Received: from wmqu11.prod.google.com ([2002:a05:600c:19cb:b0:489:1a41:9f2])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:6592:b0:48a:557e:6b4f
 with SMTP id 5b1f17b1804b1-48fe62f8861mr324426035e9.23.1779203919263; Tue, 19
 May 2026 08:18:39 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:29 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2420; i=ardb@kernel.org;
 h=from:subject; bh=hpZj9tDbz4ule6SV7Pe9qCHUBgjdBV9xPIuiKyNVEQo=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7rLlscTzvLYmAbbOjevCUpJ7xev0pTvrw3s0BZueZ
 ivtudxRysIgxsUgK6bIIjD777udpydK1TrPkoWZw8oEMoSBi1MAJnL/DyPDH21Z3q7FHTe+b2Y5
 kpVzasa36zIhHIduB3jOl9g38ZiCK8N/x3P33asf13pw90ttVIyeHyVzWv/N67UNyRmxq6ZfUXz
 LCgA=
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-27-ardb+git@google.com>
Subject: [PATCH v5 12/13] arm64: mm: Map the kernel data/bss read-only in the
 linear map
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

On systems where the bootloader adheres to the original arm64 boot
protocol, the placement of the kernel in the physical address space is
highly predictable, and this makes the placement of its linear alias in
the kernel virtual address space equally predictable, given the lack of
randomization of the linear map.

The linear aliases of the kernel text and rodata regions are already
mapped read-only, but the kernel data and bss are mapped read-write in
this region. This is not needed, so map them read-only as well.

Note that the statically allocated kernel page tables do need to be
modifiable via the linear map, so leave these mapped read-write.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index dcff1a538f20..136cfe0f7375 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1122,7 +1122,9 @@ static void __init map_mem(void)
 {
 	static const u64 direct_map_end =3D _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
-	phys_addr_t kernel_end =3D __pa_symbol(__init_begin);
+	phys_addr_t init_begin =3D __pa_symbol(__init_begin);
+	phys_addr_t init_end =3D __pa_symbol(__init_end);
+	phys_addr_t kernel_end =3D __pa_symbol(__bss_stop);
 	phys_addr_t start, end;
 	int flags =3D NO_EXEC_MAPPINGS;
 	u64 i;
@@ -1155,7 +1157,11 @@ static void __init map_mem(void)
 	 * of the region accessible to subsystems such as hibernate,
 	 * but protects it from inadvertent modification or execution.
 	 */
-	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
+	__map_memblock(kernel_start, init_begin, pgprot_tagged(PAGE_KERNEL),
+		       flags);
+
+	/* Map the kernel data/bss so it can be remapped later */
+	__map_memblock(init_end, kernel_end, pgprot_tagged(PAGE_KERNEL),
 		       flags);
=20
 	/* map all the memory banks */
@@ -1168,6 +1174,11 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
+
+	/* Map the kernel data/bss read-only in the linear map */
+	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO, flags);
+	flush_tlb_kernel_range((unsigned long)lm_alias(__init_end),
+			       (unsigned long)lm_alias(__bss_stop));
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.563.g4f69b47b94-goog
From nobody Mon May 25 02:41:54 2026
Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com
 [209.85.221.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C9A43546F4
	for <linux-kernel@vger.kernel.org>; Tue, 19 May 2026 15:18:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779203927; cv=none;
 b=ndPdMofTklFSHfxjGjznJho95RS6WP0qlo3TcnLNzhksJyF8MUzcgqzoFGYsbr57dlOVPioXNgXMGxSWcycV1Z4fECSWLvZkTIwue0qUfFFIOsCZy2igOUzdSg+/XOBB85PMcn05CcmwAqoDA5seVdLDHOPTSgsGF2HTlN2IvDA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779203927; c=relaxed/simple;
	bh=UyRzhGYT2fnW7XluFCtOwRNc7i8xaJcVLvviPxDzCNg=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Ob5c4pg/Gs1xBnW5j0XUcTN8K9HNjGlpR7x6YgvymkjOG7eNfTSbG+6nnNRmzTgFPkDWbBUVBSSvTh89iOszjb2hTMBSSjDsVb2i4WYwWXfX6snnisxX6XYI6P3+xcw5/9RbNIQt5oaqzL+XHFu+ulqnkwvaDMM7B8kEvc6k9BE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=HGWy1UcP; arc=none smtp.client-ip=209.85.221.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="HGWy1UcP"
Received: by mail-wr1-f73.google.com with SMTP id
 ffacd0b85a97d-44ffa15dc8cso2183508f8f.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 19 May 2026 08:18:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1779203921; x=1779808721;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=Qi1oGcfy2F/V9hqGyvfMuBPdpU5/rEAVHW7aQyISR+Q=;
        b=HGWy1UcPIfLskxdiEXieXuBNrGI3ZrH8avdQbBoQ4kxzOjcH9E/VZ/PIcjKRZzWjkQ
         X9n22mfwkZApHHAIdEEdA5fDV6qC/J5z+mj4yk6PQTnuU9mgoeBeyH5AUw9pfnrjliT5
         U9iChO9Wdl3MoFS+dpL3o8LDUW2c1kgrw3vcNAKLDiTlqEZ3QTwYqwQ+twPsvJHaqiHx
         DoMejW0CGj/NDPm5gubkxUbiFDyJM2rClCUBLJVEGPD9r8SG6caIdSTmZ8F5zLt1cW+c
         BMsqioB22AnEmIkTXA89nk9hpN1ET+Ar00N8sLEqpVVcw3yncUcKfYqWM25uQd6GiDuY
         7S+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779203921; x=1779808721;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Qi1oGcfy2F/V9hqGyvfMuBPdpU5/rEAVHW7aQyISR+Q=;
        b=VqY1XvlKKsG/67u6kWXfDPtdfQIJIs2LaSI//7qX64JcVRL4v9YUIBETW4n/ff5WDW
         XONiMPFf68Dczm+ldd2Fmzm8fURJh7BQABerrU3fkPtJ9VPYqwwl5SIDDwPszHTT0p5X
         1+Tirl0CDTm6KFdAKBfeToFzdo2BggAC/ITiPOSLX0u8FbIJD+7Bwi265dyzQjgPZI/D
         dYmW4+lKreWMqVZEXZ7SJjs/yLbMTgPiGYDGBmaZsNnXKpad+/MmBs9lOIkkebuV3xVE
         Q4+JYCt66shreZpXu3Bop69GFrGdSdTLA/IUgRwF+hxUAP419Ztt8/zEbeIZJfTNiVdq
         Fqmw==
X-Gm-Message-State: AOJu0YwHNybEhHHe9mov+emCgwJkwnL2jvGP1qV+noNSJo0nlqgDVVHh
	AA28jbl6joEyC//t020F9S2RLQ4GkgCnmRCLMnYDwuC+/LaQF93DoyDgsStwvlCHC33vtaCP/g=
	=
X-Received: from wrsy5.prod.google.com ([2002:a5d:4ac5:0:b0:439:dad6:4846])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6000:4305:b0:43c:fe66:43ec
 with SMTP id ffacd0b85a97d-45e5c5af3e1mr33968405f8f.14.1779203920289; Tue, 19
 May 2026 08:18:40 -0700 (PDT)
Date: Tue, 19 May 2026 17:16:30 +0200
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260519151616.2557018-15-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3044; i=ardb@kernel.org;
 h=from:subject; bh=osZl6uzkZYEkcghfaazSssjo1b/cuYAKEwUCEYJfinQ=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIYun7uqNOWVWU5/UXRVfylrTJVR488jUvCfS7J8uTnXol
 rv8dKNpRykLgxgXg6yYIovA7L/vdp6eKFXrPEsWZg4rE8gQBi5OAZjIPx+Gfxa3bjaemqQ2QX2i
 +ikrecMj36z+NBrzXBW6mWT11rhKfD4jw9WmHq2SKWv6PLaLbc0reKxz6lHq+tMT8qoXvdRc/Ph
 gHBcA
X-Mailer: git-send-email 2.54.0.563.g4f69b47b94-goog
Message-ID: <20260519151616.2557018-28-ardb+git@google.com>
Subject: [PATCH v5 13/13] arm64: mm: Unmap kernel data/bss entirely from the
 linear map
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Liz Prucka <lizprucka@google.com>,
	Seth Jenkins <sethjenkins@google.com>, Kees Cook <kees@kernel.org>,
	Mike Rapoport <rppt@kernel.org>, David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The linear aliases of the kernel text and rodata are mapped read-only in
the linear map as well. Given that the contents of these regions are
mostly identical to the version in the loadable image, mapping them
read-only and leaving their contents visible is a reasonable hardening
measure.

Data and bss, however, are now also mapped read-only but the contents of
these regions are more likely to contain data that we'd rather not leak.
So let's unmap these entirely in the linear map when the kernel is
running normally.

When going into hibernation or waking up from it, these regions need to
be mapped, so map the region initially, and toggle the valid bit so
map/unmap the region as needed. (While the hibernation snapshot logic
seems able to map inaccessible pages as needed, it currently disregards
non-present pages entirely.)

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 39 +++++++++++++++++---
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 136cfe0f7375..9b6d90deb6d5 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -24,6 +24,7 @@
 #include <linux/mm.h>
 #include <linux/vmalloc.h>
 #include <linux/set_memory.h>
+#include <linux/suspend.h>
 #include <linux/kfence.h>
 #include <linux/pkeys.h>
 #include <linux/mm_inline.h>
@@ -1040,6 +1041,29 @@ static void __init __map_memblock(phys_addr_t start,=
 phys_addr_t end,
 				 end - start, prot, early_pgtable_alloc, flags);
 }
=20
+static void remap_linear_data_alias(bool unmap)
+{
+	set_memory_valid((unsigned long)lm_alias(__init_end),
+			 (unsigned long)(__bss_stop - __init_end) / PAGE_SIZE,
+			 !unmap);
+}
+
+static int arm64_hibernate_pm_notify(struct notifier_block *nb,
+				     unsigned long mode, void *unused)
+{
+	switch (mode) {
+	default:
+		break;
+	case PM_POST_HIBERNATION:
+		remap_linear_data_alias(true);
+		break;
+	case PM_HIBERNATION_PREPARE:
+		remap_linear_data_alias(false);
+		break;
+	}
+	return 0;
+}
+
 void __init mark_linear_text_alias_ro(void)
 {
 	/*
@@ -1048,6 +1072,16 @@ void __init mark_linear_text_alias_ro(void)
 	update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text),
 			    (unsigned long)__init_begin - (unsigned long)_text,
 			    PAGE_KERNEL_RO);
+
+	remap_linear_data_alias(true);
+
+	if (IS_ENABLED(CONFIG_HIBERNATION)) {
+		static struct notifier_block nb =3D {
+			.notifier_call =3D arm64_hibernate_pm_notify
+		};
+
+		register_pm_notifier(&nb);
+	}
 }
=20
 #ifdef CONFIG_KFENCE
@@ -1174,11 +1208,6 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
-
-	/* Map the kernel data/bss read-only in the linear map */
-	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO, flags);
-	flush_tlb_kernel_range((unsigned long)lm_alias(__init_end),
-			       (unsigned long)lm_alias(__bss_stop));
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.563.g4f69b47b94-goog