From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC51C3B2FFD
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066941; cv=none;
 b=uRXcLYv8r7N0qzI/nQ+fW8XOkSg8N5yZGvBkKNgVBUon9QpsgIeH4W61tU1ne2F2wPWKUqnDU3grFNFl3TQFY7bZuPqAR9CKfHUYsZcy+Pent0r/MS09zN5Ac/7V55gNluVcTf74dFOZekM1rXLb6B/h4qRd9eERJK+D2zFtI/M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066941; c=relaxed/simple;
	bh=rbAH8/myfwRfYXMnjtLL+vO7GYgkLXHy3B4fGS4xjLs=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=VYYlyA8qqAWKhd5jI6pCea0Jgh2fgRpNgx+sggxDoWIY4DRNlKk4ThUW4Ms7KxoJXkrkJC5IENyo9g347wzKBgCNINmDuySXRf788pbuPi83phq5z7xlF/tV/MGSluQR+12+isFj3RHhqouhpKtUJ1E9EO0TH7XTg+P+0/aSIgE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ipFcfdj4; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ipFcfdj4"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-49045243094so101656935e9.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066938; x=1780671738;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=ADUQ++mlFIW7e7IV4zrfNK16oe25OrryHFNLylPLx9Q=;
        b=ipFcfdj4gWbwrnCyRQtbhIlhTNJUdxk9foalaJsdvONkIc0NW7pT54m6NU/5VixLcr
         r8RYu2w9fwqjegSuyJGnTReQyhTxfRszXWQsmq+98rawFxuAupNL8YQzx62C+E213bAR
         yLcYs9VBlJkSlljXTwylQr/zRGA86yjftBT2PDfCd3TK38IlSaVCiI99Hg1sgEBUPC2P
         yJqTvKHOP9XbMQ1o1hmCxZFvxRa/y1ET0UomQBijVvVdgqB6qhZlqdIVjF+q+6heMKn9
         AgR+zOAet4k6zrfC/fJpAsPT35JTYvgssdCTgPS7pH+QMRscctsh8BsmlbeB1rNzVslg
         NddQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066938; x=1780671738;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=ADUQ++mlFIW7e7IV4zrfNK16oe25OrryHFNLylPLx9Q=;
        b=Ih8PWcbst+lDrqzCMwbgOx6Patf0+ofuxNQjHdUA9L41W5pmsRE1s8lgW/UNXC5tVe
         +MRoSCgCbxyFaDAT+x362NJctL0hj7+iYpIM/5a6jq+rXW4XPW4nxFROa6qds5P+lQ+j
         S2Wx8TCmZqP78DlwaYOzYj8Zi373bOqs9Hgfl6h3jKk34uMoQXczU55zcmqPsUBVC1Nz
         OOXNxymKKmTfjafmjG4mAv1kM6RJihntHCdEMg2KzKZoP3UrLETDyFq03z8iiYOMsaIq
         6iWKMr9gymmBVqbL1k3zbDFrtEjEp/ur5rqlLwrROlJ3BBrKVncbk3pKNxs68pD/kPGf
         30tg==
X-Gm-Message-State: AOJu0YyXkKf+n5kheJ/0P5qgDLRET861U0LsDV8/EpbcE1JgHs0Hv+eD
	gNFYOMVd5/nIo7/R3ffY+vn4SeEfGbPyQjUrMrRgypw5kCxP6x+Q3pF5hicjcbT+RYET+m5VLg=
	=
X-Received: from wmco20.prod.google.com
 ([2002:a05:600c:a314:b0:48e:9137:b54d])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4616:b0:490:8470:31f7
 with SMTP id 5b1f17b1804b1-4909c0b0175mr35812255e9.20.1780066938306; Fri, 29
 May 2026 08:02:18 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:52 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1021; i=ardb@kernel.org;
 h=from:subject; bh=xJBQ0hvsJWcxX3OF+aBCCahIM1cYmsTmsethYm+trqI=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVcJX97Dz7W+MMlK2LNwkUx18YdWxeHbuRF3RixVzy
 2VZWh91lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIncsWH4K15aydfEzd4bZFBo
 IRJ1wOPhL4sFl+slZr0uKIyeuuzbIoZ/xqFpXiaXjdJOHT9lXb/2g8g/3TdHPNLmFe0v7lp74/s
 mHgA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-18-ardb+git@google.com>
Subject: [PATCH v7 01/15] arm64: mm: Remove bogus stop condition from
 map_mem() loop
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The memblock API guarantees that start is not greater than or equal to
end, so there is no need to test it. And if it were, it is doubtful that
breaking out of the loop would be a reasonable course of action here
(rather than attempting to map the remaining regions)

So let's drop this check.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index dd85e093ffdb..112fa4a3b0eb 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1173,8 +1173,6 @@ static void __init map_mem(pgd_t *pgdp)
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
-		if (start >=3D end)
-			break;
 		/*
 		 * The linear map must allow allocation tags reading/writing
 		 * if MTE is present. Otherwise, it has the same attributes as
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BFC23F1ACF
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066942; cv=none;
 b=HxiEGU4DNkqVDqstG260EsVtRUy1I77ngayiNZUNkia1hMmLLNGO7BltaL6bjKfN9PzHEjm27lEONtD9C1mK2TU0Cm/BcZ5kghbIbUV/2NlEGdOk3FpdCmgQ/DkhZ04eOw2jERNY364xZCxc5yX+b4W7qPow/tucwNn8Ic2CRcs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066942; c=relaxed/simple;
	bh=vxD7TlABQc5YNXy8IgLYLrozgSyvWqQX2jVCpPFJU8g=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=l0/dunpSLPyUJJOjkoi8lxZkT61I6K4YKjyDL//D4OoMalclyjTU0xzJnAQyKR9ZAj4NoEfCp8RPTHJDRyeTMwenfwIUFptRZhf6L928wkdMX0LrMmZJvuxUkOz7H0bbyZTnyp63+gPNqQ+vmXT+n81MCtHd35foVn5EB48dCco=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=VbBIUmdp; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="VbBIUmdp"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-49058e91639so46545765e9.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066940; x=1780671740;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=RHwZV4K/OQyLo87ubxB2N7tui2RqyNeWqpTDKGM1mWQ=;
        b=VbBIUmdpZgOVz9yfJy0u03XE2GOK1RKhnCeBUphANyyrP9pEynPVnIdXDiF5WQNH7h
         JKb0rAiiAPuj0TTH5U1xBMBLk598jVsMpCVeQp/PGD9sRpCxPKxJBNmhDikJfrvkGyci
         EAUXqGMoLDOSSM5/Lo0N8I1kSvT4a0jasa0UB36G4JYjvCxVrVs5LIRtvUDZcDCx0KVy
         980hkTZSsv3enEj2YMXzCemGeIZuoeZfQu6WmABwx4/esuHBLpMv4QEFTbNNYgt3ff6I
         qGn7mxz5nUqHTdcKeSMzb0J7s9MqcXUhmy2lXOS8hPYFhPmeMLuwzdhn3dPo5vz89jKL
         jM7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066940; x=1780671740;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=RHwZV4K/OQyLo87ubxB2N7tui2RqyNeWqpTDKGM1mWQ=;
        b=Uq2k+/9EHS/CXJWrsc390NEof+oactZc9fslCDSpZiQzkcPU2eGDuDz2XeyZ66lc+k
         kByiycH5M7+RZEsFhfKgPpz6c/liR9Xj8+pShtjdxjTxefSOPTBsuYxsTOKgbJznP62B
         N6GuZ8O0J7Z/mHgG2huIyqP3nNx+1b1ixFJXVBBcbGO1rlor6YZDwAdfdZNJDUG5CyNf
         uXdKeEjv5va/bZTj+t5dOXSDgVqMEXZQCPyueWhaG8ZI+1jtPZXJDoeWB2XuD0bu/m2L
         sD5BU5fR3XN+O5kTNfyOfxDmH6S19obHPqCDgk38fAg2y3ls2arj7R41+3nfsJaoNwCR
         EKqA==
X-Gm-Message-State: AOJu0YzKOJQCBRbzFfDDG1kTHoH6u4B+oFdLP8gKH4ewkUSiRn6xz/Jy
	mC7aT6WbDDz5qGhKoAymfIdW1RP/iobSCbmNMBHbkrM5nlNDaDuqbcv7msBiN3BxBLijKpbWcA=
	=
X-Received: from wmbz2.prod.google.com ([2002:a05:600c:c082:b0:490:3d2f:edc])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:828d:b0:490:507c:bdb1
 with SMTP id 5b1f17b1804b1-490a291cbbemr329805e9.15.1780066939649; Fri, 29
 May 2026 08:02:19 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:53 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3439; i=ardb@kernel.org;
 h=from:subject; bh=RVK4+kwUNBzT2vP63qv/oNPK4oNSEDZX2ULcXiZameE=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVeK1gth6p/IV1dd2mU+oVf+4YqKnwbIQxumu9bquP
 Yfu1HZ2lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIncvMPIcGzv+x2vrDJc2eUk
 LtltCDno/Lq1Z7LA5Ge9k44qbfyXuZqR4dqGMNajx9vSleJns73yeprz3enQ4h9HLk24LK1xMO+
 dISMA
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-19-ardb+git@google.com>
Subject: [PATCH v7 02/15] arm64: mm: Drop redundant pgd_t* argument from
 map_mem()
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

__map_memblock() and map_mem() always operate on swapper_pg_dir, so
there is no need to pass around a pgd_t pointer between them.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 25 ++++++++++----------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 112fa4a3b0eb..aa0e2c6435f7 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1035,11 +1035,11 @@ static void update_mapping_prot(phys_addr_t phys, u=
nsigned long virt,
 	flush_tlb_kernel_range(virt, virt + size);
 }
=20
-static void __init __map_memblock(pgd_t *pgdp, phys_addr_t start,
-				  phys_addr_t end, pgprot_t prot, int flags)
+static void __init __map_memblock(phys_addr_t start, phys_addr_t end,
+				  pgprot_t prot, int flags)
 {
-	early_create_pgd_mapping(pgdp, start, __phys_to_virt(start), end - start,
-				 prot, early_pgtable_alloc, flags);
+	early_create_pgd_mapping(swapper_pg_dir, start, __phys_to_virt(start),
+				 end - start, prot, early_pgtable_alloc, flags);
 }
=20
 void __init mark_linear_text_alias_ro(void)
@@ -1087,13 +1087,13 @@ static phys_addr_t __init arm64_kfence_alloc_pool(v=
oid)
 	return kfence_pool;
 }
=20
-static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool, pgd_t *p=
gdp)
+static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool)
 {
 	if (!kfence_pool)
 		return;
=20
 	/* KFENCE pool needs page-level mapping. */
-	__map_memblock(pgdp, kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
+	__map_memblock(kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
 			pgprot_tagged(PAGE_KERNEL),
 			NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kfence_pool, KFENCE_POOL_SIZE);
@@ -1129,11 +1129,11 @@ bool arch_kfence_init_pool(void)
 #else /* CONFIG_KFENCE */
=20
 static inline phys_addr_t arm64_kfence_alloc_pool(void) { return 0; }
-static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool, pgd_t *p=
gdp) { }
+static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool) { }
=20
 #endif /* CONFIG_KFENCE */
=20
-static void __init map_mem(pgd_t *pgdp)
+static void __init map_mem(void)
 {
 	static const u64 direct_map_end =3D _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
@@ -1178,7 +1178,7 @@ static void __init map_mem(pgd_t *pgdp)
 		 * if MTE is present. Otherwise, it has the same attributes as
 		 * PAGE_KERNEL.
 		 */
-		__map_memblock(pgdp, start, end, pgprot_tagged(PAGE_KERNEL),
+		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
=20
@@ -1192,10 +1192,9 @@ static void __init map_mem(pgd_t *pgdp)
 	 * Note that contiguous mappings cannot be remapped in this way,
 	 * so we should avoid them here.
 	 */
-	__map_memblock(pgdp, kernel_start, kernel_end,
-		       PAGE_KERNEL, NO_CONT_MAPPINGS);
+	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
-	arm64_kfence_map_pool(early_kfence_pool, pgdp);
+	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
 void mark_rodata_ro(void)
@@ -1417,7 +1416,7 @@ static void __init create_idmap(void)
=20
 void __init paging_init(void)
 {
-	map_mem(swapper_pg_dir);
+	map_mem();
=20
 	memblock_allow_resize();
=20
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 989143F23C5
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066944; cv=none;
 b=uEskOReI+U+t9Ps7eNOR5GUOvCHTzgGRxJOoTSjm2MfOsQT8iih2idv2vzm11whdb6NF1XonaczKDVitB5o0VSKui1/K4otMDa5JdqKie9thKTMe26OD/zzn7miuEb6Eltt/jfsdjzbNFT2J+zr9GGXS7xElHbElexumChia2Gs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066944; c=relaxed/simple;
	bh=emiPSkc5kq8Ky8pUT11zWkfNXnzxzu2xwOZVFKgqaqo=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=GNqHnPk0ocggjw23M9WVg4rkeAUbBrtNmpI3zu0mzaXjDZguDOAH9794oJKl5lPlsz1tNESr7Q5fw42RiL84m0A4tSxfrG6cwrIRj0hNGIQVedLQrxIIXY7FlGzeBIBaPR0TCErNvD2PQ0slzI5DxmZEGPknEklkINiiExrsxh8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=LchDk342; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="LchDk342"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-49049100a40so49097645e9.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066941; x=1780671741;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=U/mwSEvShIHWF2QZpE0iwPRub+uC5Pg2lSQX62+z6MM=;
        b=LchDk342FT5+TG0vRfl7lYPAibY+1oTeN2E7mUMWToHrc916Dj4NTAmVmxhl1hT1h8
         kDwK+hZr4alasKBsCqOlMvqLRbCVDs7qKesTQVz60rIgh5aSLVvAIe3QEsvZSzLJDT0B
         Ry/bZWYKY91d9XDfdbzy+gwSyKxHJPLqqpg0/LH5K5M7zhnSIXouNGKV2StnTMPlv9lL
         cC1XexNBWldyCkl/4gOFa2G4vf/Qyyc6+RAIGaUEXVQjen1YYoETPSau7qQ77VjKVGgj
         LTEpzgR5oAjBWwaJuD//gGcXNuW0aOAhTltFGxvPq1rz90kfI4ckduLWEOVNxK6O4x9+
         nweg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066941; x=1780671741;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=U/mwSEvShIHWF2QZpE0iwPRub+uC5Pg2lSQX62+z6MM=;
        b=XYHrz1WktMIG66mWTNB6Pvl//uDs+j36CpT+Uv+IyOeyrKgRt86fz5ZOAk9efOzWSv
         a1pnPI/eSordhzgSpHzZVK9LtiTfP98L4YfqDHdwgtwdJ5bdXf9p5QTcFj/T7a48r8+1
         y+oEEVmuMBxn0h5urQBYEnAIHR755+wO6H/JccEokorO8gR/niEktyLqzGbxmIWXcdPO
         roRzw7LhPpKTVRcu3VQMlgszCF/5pyahgQ49HI6qa9T2e7ciw1w4F/9KI4c8a63d01r0
         kw+DIOEbC7HOhDuMQFo8wLlif7cUe447Jq45J/H/DZ8xcowoxEj93j1cS8wy38JDDfkf
         9V5Q==
X-Gm-Message-State: AOJu0Yy5U+xMNKe2PhhS6iSdb7qxgnuCtKRSATq1X62yxdx2BMDuZNb3
	eExG208SFBaiBziOCwhbqst7/yqRJjEXAu/DqinzW3GNvPETmCe7nPL0cuQmW73tZTehM3IDEQ=
	=
X-Received: from wmos19.prod.google.com
 ([2002:a05:600c:45d3:b0:48a:6a1b:6c3b])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:e489:20b0:490:6869:46c6
 with SMTP id 5b1f17b1804b1-4909c0c3aa4mr45310045e9.31.1780066940967; Fri, 29
 May 2026 08:02:20 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:54 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2121; i=ardb@kernel.org;
 h=from:subject; bh=bTKeTgp6cCkzZ1W18Sd9Cjl54RAT9moCkecsCk8B5PI=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVRLb9epvd/g6Z6nXCMU1XxDqFp7StynL770hk8KPC
 3fVkv52lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIm42DP8T+QPDuZ5kJNY4Fq0
 fndHhtCalPXbZGdn3574zC/PNP3pckaG3SKqFZWbT0T+XSk3T86mOHw7v2nxfgWXR9PW1P5ftia
 AFQA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-20-ardb+git@google.com>
Subject: [PATCH v7 03/15] arm64: mm: Check for pud_/pmd_set_huge() failures on
 kernel mappings
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Sashiko reports:

| If pmd_set_huge() rejects an unsafe page table transition (such as
| mapping a different physical address over an existing block mapping),
| it returns 0 and leaves the page table entry unmodified.
|
| Because *pmdp remains unmodified, READ_ONCE(pmd_val(*pmdp)) will equal
| pmd_val(old_pmd). The transition from old_pmd to old_pmd is evaluated
| as safe by pgattr_change_is_safe(), so the BUG_ON never triggers.
|
| This allows invalid and unsafe mapping updates to be silently dropped
| instead of panicking, leaving stale memory mappings active while the
| caller assumes the update was successful.

The same applies to pud_set_huge() in alloc_init_pud().

Given how it is generally preferred to limp on rather than blow up the
system if an unexpected condition such as this one occurs, and the fact
that there are no known cases where this disparity results in real
problems, let's WARN on these failures rather than BUG, allowing the
system to survive to the point where it can actually report them.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index aa0e2c6435f7..b2ba5b35c35f 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -257,7 +257,7 @@ static int init_pmd(pmd_t *pmdp, unsigned long addr, un=
signed long end,
 		/* try section mapping first */
 		if (((addr | next | phys) & ~PMD_MASK) =3D=3D 0 &&
 		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
-			pmd_set_huge(pmdp, phys, prot);
+			WARN_ON(!pmd_set_huge(pmdp, phys, prot));
=20
 			/*
 			 * After the PMD entry has been populated once, we
@@ -380,7 +380,7 @@ static int alloc_init_pud(p4d_t *p4dp, unsigned long ad=
dr, unsigned long end,
 		if (pud_sect_supported() &&
 		   ((addr | next | phys) & ~PUD_MASK) =3D=3D 0 &&
 		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
-			pud_set_huge(pudp, phys, prot);
+			WARN_ON(!pud_set_huge(pudp, phys, prot));
=20
 			/*
 			 * After the PUD entry has been populated once, we
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E23F73F44CF
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066945; cv=none;
 b=FIwPsnwjlFjgDjg3HUBQPUjGtvW47YmUJ3zEXe1iobvexQ0gk9tgOCLYx93twt3Iz67fb8BnizjKpVPlhVgLmrgIREu8G6r2jobmAJadXtiX4NjunSxeeKLLTO6sc+96IWA4GZv9OhEXW0YhLH848a7eT4y19NfJGCaR+xjmYQU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066945; c=relaxed/simple;
	bh=MK4il/RyXbeZqS4oUFS19K5ZKkdBSMDJph3YVgjuPuE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=DZlWeYPaotwySY7g8g5S4uUQx/RNgCxpVPAUtPq4xE7qSP9V5rtHCHdVCQDTMbzQvg2WSn6wk4+bSdQlXTbDpebIw9uyBJ4hT0EEkyAnYTUGl2AaON92/5CFIQNcCu2qCaAu4HBptc6p2mbipw5Np0o3UTMk5k6hBGQ6EmTye0M=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=tCcGjhYR; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="tCcGjhYR"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-4905428aad6so54769135e9.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066942; x=1780671742;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=9SMbp+4SpJBPuSW3tE55txpooI4fjODhC3THY1otv5g=;
        b=tCcGjhYRpAgjs9ZQlg5nTj4fwuIXRojXh2ckb8TsgT25viMsROlKb2ET0dIeogpNHy
         0Ed5eSypvv8tNy/NzP8eZJMUZ/tOEpkb02mQ6lKKC3VWEKMwGbkeN2Qy+ffJiKwpn9i6
         e8BgJKUhJ/YPmn7X2t0EKM3SBRUodNbVo6Me+A/1BuGCudiIJFcxdol4JhAyoS8EsABp
         9zCX1PywkLAhGtHTXVAjUdAypNSeXM5PbDyZishE+kUW0mFfzDuPm/ZZMbi9Cw9RBaV7
         RSizPmAv6XaGhiPxXJAs1E1a/mHSkUOJZ2g83YopW3mEeDCPjAugnK3r5fbgr3BvSpTr
         75KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066942; x=1780671742;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=9SMbp+4SpJBPuSW3tE55txpooI4fjODhC3THY1otv5g=;
        b=b4bUhano+vWRASpJXtZBEFnxEr6dby8WnPDcgaOzG9EUMSSnRmshwfUGZnmaz6RiA1
         lRCu6y18MtI8GtiPt8TP+HS3TXgz5HgjwLzwxtucctESgdiNiEeFTa26TMBPT8UwuGCQ
         y1uhe4fdIK6npFnwL565WmgnDa7uoIf8HGZkKZ3k68jbdASSCs5TyWAwfNOoEaymu/U7
         Pwr8CrOWa4/leQhEwy2nN4wA/QE3IiqbfyQe8Ui7MkxyeWKqz1wu8udd7wRDZbKyqdc1
         iCZK7nP/tq1gHhg+N5UxgCgYrwcJjFkrrQgv+5zp/CjZ7ml8GiO+ImHa5P30cOxEpjgA
         JrIQ==
X-Gm-Message-State: AOJu0Yy+p3nZ9+T3uL94mvIm3LWMEpnPBhEE2Db9UD1xO0pECvUsep9m
	7f8djb08LvMjojJ1m4bKN60homDUJ5wiD4ufXF88wbccXtre4eLKkxnTeCxTStDbmoEZJOy1mw=
	=
X-Received: from wrna16.prod.google.com ([2002:adf:e5d0:0:b0:43f:df99:cb43])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6000:b05:b0:45e:e3ea:1101
 with SMTP id ffacd0b85a97d-45ef6b3a9d3mr250438f8f.17.1780066942102; Fri, 29
 May 2026 08:02:22 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:55 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1360; i=ardb@kernel.org;
 h=from:subject; bh=zgVblspip5ZINNAWS3J63kCjniwJXU0OYP5r0DXGxEI=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVfJJkczPYfGm/hd8+FL02y7q1vnc3l5lLz2B/bWeR
 ZyU8q+OUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJGrFxn+e55rMk6KmS+o8qjx
 TFPydss+tp/hHKtbs3vkHc/PO8RoyvA/WrE+UfB50QXpS/Hr3nSqW/oxK2XsCGS8dSmZxXNHTQs
 /AA==
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-21-ardb+git@google.com>
Subject: [PATCH v7 04/15] arm64: mm: Preserve existing table mappings when
 mapping DRAM
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of blindly overwriting an existing table entry when mapping DRAM
regions, take care not to replace a pre-existing table entry with a
block entry. This permits the logic of mapping the kernel's linear alias
to be simplified in a subsequent patch.

Reviewed-by: Ryan Roberts <ryan.roberts@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index b2ba5b35c35f..5c827fa3cd38 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -256,7 +256,8 @@ static int init_pmd(pmd_t *pmdp, unsigned long addr, un=
signed long end,
=20
 		/* try section mapping first */
 		if (((addr | next | phys) & ~PMD_MASK) =3D=3D 0 &&
-		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
+		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0 &&
+		    !pmd_table(old_pmd)) {
 			WARN_ON(!pmd_set_huge(pmdp, phys, prot));
=20
 			/*
@@ -379,7 +380,8 @@ static int alloc_init_pud(p4d_t *p4dp, unsigned long ad=
dr, unsigned long end,
 		 */
 		if (pud_sect_supported() &&
 		   ((addr | next | phys) & ~PUD_MASK) =3D=3D 0 &&
-		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0) {
+		    (flags & NO_BLOCK_MAPPINGS) =3D=3D 0 &&
+		    !pud_table(old_pud)) {
 			WARN_ON(!pud_set_huge(pudp, phys, prot));
=20
 			/*
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E06593F44FC
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066946; cv=none;
 b=jMV/5BZgkBgljtKQienU9udk2rmCQofEsny1JU6TtdF+B7v5k3kIJN4iWjARaCqWxJVPuvAPP48Fio7eBk0d3QExYwKsQsqhyyEzdvXYLyytkGSMdU1chwnv8G6Ox7JSMgRZBjwV/0kdORzXIr2kUIR4dQsaYPtL9rR7c9mTkLI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066946; c=relaxed/simple;
	bh=mefb2BUpeFYk0zitvgHd6k235xD5JCNkHqkPJ1oqbQ4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=nl0JnC91yU5UUqyY/f6UOMflDDwIxgjKRnLUw16SfUyz22YPXaHZLZXTfKN/XWgZIlMrjlNMMSX1OiRjLA8rwDu+6HU7BcbD2B7N68HE6DXattJHOyumQI797sj11dQbzl6Zeb8S2D8lVJ/F0heFCC6pASVDI3iRJq+xmkWvj/o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=q2Q3Eg4K; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="q2Q3Eg4K"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4909ea0ffbeso5026485e9.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066943; x=1780671743;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=KwwWx+36ZO5AyFG8PbXK1ZtkzsCWR7UH7LxbrRw2oLU=;
        b=q2Q3Eg4KOZRi4Mp+FIJLB+bqZ14qM0lFu9GH+AkydSRmfG0r7mSIxAW/C7gyTtpJQG
         yojp8GJRX0S2GsbY7n3x2HeLY72jeSPCSd0ht0KVs1p5FBm90QnrLv9vmkYGZJ9x7ip3
         5A0jpBkr6SjoUQifiyB08lQHkudgEkfTyDC+enAIDhyOJN9hCJX2ZRu6UK9/4WCO8bEt
         23xtMp/xojDyATJeZPEpOwbUItMrddVhGGMks1VulfsYO4cfW9/XcLK07vhDLN4Y7CWI
         9soqnIjQjOhQwqdA8GbqVf9exT9Rn4o1Xy5HEA/DyOCWtQ0D4sg3h33OCOVU10urQG2N
         nfvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066943; x=1780671743;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=KwwWx+36ZO5AyFG8PbXK1ZtkzsCWR7UH7LxbrRw2oLU=;
        b=Qbn/kW+XNXWtzC2l0xA6h2S+XfPtlIrQtUwXMjqC/T1SXVbDSgCMAc3JjeZLikGrDH
         BLoaPbW/adX1x9wcibAGrPmyFkmbiErujPa+g1FHjuvQS7xAxf968nGC8iJ65gHR224o
         IkKU4BKvpc3sqoRT8y83tZD6EErKa8GAcR4PeANFvkA4HobbUGZbNbCHxELIWPHCQZtp
         vmuzTnXdfsOjvE1j6SjTwCj6/yb37oDa2L501r/X+h4By0FWk0I4wM0RLAOE00VGTgYE
         XIG3jPtBRTRBGSa0IZNdsELOQ7/eB4eAsSGH4+JPIqYWTDe+KrVlUcJJ9ZOCCRILbpRD
         bvgA==
X-Gm-Message-State: AOJu0YzXd9rrIhmbNnX+Q5uMG2ad83SA6Nsn8RnJsJkqSn16L70sFrV1
	SePg3LgmNTNIlA8VgYgL+oBpot83xWYyYWos/QjVsVd1MPURhZSLDfgseTLuXKQfxWe1YNAlVA=
	=
X-Received: from wmbiv7.prod.google.com
 ([2002:a05:600c:5487:b0:48f:de29:3f52])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:2313:b0:490:6237:5213
 with SMTP id 5b1f17b1804b1-4909c0af69cmr42420765e9.23.1780066943345; Fri, 29
 May 2026 08:02:23 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:56 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3700; i=ardb@kernel.org;
 h=from:subject; bh=JEV2e9VnURwytUBvbY/jPf+EEXewGZ41iq/e9jE9rQo=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVap1rG3Fm6CS7u4UZS4lT7Z9HxxXNudcEuL6naq74
 afp7KCOUhYGMS4GWTFFFoHZf9/tPD1RqtZ5lizMHFYmkCEMXJwCMJGPCgx/uKQ8e8xyJPt5JLP2
 bi5SltRnOvLycG3KFEeBXT7tu08rMTKsXffM79eljW7bhWbvntV0WFru9cWYiprdF6/MlLIvbk5
 kAAA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-22-ardb+git@google.com>
Subject: [PATCH v7 05/15] arm64: mm: Preserve non-contiguous descriptors when
 mapping DRAM
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Instead of blindly overwriting existing live entries regardless of the
value of their contiguous bit when mapping DRAM regions at
contiguous-hint granularity, check whether the contiguous region in
question contains any valid descriptors that have the contiguous bit
cleared, and in that case, leave the contiguous bit unset on the entire
region. This permits the logic of mapping the kernel's linear alias to
be simplified in a subsequent patch.

Note that this can only result in a misprogrammed contiguous bit (as per
ARM ARM RNGLXZ) if the region in question already contains a mix of
valid contiguous and valid non-contiguous descriptors, in which case it
was already misprogrammed to begin with.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/include/asm/pgtable.h |  4 ++++
 arch/arm64/mm/mmu.c              | 22 ++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgta=
ble.h
index 4dfa42b7d053..a1c5894332d9 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -181,6 +181,10 @@ static inline pteval_t __phys_to_pte_val(phys_addr_t p=
hys)
  * Returns true if the pte is valid and has the contiguous bit set.
  */
 #define pte_valid_cont(pte)	(pte_valid(pte) && pte_cont(pte))
+/*
+ * Returns true if the pte is valid and has the contiguous bit cleared.
+ */
+#define pte_valid_noncont(pte)	(pte_valid(pte) && !pte_cont(pte))
 /*
  * Could the pte be present in the TLB? We must check mm_tlb_flush_pending
  * so that we don't erroneously return false for pages that have been
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 5c827fa3cd38..6b42d724bd1b 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -187,6 +187,14 @@ static void init_pte(pte_t *ptep, unsigned long addr, =
unsigned long end,
 	} while (ptep++, addr +=3D PAGE_SIZE, addr !=3D end);
 }
=20
+static bool pte_range_has_valid_noncont(pte_t *ptep)
+{
+	for (int i =3D 0; i < CONT_PTES; i++)
+		if (pte_valid_noncont(__ptep_get(&ptep[i])))
+			return true;
+	return false;
+}
+
 static int alloc_init_cont_pte(pmd_t *pmdp, unsigned long addr,
 			       unsigned long end, phys_addr_t phys,
 			       pgprot_t prot,
@@ -224,7 +232,8 @@ static int alloc_init_cont_pte(pmd_t *pmdp, unsigned lo=
ng addr,
=20
 		/* use a contiguous mapping if the range is suitably aligned */
 		if ((((addr | next | phys) & ~CONT_PTE_MASK) =3D=3D 0) &&
-		    (flags & NO_CONT_MAPPINGS) =3D=3D 0)
+		    (flags & NO_CONT_MAPPINGS) =3D=3D 0 &&
+		    !pte_range_has_valid_noncont(ptep))
 			__prot =3D __pgprot(pgprot_val(prot) | PTE_CONT);
=20
 		init_pte(ptep, addr, next, phys, __prot);
@@ -283,6 +292,14 @@ static int init_pmd(pmd_t *pmdp, unsigned long addr, u=
nsigned long end,
 	return 0;
 }
=20
+static bool pmd_range_has_valid_noncont(pmd_t *pmdp)
+{
+	for (int i =3D 0; i < CONT_PMDS; i++)
+		if (pte_valid_noncont(pmd_pte(READ_ONCE(pmdp[i]))))
+			return true;
+	return false;
+}
+
 static int alloc_init_cont_pmd(pud_t *pudp, unsigned long addr,
 			       unsigned long end, phys_addr_t phys,
 			       pgprot_t prot,
@@ -324,7 +341,8 @@ static int alloc_init_cont_pmd(pud_t *pudp, unsigned lo=
ng addr,
=20
 		/* use a contiguous mapping if the range is suitably aligned */
 		if ((((addr | next | phys) & ~CONT_PMD_MASK) =3D=3D 0) &&
-		    (flags & NO_CONT_MAPPINGS) =3D=3D 0)
+		    (flags & NO_CONT_MAPPINGS) =3D=3D 0 &&
+		    !pmd_range_has_valid_noncont(pmdp))
 			__prot =3D __pgprot(pgprot_val(prot) | PTE_CONT);
=20
 		ret =3D init_pmd(pmdp, addr, next, phys, __prot, pgtable_alloc, flags);
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E22653F4DFB
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066947; cv=none;
 b=lNDzjiD3lGRGd8FeqUu6z5r1xnJt93a7lo9kFK1vLMiF1nVNJ4Ip1YtmKlBE4aAWE4zoQaH1Ybse4OtvaD5h8cRNu8DxcT3cWeAjA2/iwlFJCCVzusnM+/WsQibqnFPY9o+1FSfICN+DxdQKqhFg/D60QIcGq2Y462XRIftOsk8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066947; c=relaxed/simple;
	bh=4xQdV5XtQmtevKnSBlhcrGlUsurlYKlfMGs9sPmwYVE=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=op4wR9GKHya8ON+TYS77FNQmd2/ZtdCTBWwTfGXSQPtv9r9d8x4bZk93QGtNE7eGC0hEOljC7r+VqvraLCWkVl6NjauTeJTbYCDOfIqPWNfTnyygJH8Afd5hoxrZ1zJUvB28nn4J7GB5uLioLLHW7UDE3e/aAWqCDdhCGNK35CI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=iKNZK2WY; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="iKNZK2WY"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4909c0f0ba2so6454115e9.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066944; x=1780671744;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=jiyjEGpnno65e28CupjUd9OJcNW9bWS5umqxs4/DfeA=;
        b=iKNZK2WYm4q6bLi536240S4EfrGCmw2Z5w+TDIe1LCYKftHNdh9PFVThZHRu2lgGf4
         nfoRhLn7HBbPUGh8FfrTC41YxMku246Xd+n7VGpPt1+Tc7QKuTPYmedrmaZipw+RUrms
         gP/SfXaBLt9nvi9BBmo5/HyTRcpdDvwltB9z7FgB7B9MJXdqHF2vpBunDSDlxHqfqwjm
         ZHb/OOdNbwgomMaxq+pxLSmlUwDeMEEdqHBE/KrgCnL5nc4bwaG2OizhX9tMvtPsVYli
         99EGCjGro2cnt2APMhBd5+3jBjGAcmXuWGCAal64Zbswq1YqvAcCV/DKCIEaVk/y8WyO
         4/yw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066944; x=1780671744;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=jiyjEGpnno65e28CupjUd9OJcNW9bWS5umqxs4/DfeA=;
        b=ovwj7TRK4uSwmXXaDUHBMXsyA6a+0t7BJXtcu9KQGgc2OqS0Xs5zOvD7odYATg5M7F
         orrxox7LWpenN09N3PPCgCAxxTuI5SAKT1iSZ9cudM3LTD3adgaxyrjRcjKMbczqixyY
         IK/la+3giAzlEwdvIpaeUGnbcmMxJCi0CSRbV2jZ09VglMfCzcTzxzmWmyCmUte/2NVU
         CPuISLl+PKzwkkUaJSRO+OM+HdE3mu9HprRP9SLgPX2D3LmmgIMF0U+44/lft5WgH2vC
         bzNP3Q7vydDj67YP+cXd5doxRKVJSmmPWJ4WeMxh06flOI0ZtCgdt4vzzctt1tKl7IDn
         drcQ==
X-Gm-Message-State: AOJu0YxXOGIL3EK2Dtj0rXL04nj5niOq6oJsaBXYENI6EGYvp86CjzK5
	9iDEER0uMKPqKaR93tzvrsdM0/ZfOvF9DDWcCKanl+WbzNEtCHTUcrKipnTlv/Ijqa9107blYg=
	=
X-Received: from wmbgx19.prod.google.com
 ([2002:a05:600c:8593:b0:489:1d25:1a63])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:a315:b0:490:53d3:4767
 with SMTP id 5b1f17b1804b1-490a2912114mr284275e9.7.1780066944330; Fri, 29 May
 2026 08:02:24 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:57 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1543; i=ardb@kernel.org;
 h=from:subject; bh=aFPaV3eZRwZbfRuJcOVglMiqpjLOoyYLSair5CgEE90=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVZr0Ro45KbG/U3TOPQvc7JNkwC0kaWy1cjWvuuPuw
 kXLLSd0lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgInMk2T4Z7Hw4UF3Zx6hsg1W
 SuvzdNwYJPwFeT9LdVbN/bJSSk70NCPDCQPV3OWP9bYd/e+4xmP7gWzbOV2yZp1zagvtpm/ydwp
 nBwA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-23-ardb+git@google.com>
Subject: [PATCH v7 06/15] arm64: mm: Permit contiguous descriptors to be
 manipulated
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Currently, pgattr_change_is_safe() is overly pedantic when it comes to
descriptors with the contiguous hint attribute set, as it rejects
assignments even if the old and the new value are the same.

In fact, as per ARM ARM RJQQTC, manipulating descriptors with the
contiguous bit set is safe as long as the bit itself does not change
value, in the sense that no TLB conflict aborts or other exceptions may
be raised as a result. Inconsistent permission attributes within the
contiguous region may result in any of the alternatives to be taken to
apply to the entire region, which might be a programming error, but it
does not constitute an unsafe manipulation in terms of what
pgattr_change_is_safe() is intended to detect.

So drop the special PTE_CONT check, but still omit PTE_CONT from 'mask'
so that modifying the bit is still regarded as unsafe.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 6b42d724bd1b..d7a6991e1844 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -134,10 +134,6 @@ bool pgattr_change_is_safe(pteval_t old, pteval_t new)
 	if (pte_pfn(__pte(old)) !=3D pte_pfn(__pte(new)))
 		return false;
=20
-	/* live contiguous mappings may not be manipulated at all */
-	if ((old | new) & PTE_CONT)
-		return false;
-
 	/* Transitioning from Non-Global to Global is unsafe */
 	if (old & ~new & PTE_NG)
 		return false;
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6141E3F58EB
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066948; cv=none;
 b=GmjhZ+306JaZS/Teoct8xMHPV0ZAEPLC7LqieLhiVMPgbuAyTTn6q74aHNeCCxIO60CJiUNyu5hgDl9RLiE6Uoy/xIRTEXJI7eaY7dsH/NKkvqEYRyoMqzxebMFTGpxgRrh6FXiATZ5C6i1a93182/50zh7QQJ3RLhDaxrWojLE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066948; c=relaxed/simple;
	bh=QZHO0pZD18AYfEmFI8vyJkxjLAGI+yqhpM3OrcSDWYM=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=sVeA1+UuS5CwEggDBx0MqR/I3CpJW66wNmbAWDOywXxxWXVvHiH+elzkc03prX38nLr8RfKRiFyPpSh17obxnYOgsJDBeQdFCvaQVDTYsyulKN5A10cCCbV1LfJvXddD2MMvPO6O+2PfJ6LuoOHhUmEc9i0yIn+SRw6IlHFMws0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=p0NHYy62; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="p0NHYy62"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-490479c2911so83324815e9.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066946; x=1780671746;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=uCoU+OqdPKjZv36ACGpsB/y/JO/SUTxBEuaSym4ONwQ=;
        b=p0NHYy62+8E3RqeR7HSqzjcW99UD32/y8oacNwdSGWDVFcbhjdds5dNw/mZHLX4kAw
         wUlER/VHaheUPO+SvsGJNN/MuO0r35SChkBIc62xXwtMEuvAaFK+RkFPZZ9KGwpnT5tN
         FHprFTDI+IoylwBuC/sgiT9WSnKuBGC90QqO6vnXLB2ozqLnID8QmBxSk3gOVclSIlxc
         l5DxsBRK/s4DUll3ESK3BeyYwlah9VVMQyoi1yiV7reXsRyQP9hB9B0s2/Ap8SH+0bHr
         qEvt8SwxrRNgxfUiZ8FaklVGUNdzPbJnXu3G0b7GAflCIs/zkYQ1nUvGop87fxsBVwky
         BKag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066946; x=1780671746;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=uCoU+OqdPKjZv36ACGpsB/y/JO/SUTxBEuaSym4ONwQ=;
        b=Zkmie1Atd58HLB1r5b3DER6JsX3HdrPA1LqhnVAOujEUuFSy1cMH8tm/0GU3PcjxSS
         W8sPswDqJjR9g4c1oKLrnOJ3IAccxgg+xxSaAvDRYO0fDq4R0Z/+Vy3RToKbnI8wSp7D
         gpsDl2PwpjXc1FvQ335hMBVIFPvg+OG8z+oXMb5OsFDURouVM4xw4rrxCLe+qTv2xvur
         nOC8MynPwt15KniHlpbVpzw8guOjlwkdoDurbmtjM+hRu1PBB+meCc71pFRdvadpY+KN
         j+A5w5HE21PLH69zUS49C94KXkoV6x24/FzgTE52zx1MC8ngDjjnVSrwlA2FWTvNczTA
         bxaw==
X-Gm-Message-State: AOJu0Yw7ayRd2nsbzYPkoPX+9nVgjzzEMULiv7ySH+dKEnZoDEnUiVcg
	GmvzX/uD5R8dzZG2WrheGDbsg4cQV2OK97NodAQp5moSj8oYyGTsxUPWZLkfC+s6c5hMY1O1ww=
	=
X-Received: from wrmj18.prod.google.com ([2002:adf:e512:0:b0:45e:e492:5442])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:c3cc:20b0:48f:d5b2:7c42
 with SMTP id 5b1f17b1804b1-4909c0b3407mr46324775e9.17.1780066945605; Fri, 29
 May 2026 08:02:25 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:58 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3345; i=ardb@kernel.org;
 h=from:subject; bh=rMwJ7nJEkWuFVb2g2PkvQNTUrTu6Td3Xh3QWQo7SqgA=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVXqXnoyd+bugGevMve7XfXSUYDy66PR9M/aLkzVbX
 p2pPhPVUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZyMoGR4ftyuXTZZXPnLH8h
 GixVcqWVUTT36gvPhyW+7FMbBCYlHmdkmHBv/+orSg1td3qYcmOUt24wv3i7fwlXUYFT1dq0heu
 t2AE=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-24-ardb+git@google.com>
Subject: [PATCH v7 07/15] arm64: kfence: Avoid NOMAP tricks when mapping the
 early pool
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the map_mem() routines respect existing page mappings and
contiguous granule sized blocks with the contiguous bit cleared, there
is no longer a reason to play tricks with the memblock NOMAP attribute.

Instead, the kfence pool can be allocated and mapped with page
granularity first, and this granularity will be respected when the rest
of DRAM is mapped later, even if block and contiguous mappings are
allowed for the remainder of those mappings.

Add the NO_EXEC_MAPPINGS flag to ensure that hierarchical XN attributes
are set on the intermediate page tables that are allocated when mapping
the pool.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
---
 arch/arm64/mm/mmu.c | 27 +++++---------------
 1 file changed, 6 insertions(+), 21 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index d7a6991e1844..cdf8b3510229 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1083,36 +1083,24 @@ static int __init parse_kfence_early_init(char *arg)
 }
 early_param("kfence.sample_interval", parse_kfence_early_init);
=20
-static phys_addr_t __init arm64_kfence_alloc_pool(void)
+static void __init arm64_kfence_map_pool(void)
 {
 	phys_addr_t kfence_pool;
=20
 	if (!kfence_early_init)
-		return 0;
+		return;
=20
 	kfence_pool =3D memblock_phys_alloc(KFENCE_POOL_SIZE, PAGE_SIZE);
 	if (!kfence_pool) {
 		pr_err("failed to allocate kfence pool\n");
 		kfence_early_init =3D false;
-		return 0;
-	}
-
-	/* Temporarily mark as NOMAP. */
-	memblock_mark_nomap(kfence_pool, KFENCE_POOL_SIZE);
-
-	return kfence_pool;
-}
-
-static void __init arm64_kfence_map_pool(phys_addr_t kfence_pool)
-{
-	if (!kfence_pool)
 		return;
+	}
=20
 	/* KFENCE pool needs page-level mapping. */
 	__map_memblock(kfence_pool, kfence_pool + KFENCE_POOL_SIZE,
 			pgprot_tagged(PAGE_KERNEL),
-			NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS);
-	memblock_clear_nomap(kfence_pool, KFENCE_POOL_SIZE);
+			NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS | NO_EXEC_MAPPINGS);
 	__kfence_pool =3D phys_to_virt(kfence_pool);
 }
=20
@@ -1144,8 +1132,7 @@ bool arch_kfence_init_pool(void)
 }
 #else /* CONFIG_KFENCE */
=20
-static inline phys_addr_t arm64_kfence_alloc_pool(void) { return 0; }
-static inline void arm64_kfence_map_pool(phys_addr_t kfence_pool) { }
+static inline void arm64_kfence_map_pool(void) { }
=20
 #endif /* CONFIG_KFENCE */
=20
@@ -1155,7 +1142,6 @@ static void __init map_mem(void)
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
 	phys_addr_t kernel_end =3D __pa_symbol(__init_begin);
 	phys_addr_t start, end;
-	phys_addr_t early_kfence_pool;
 	int flags =3D NO_EXEC_MAPPINGS;
 	u64 i;
=20
@@ -1172,7 +1158,7 @@ static void __init map_mem(void)
 	BUILD_BUG_ON(pgd_index(direct_map_end - 1) =3D=3D pgd_index(direct_map_en=
d) &&
 		     pgd_index(_PAGE_OFFSET(VA_BITS_MIN)) !=3D PTRS_PER_PGD - 1);
=20
-	early_kfence_pool =3D arm64_kfence_alloc_pool();
+	arm64_kfence_map_pool();
=20
 	linear_map_requires_bbml2 =3D !force_pte_mapping() && can_set_direct_map(=
);
=20
@@ -1210,7 +1196,6 @@ static void __init map_mem(void)
 	 */
 	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, NO_CONT_MAPPINGS);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
-	arm64_kfence_map_pool(early_kfence_pool);
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CC5C3F65FC
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066950; cv=none;
 b=Xr3Crve+spPoCD/uCfVjgzsefjbV9wwTjeftsErl47jOSFMjE4NvY0JKtDlyXOJofsmt14NlbWr3G6csXWcsQlj0e3/nv+YnYDjm/zOGCaUaNU8FaL0Yqcl1fj6S13MQjLCNFbecSCWh04dRY8n+c1FQ9Xik/4vCViAXF4u60e8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066950; c=relaxed/simple;
	bh=EBI6q+g2E8/hvK4yQT+JWioaVrhIZ2lWVOkuVaQK5mw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=nnKaECdGoHbi6tlZ1SPQCLf8pn3xggtFJYdg8jpcP3mJrXnIdWCEcM3Ysy0ZFg77YAq2W+ic/NIxzqgT1AcxsulUvdsQDX9TuZ6TJtz/v/RQ7oV12lDympXb8Jcgblkd8FJ8lzYlFgAHuOY4cXsALVqCwKXxQSb6bYFcQFhD9os=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=G1HGHI7P; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="G1HGHI7P"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4905428aad6so54769675e9.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066947; x=1780671747;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=i9tlxHwsxA6eqo2SKmJcmasVfNUkIRzlQyYjktT989Y=;
        b=G1HGHI7PiYgkVDW1trNA7BV0Hu8fco8MZPyK2M16vfuKhco1r+xAl+svCG15rAjskg
         StbNAUm02Qb+ntDkHBNgb9IJkGtLaN0a2Og1cK7CrIjJOevRtSTVcdqmj2ZTBK24eTpa
         xGKyRhh2XDPGBy2oIF1gpq0KQNRLYI7n30hkWQBp5HUkJHA89rH9fiA3oRO89cxpOK3o
         GVNY/G79niwpvEqv9WManMF+9obV9BZNlNrlfstHITRMFY8DWqfqMaAOpvSNB3rVk85Q
         BrZ4s7OkkzHdYpfbglgx1JolS+Ei99H6YMeNnEFLHKAtp+UBjKV75LOUNoevMXR/WMCZ
         ZsEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066947; x=1780671747;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=i9tlxHwsxA6eqo2SKmJcmasVfNUkIRzlQyYjktT989Y=;
        b=SAOgMCPRSnj32TXBRrr/ypAeXjGfOH9zszduMAdLgliQRIf1bvpkbHd/kX5DDObcJB
         8HuZc58yp0+vHLzSAqdLjd6tmKHmFhh2bfGe/e++H8VZPNrm6q0fiYQjhUGERhrDjHOj
         F41xDsiPQsAOmWAUT/sA9saEG3b7BK0ew8C+YGd8FoFf3t/yUNIZXy38bwJ87NNNfLgx
         SlwCbATO5RJaWj9RJLQGomw41tyauxtbfZm+m8LojNAQOrXMdUFFBK2ONhU2k3Zr91If
         Ncf6KlFSud5NUz7MK1T5X6bunXbFFUtbjazWyk9GGMszxEO1m2bQLOsmEJ7LEn4gHQOX
         pbvQ==
X-Gm-Message-State: AOJu0YxJI4xv7zUpXBclyz+sb5twe44fczdbNKaMV/j64LCSq9Xftdql
	aeG9qqEO23MIY52rn8fsHMEw7u2GVYdM8c8ClfqwL5tSFTqXerWryb4rZs4H9lP0xOVnBxrsoQ=
	=
X-Received: from wmaq22.prod.google.com
 ([2002:a05:600c:6c96:b0:48f:dc9f:6f14])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:3b14:b0:490:4b89:5361
 with SMTP id 5b1f17b1804b1-490a2904d7fmr303015e9.7.1780066946805; Fri, 29 May
 2026 08:02:26 -0700 (PDT)
Date: Fri, 29 May 2026 17:01:59 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2952; i=ardb@kernel.org;
 h=from:subject; bh=TyyULer9eaKHyQ1BOINcFoCv1vvnMukGL48REtJhPzs=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVUboiS16Xkfr8iLbWErOKcytU4vuVJk0+76BcO5Hz
 rb1+sUdpSwMYlwMsmKKLAKz/77beXqiVK3zLFmYOaxMIEMYuDgFYCKqGxgZNjU07DG6GaTpezdh
 zbZrEwzidjxa865atLfK9/GeO2emyzH8d7MLuK/p3ZH8ib3z+D7vti6R81b7wgsSZrk1v7x+zKK
 WEQA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-25-ardb+git@google.com>
Subject: [PATCH v7 08/15] arm64: mm: Permit contiguous attribute for
 preliminary mappings
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

There are a few cases where we omit the contiguous hint for mappings
that start out as read-write and are remapped read-only later, on the
basis that manipulating live descriptors with the PTE_CONT attribute set
is unsafe. When support for the contiguous hint was added to the code,
the ARM ARM was ambiguous about this, and so we erred on the side of
caution.

In the meantime, this has been clarified [0], and regions that will be
remapped in their entirety, retaining the contiguous bit on all entries,
can use the contiguous hint both in the initial mapping as well as the
one that replaces it. Note that this requires that the logic that may be
called to remap overlapping regions respects existing valid descriptors
that have the contiguous bit cleared.

So omit the NO_CONT_MAPPINGS flag in places where it is unneeded.

[0] RJQQTC

For a TLB lookup in a contiguous region mapped by translation table entries=
 that
have consistent values for the Contiguous bit, but have the OA, attributes,=
 or
permissions misprogrammed, that TLB lookup is permitted to produce an OA, a=
ccess
permissions, and memory attributes that are consistent with any one of the
programmed translation table values.

Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index cdf8b3510229..971996e46fd1 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1016,8 +1016,7 @@ void __init create_mapping_noalloc(phys_addr_t phys, =
unsigned long virt,
 			&phys, virt);
 		return;
 	}
-	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL,
-				 NO_CONT_MAPPINGS);
+	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL, 0);
 }
=20
 void __init create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
@@ -1044,8 +1043,7 @@ static void update_mapping_prot(phys_addr_t phys, uns=
igned long virt,
 		return;
 	}
=20
-	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL,
-				 NO_CONT_MAPPINGS);
+	early_create_pgd_mapping(init_mm.pgd, phys, virt, size, prot, NULL, 0);
=20
 	/* flush the TLBs after updating live kernel mappings */
 	flush_tlb_kernel_range(virt, virt + size);
@@ -1191,10 +1189,8 @@ static void __init map_mem(void)
 	 * alternative patching has completed). This makes the contents
 	 * of the region accessible to subsystems such as hibernate,
 	 * but protects it from inadvertent modification or execution.
-	 * Note that contiguous mappings cannot be remapped in this way,
-	 * so we should avoid them here.
 	 */
-	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, NO_CONT_MAPPINGS);
+	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, 0);
 	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 }
=20
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-lj1-f202.google.com (mail-lj1-f202.google.com
 [209.85.208.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DD333F8707
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.208.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066952; cv=none;
 b=TKROjYKO3iwQQNJS2GNBkld8O0Qy1G/8RELTEKnAz19gNWAwhT8RNw5lGtQTxu3Pzx+R4eKaPeZNtWngv41zHU5Y3uVVEhA2SEdIljKBCzDJUx2CtLn6rND8o7UKnis006Qdo5cJy7zBAx0wT/JKS45PAEjEgVVmetqmL+CIL+8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066952; c=relaxed/simple;
	bh=QaYtjQKKU2ZFCKXwSNKUI8NOyp6rR9SInNzJZhhzRuU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=cShG7Khx8tx4rbv/rOlB+7ajgwN8z0V+xNwyCaSZ4c7SKEOH4WsAKmM3bNSwHj6lMRaSjRQBAomAilH/CQtjAMC3+npEhkLzAWvtL1SDcW3AEBDLzgT7UfPJ41kR7DDMutkh6UeEddw7AsHPV3ENg+JGa7gimD1mq26/NULaSrE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Ds7+tOe7; arc=none smtp.client-ip=209.85.208.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Ds7+tOe7"
Received: by mail-lj1-f202.google.com with SMTP id
 38308e7fff4ca-393adad635dso81469461fa.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066948; x=1780671748;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=xs8UZJaaGpDG2dm36q3rutkvNlrSNXe/Bj9mb4oSyno=;
        b=Ds7+tOe7u6LqidVF9uUrVbA5TmrJvkRrC/FeXq9I/qqB9kpwJdt8chI2z8vDpT69nN
         SRKPRfwIUg9faZmumhtR9W3q8t3xmrRKYp6I7Iq9rR2udFNSoBLhWBRvTC8wvmaZVkWG
         zmXM+TPyol0EiUPJOfWz/55kNLBQRfcrJU52H+w+a8ShvCwbQJ4EJKItJOF7QuuMN8dG
         cNoRT6Um1/QZQCgrXSJFrrjNJHYciFCYuMcYe5N+IMAKX9snhD80mNGl6iEN0hvsSShC
         DpeR7WhS4qH58LmtxqR6vOeVGpsai1QGYykAA1MusogjG1xYOkboPmfFJks4V9yqRuGi
         mXMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066948; x=1780671748;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=xs8UZJaaGpDG2dm36q3rutkvNlrSNXe/Bj9mb4oSyno=;
        b=F2b9EaqZL/WVmW4MQO2NpUKCYujahxH0nQMAZHOG1MWFO2q0weaM5MsJmaLYPcXokA
         CWBZdYz+ydXgYyfKR3vWE72gomgr8aGt6y5OfuqHyw6Klzb24QNRNMpnBlSTycEXrQB1
         ltai1n/aufuhmjj5vEEac6be5GOVzL175aU7cU16LJNjz1VVVo5nDJlcyTuiQGFG6zIQ
         UfSGy7IKEZUw6wGc98Rsu4/3ox+ZEn2a9m2AQDwklFtV7Q9Dnnx/Zux5L7oGDMj9ji7J
         SYWmDF4cbVwUAswIEOrRLeTn9s3ZacImbOJJj30aBn8ySuH7SxMp35TTw1ooSJ+AwIuZ
         6Ygg==
X-Gm-Message-State: AOJu0YzwjD5mydQtG9ApZH05YB++ezVVCl91pM6oFOFTpeyd4aVpK6h/
	IP9bnRVuycPOEUw8XWo8XJhIPQD6vz9zw3t72nsIOv/USvWd/542XH5av0gpoyrJcoeTlyI2VA=
	=
X-Received: from wrjb2.prod.google.com ([2002:adf:e302:0:b0:45e:f542:3761])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a2e:990d:0:b0:395:ae3b:3375
 with SMTP id 38308e7fff4ca-39664e981c0mr41301fa.2.1780066948187; Fri, 29 May
 2026 08:02:28 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:00 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3242; i=ardb@kernel.org;
 h=from:subject; bh=QwDzTM46GdUE+NivIT38dC1HutxUWa2GWKTenTtP7nY=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVWb2gvjDypnblG6ZO3Wv1Bft/jrhexd79oV7t577u
 RU+EnfqKGVhEONikBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNZI8zw36neUKL4j/F/nsar
 u7+2BlcevsMd8uPEywc1ppJzt9RzHGb4K8J9S++osuTMJf0rlUt33Z06V/Xzwox9+yqmH1l/Qee
 ZAysA
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-26-ardb+git@google.com>
Subject: [PATCH v7 09/15] arm64: Move fixmap and kasan page tables to end of
 kernel image
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Move the fixmap and kasan page tables out of the BSS section, and place
them at the end of the image, right before the init_pg_dir section where
some of the other statically allocated page tables live.

These page tables are currently the only data objects in vmlinux that
are meant to be accessed via the kernel image's linear alias, and so
placing them together allows the remainder of the data/bss section to be
remapped read-only or unmapped entirely.

Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/include/asm/mmu.h    | 2 ++
 arch/arm64/kernel/vmlinux.lds.S | 8 +++++++-
 arch/arm64/mm/fixmap.c          | 6 +++---
 arch/arm64/mm/kasan_init.c      | 2 +-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
index 5e1211c540ab..fb95754f2876 100644
--- a/arch/arm64/include/asm/mmu.h
+++ b/arch/arm64/include/asm/mmu.h
@@ -13,6 +13,8 @@
=20
 #ifndef __ASSEMBLER__
=20
+#define __pgtbl_bss __section(".pgdir.bss") __aligned(PAGE_SIZE)
+
 #include <linux/refcount.h>
 #include <asm/cpufeature.h>
=20
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.ld=
s.S
index e1ac876200a3..2b0ebfb30c63 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -349,9 +349,15 @@ SECTIONS
 	_edata =3D .;
=20
 	/* start of zero-init region */
-	BSS_SECTION(SBSS_ALIGN, 0, 0)
+	BSS_SECTION(SBSS_ALIGN, 0, PAGE_SIZE)
 	__pi___bss_start =3D __bss_start;
=20
+	/* fixmap BSS starts here - preceding data/BSS is omitted from the linear=
 map */
+	.pgdir.bss (NOLOAD) : ALIGN(PAGE_SIZE) {
+		*(.pgdir.bss)
+	}
+	ASSERT(ADDR(.pgdir.bss) =3D=3D __bss_stop, ".pgdir.bss must follow BSS")
+
 	. =3D ALIGN(PAGE_SIZE);
 	__pi_init_pg_dir =3D .;
 	. +=3D INIT_DIR_SIZE;
diff --git a/arch/arm64/mm/fixmap.c b/arch/arm64/mm/fixmap.c
index c5c5425791da..1a3bbd67dd76 100644
--- a/arch/arm64/mm/fixmap.c
+++ b/arch/arm64/mm/fixmap.c
@@ -31,9 +31,9 @@ static_assert(NR_BM_PMD_TABLES =3D=3D 1);
=20
 #define BM_PTE_TABLE_IDX(addr)	__BM_TABLE_IDX(addr, PMD_SHIFT)
=20
-static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __page_aligned_bss;
-static pmd_t bm_pmd[PTRS_PER_PMD] __page_aligned_bss __maybe_unused;
-static pud_t bm_pud[PTRS_PER_PUD] __page_aligned_bss __maybe_unused;
+static pte_t bm_pte[NR_BM_PTE_TABLES][PTRS_PER_PTE] __pgtbl_bss;
+static pmd_t bm_pmd[PTRS_PER_PMD] __pgtbl_bss __maybe_unused;
+static pud_t bm_pud[PTRS_PER_PUD] __pgtbl_bss __maybe_unused;
=20
 static inline pte_t *fixmap_pte(unsigned long addr)
 {
diff --git a/arch/arm64/mm/kasan_init.c b/arch/arm64/mm/kasan_init.c
index abeb81bf6ebd..dbf22cae82ee 100644
--- a/arch/arm64/mm/kasan_init.c
+++ b/arch/arm64/mm/kasan_init.c
@@ -214,7 +214,7 @@ asmlinkage void __init kasan_early_init(void)
 		 * shadow pud_t[]/p4d_t[], which could end up getting corrupted
 		 * when the linear region is mapped.
 		 */
-		static pte_t tbl[PTRS_PER_PTE] __page_aligned_bss;
+		static pte_t tbl[PTRS_PER_PTE] __pgtbl_bss;
 		pgd_t *pgdp =3D pgd_offset_k(KASAN_SHADOW_START);
=20
 		set_pgd(pgdp, __pgd(__pa_symbol(tbl) | PGD_TYPE_TABLE));
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com
 [209.85.218.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55EA83F88BA
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.218.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066954; cv=none;
 b=dRxWdFQIs8zJInGXpumyheTf5aBzD+diyhT38UiSULZ3aMogpTk3iKd1c7VmyFO52MNffj1fzRp6eF13kId9Pi8iwed0vVCKcJgWngOjEKiWsWS+bkMHMUJ0NWR3WTGxJUhwVJdJEeAleayfzvILfa2Qabfjhz1TeMd2Zf/33P8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066954; c=relaxed/simple;
	bh=zUEDMcVLVWzw+LdeWwMF4VUJNwnJA7d0jtfgZ6DhRzk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=pE0i8yiU9wbxKIZFWVp2rmlxlH7PCr+QrGXtn4qvdZElM/olbqPFeDWbiQE7VRxoGdcW0oWXhNf3hEnenjFmmUDHFxpjwMKF+8UDcoOR2VTY+LvVWq3Wi/WaV59H1SL24Y0AJhDMEVw4Q0sJCfYB47qflhfVJE3horBgKrj4HNw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=i73bJGK9; arc=none smtp.client-ip=209.85.218.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="i73bJGK9"
Received: by mail-ej1-f74.google.com with SMTP id
 a640c23a62f3a-bcea6a87383so1224288766b.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066950; x=1780671750;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=OI2PiSwVSqs1DMfWl+ZXR2POFOtjIsRCGzcVsnmPBAE=;
        b=i73bJGK9+4ZAcWgJ6T868+xurYWh+/3YHlKi/XwaEyj+yXrdVBrwaHEz1ABmNzu4rv
         MSBlYFSaRE6Ln+nLu/bH55vEt8mcP4lmwLGiT/koarURRddTk0TJA8tNfthOM0saAH2h
         Wt8oWORAbEULXuHmGPkMcPdf3Hg28qN/Kbi+43DOMguS2dcVmRa3KnhJC5L78N6aRevH
         qduIXor2Bi7u0SuiFM64qjq7sZcbf1hGBNiAsAzbQd/uyaQ7DSL9rQx5buy6Hrwz8Dl7
         g+xqvSAvsaKRTG27SmgEcSOD2JitTixITL1XZ7wiSQtcob2cE9j1oruCC52ENdWFZQSg
         xdmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066950; x=1780671750;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=OI2PiSwVSqs1DMfWl+ZXR2POFOtjIsRCGzcVsnmPBAE=;
        b=o+QH7T68/8OHt88GhyQbCVDcl2CxiqpZgZCwd344tN6YVNI4ZgX5UIW82yeiDhA0p2
         2MEt8y+s7eTQSeCQApK4mVcC2H7d1W1VS4pmEPG8TudCc8J5vHK3DiY09Sdx0X2ulK4v
         u4STkh6y8NLVn5lgrDuGyr+j4JXlvZfCyHtZXAm82kAd35V4StvFtcF7RYuZja1DJOSj
         5rzfKz7tClILzAglz+hJFULrhDQw07MyNEB3DIkVy+4VJedZe0mFhT6F2R0IHgi+LX5e
         fRc8t+AQpiCodqqytelqu6unGQp9x/TW4bBwHBhPAvGTCr+RuWeVDXZ7onOiaBQgegmr
         8CTw==
X-Gm-Message-State: AOJu0YyY6OeNPSQVXcHSQUsA0ywfHyoRrkzpGWQwL7BETDllbXMSZTuX
	dLGMOxZSGpc/Km2AL6aJ59Zt2IWFMn8EKHh5TVb4LBEkqElssb6hTBGIcoh2HN4WHzhHPqYL9w=
	=
X-Received: from wrmg9.prod.google.com ([2002:adf:e409:0:b0:45e:f392:2777])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:907:a07:b0:bd5:2e64:aef0
 with SMTP id a640c23a62f3a-be9cbdc6f6fmr179513966b.24.1780066949175; Fri, 29
 May 2026 08:02:29 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:01 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2652; i=ardb@kernel.org;
 h=from:subject; bh=LBsPwtXISC3cDlPuViRIHN1SKeCiNO3w0g/LYP90bWk=;
 b=kA0DAAoWMG4JVi59LVwByyZiAGoZqmug957hRslXLEFSHUmrg+wMpqdQu/ZaCQ6ZVNlpR/e6R
 Yh1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmoZqmsACgkQMG4JVi59LVw9CgD+Kz5r
 yC92Fjmy2/vY5E6VGL4/Nm1StvBfLlgn5WtMnkABAJz+h8RdmiKW2M9JyTSGnfE2SIklxmyurX5
 hqMMXobkC
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-27-ardb+git@google.com>
Subject: [PATCH v7 10/15] arm64: mm: Don't abuse memblock NOMAP to check for
 overlaps
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

Now that the linear region mapping routines respect existing table
mappings and contiguous block and page mappings, it is no longer needed
to fiddle with the memblock tables to set and clear the NOMAP attribute
in order to omit text and rodata when creating the linear map.

Instead, map the kernel text and rodata alias first with the desired
initial attributes and granularity, so that the loop iterating over the
memblocks will not remap it in a manner that prevents it from being
remapped with updated attributes later.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
---
 arch/arm64/mm/mmu.c | 26 ++++++++------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 971996e46fd1..dcfca5667e5c 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1164,12 +1164,17 @@ static void __init map_mem(void)
 		flags |=3D NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
=20
 	/*
-	 * Take care not to create a writable alias for the
-	 * read-only text and rodata sections of the kernel image.
-	 * So temporarily mark them as NOMAP to skip mappings in
-	 * the following for-loop
+	 * Map the linear alias of the [_text, __init_begin) interval first
+	 * so that its write permissions can be removed later without the need
+	 * to split any block mappings created by the loop below.
+	 *
+	 * Write permissions are needed for alternatives patching, and will be
+	 * removed later by mark_linear_text_alias_ro() above. This makes the
+	 * contents of the region accessible to subsystems such as hibernate,
+	 * but protects it from inadvertent modification or execution.
 	 */
-	memblock_mark_nomap(kernel_start, kernel_end - kernel_start);
+	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
+		       flags);
=20
 	/* map all the memory banks */
 	for_each_mem_range(i, &start, &end) {
@@ -1181,17 +1186,6 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
-
-	/*
-	 * Map the linear alias of the [_text, __init_begin) interval
-	 * as non-executable now, and remove the write permission in
-	 * mark_linear_text_alias_ro() below (which will be called after
-	 * alternative patching has completed). This makes the contents
-	 * of the region accessible to subsystems such as hibernate,
-	 * but protects it from inadvertent modification or execution.
-	 */
-	__map_memblock(kernel_start, kernel_end, PAGE_KERNEL, 0);
-	memblock_clear_nomap(kernel_start, kernel_end - kernel_start);
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com
 [209.85.218.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 182A83F9293
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.218.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066954; cv=none;
 b=eqquUTM953ToA6DQr4P7GT9AYzZeO4ntWNtWHyajVuhmk7T1o4gUvSY2lQ+bWA/0DsasshfWWv9wr/YG2mhhV6cZYcN7kLE/2KjdKHY8LwpLBNGtlaJJ6sjTauSe+r+bJCQdjjSwRBzDEE/VwgGEaJ6CXin/Gsrp7QoIg/MAaMo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066954; c=relaxed/simple;
	bh=sj0WteKdkA3T9R04zZss5lRyyoVYcBLMURVAj4LFOWw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=jRZ/h2kY5Cn1UatlyOTqMN98pcrlL9iKZ5uI73plycJiC0O6hMlsNzs4DlnjVLA52c2tIu45G9nKRzMOTwmdzDYiSOVl/kwivdaeA2bUIOt7uwl0wVrzDNnk863lTIJmf1hTo+QAJXbFgv6L+vx7i8IykfhnjT8wojBJk62CnDY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=oTVIq7xW; arc=none smtp.client-ip=209.85.218.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="oTVIq7xW"
Received: by mail-ej1-f74.google.com with SMTP id
 a640c23a62f3a-bd50f081f72so203558166b.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066951; x=1780671751;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=5ic2DGsrtEHhUHaDXXEd0q4Y8zWmRk/iCag+la1hIg4=;
        b=oTVIq7xWK9KKEJxGxl0c322MtLI8G7u6QI29QeCROs2+aIvwPQOfjysXQR1FhqIv+m
         cVKn2Cr6PJubgGajAt9zEz4YN+m+VTij2JYriX0b8RRZY9+rbLwMLhoNkRBhe3TgVqae
         fUQpkDMN6O/wqeTLd0aG9p/cF6FJ8kq1spV9dgJD30AZC8L1cV6o4TvvUv04HwQDnKV+
         Bfq1DijCa6VjfN/30JGGVqprVEJptaQIcpMd2Fo61Tlc4YwFP83PBU2nUULRdBa8TBKr
         0vEcg1Tvkeojjn2Ylv5MRBvT1vJJi60vEhMntjJOpxObThPhh77gWKPKD6DIujhK1DjK
         n79g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066951; x=1780671751;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=5ic2DGsrtEHhUHaDXXEd0q4Y8zWmRk/iCag+la1hIg4=;
        b=GnHiNN5HioZ5kVPvOPa22yjE2YRgzXsdt8jSDX6M3BNX7WhdutCek4Oog3RJ1HOLRY
         Gpjdkqf5ExiTx6tV9D0uEQ9T3FmuGPRDLA2tjqz5iCF2smnf8FK2XcQYZ8jf3i3hMLuX
         YOfPqnAwYCalRjHWNoHXExtMa7C07n2uIX6WklpySF/mLP/r6UCtXvn20I5hurHPTLf0
         9rabqT9UqiK+LXQEkm5SCcHuu7JVYLvkF4EDy2dESeD+FUuSiUnLyGutZ28brEF8HyGa
         PSMQQjGqnfOUpwITUoiGBuVc/zCzWLB0kqJ/ri0nCBRhMdd7HiMnq6ar8x6FPGUBi5hu
         Dhpg==
X-Gm-Message-State: AOJu0Yw6rbs/o+OElYofxmSTJB8lqj7Y8EXjY1XrcRFhLb3j6lx6kLaj
	EiyH585i9NUHNRhVTFX2LxGBLrw7LbQgNAbpaag2Ytet6F4fCwNuM+nMBrtOgVDNU+/59aMhmQ=
	=
X-Received: from ejcdp16.prod.google.com ([2002:a17:906:c150:b0:bcc:71b:965d])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a17:907:846:b0:bd5:7c2:7622
 with SMTP id a640c23a62f3a-be9cce79583mr206170566b.49.1780066950536; Fri, 29
 May 2026 08:02:30 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:02 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3562; i=ardb@kernel.org;
 h=from:subject; bh=ubRBWkWn2UVZmjj/MlvsEvyHLMfMbEt4k4F760d5eRs=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVY4k535dO+nZFlbOfzzdd/L8Kc16wKgvUGy0L8C+M
 NAkc31HKQuDGBeDrJgii8Dsv+92np4oVes8SxZmDisTyBAGLk4BmMji6YwM9xVOLdQXVDy63md1
 QcOOcqYQ72WntJ6eyrZNi+loev33MsP/3BPHG8Off7zik3rM8U/Y17jQr64tKe5X7+RwlEXo3Rb
 gAwA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-28-ardb+git@google.com>
Subject: [PATCH v7 11/15] powerpc/code-patching: Avoid r/w mapping of the zero
 page
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org, Madhavan Srinivasan <maddy@linux.ibm.com>,
	Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>,
	"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The only remaining use of map_patch_area() is mapping the zero page, and
immediately unmapping it again so that the intermediate page table
levels are all guaranteed to be populated.

The use of the zero page here is completely arbitrary, and not harmful
per se, but currently, it creates a writable mapping, and does so in a
manner that requires that the empty_zero_page[] symbol is not
const-qualified.

Given that this is about to change, and that map_patch_area() now never
maps anything other than the zero page, let's simplify the code and
- remove the helpers and call [un]map_kernel_page() directly
- take the PA of empty_zero_page directly
- create a read-only temporary mapping.

This allows empty_zero_page[] to be repainted as const u8[] in a
subsequent patch, without making substantial changes to this code
patching logic.

Cc: Madhavan Srinivasan <maddy@linux.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>
Link: https://lore.kernel.org/all/20260520085423.485402-1-ardb@kernel.org/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: "Christophe Leroy (CS GROUP)" <chleroy@kernel.org>
Reviewed-by: Mukesh Kumar Chaurasiya (IBM) <mkchauras@gmail.com>
---
 arch/powerpc/lib/code-patching.c | 52 +-------------------
 1 file changed, 2 insertions(+), 50 deletions(-)

diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patch=
ing.c
index f84e0337cc02..44ff9f684bef 100644
--- a/arch/powerpc/lib/code-patching.c
+++ b/arch/powerpc/lib/code-patching.c
@@ -60,9 +60,6 @@ struct patch_context {
=20
 static DEFINE_PER_CPU(struct patch_context, cpu_patching_context);
=20
-static int map_patch_area(void *addr, unsigned long text_poke_addr);
-static void unmap_patch_area(unsigned long addr);
-
 static bool mm_patch_enabled(void)
 {
 	return IS_ENABLED(CONFIG_SMP) && radix_enabled();
@@ -117,11 +114,11 @@ static int text_area_cpu_up(unsigned int cpu)
=20
 	// Map/unmap the area to ensure all page tables are pre-allocated
 	addr =3D (unsigned long)area->addr;
-	err =3D map_patch_area(empty_zero_page, addr);
+	err =3D map_kernel_page(addr, __pa_symbol(empty_zero_page), PAGE_KERNEL_R=
O);
 	if (err)
 		return err;
=20
-	unmap_patch_area(addr);
+	unmap_kernel_page(addr);
=20
 	this_cpu_write(cpu_patching_context.area, area);
 	this_cpu_write(cpu_patching_context.addr, addr);
@@ -233,51 +230,6 @@ static unsigned long get_patch_pfn(void *addr)
 		return __pa_symbol(addr) >> PAGE_SHIFT;
 }
=20
-/*
- * This can be called for kernel text or a module.
- */
-static int map_patch_area(void *addr, unsigned long text_poke_addr)
-{
-	unsigned long pfn =3D get_patch_pfn(addr);
-
-	return map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), PAGE_KERNEL);
-}
-
-static void unmap_patch_area(unsigned long addr)
-{
-	pte_t *ptep;
-	pmd_t *pmdp;
-	pud_t *pudp;
-	p4d_t *p4dp;
-	pgd_t *pgdp;
-
-	pgdp =3D pgd_offset_k(addr);
-	if (WARN_ON(pgd_none(*pgdp)))
-		return;
-
-	p4dp =3D p4d_offset(pgdp, addr);
-	if (WARN_ON(p4d_none(*p4dp)))
-		return;
-
-	pudp =3D pud_offset(p4dp, addr);
-	if (WARN_ON(pud_none(*pudp)))
-		return;
-
-	pmdp =3D pmd_offset(pudp, addr);
-	if (WARN_ON(pmd_none(*pmdp)))
-		return;
-
-	ptep =3D pte_offset_kernel(pmdp, addr);
-	if (WARN_ON(pte_none(*ptep)))
-		return;
-
-	/*
-	 * In hash, pte_clear flushes the tlb, in radix, we have to
-	 */
-	pte_clear(&init_mm, addr, ptep);
-	flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
-}
-
 static int __do_patch_mem_mm(void *addr, unsigned long val, bool is_dword)
 {
 	int err;
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com
 [209.85.208.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08E803F88BE
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.208.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066955; cv=none;
 b=IPmY6IYurxCU+7DgI0ekmEjEZ4syf9E0IKjlW75xeXXrisaylZHrKHftH9vxnPy+7PmkBaB399y2vj4/8df/GW6N3uEQg2M+DX9vVsi2LwzQa2N5EEzmDKnuJIVdtoS7UXjFQzZ31cdxfMbEMlWE7cfcPafqD01MqCoRejY3JPo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066955; c=relaxed/simple;
	bh=rxjhw6NCkFydv9twVpR1AtWCBWmKfNC1CK4SdAjRO3M=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=kR0zXx1EW6ksvSztH/HJbJHDnA1Kl0qyZ+hg1uINFACAhPA6PkzBNldb1frhCHevQAJavwi7YX82eN6W91JNRxOBsOlZKPGDrSkn06DHQe+uNGW/yZAQjZhq9jJrQjqP0Tedx1PLFkjjPvBJc2Yw/YU5dpwws4aCbrN2I1YLNqc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=gcvzzoxT; arc=none smtp.client-ip=209.85.208.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="gcvzzoxT"
Received: by mail-ed1-f74.google.com with SMTP id
 4fb4d7f45d1cf-68c39e36c29so484277a12.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066952; x=1780671752;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=1EyPAfNS2y6WG0YPoe21sR6PBixrZIgpxdj99NPdSN8=;
        b=gcvzzoxTqNj0MXV1QzrW+8aNH1yEBUNQlYt7HvtO5+L6VFv3/aFeUcJlknWQ5TlYai
         FlHjs+JxpxLbrW+4QoA8Rc3TtpDNkzNDFu2f0YDHcqhK8x8zNwgbOfGKyedOTlzCfuXg
         doIp0sQtGxCfaEIiBuDRrNtrTtyWcJrBRNk8lYePgS4prrwUWiXHvLaJQ3Ed6DKjB7M5
         w0diBAD5UvLNfWxSNEKSnvnjDAU8zmZzrIEhkduh8KIyTRgQMNgoF9i+NsLxg8Hhn3nq
         nRgpLRUUbttayuEBbfQ2wxo+08P1NWG92p8HzX3FaH8Ajgwdt02eJ6sqfwNqQFK+WvUb
         gYWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066952; x=1780671752;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=1EyPAfNS2y6WG0YPoe21sR6PBixrZIgpxdj99NPdSN8=;
        b=V2IG8OLs5JNs5jBpsfVIf3p/Oas3bTK0x/6sH0sYWCbMH4JZK4dObrOaAUSqFe+Axr
         4tBEVfn12l+wCy+/8E5jc0hQmafKQzdBTD0nXlacnIxk7gPhzsbrpsEOmtpqm3YBBpp/
         s5L6fBbVbzbe2XuGqU/a6SHZRuRXVFeX0EfiR7A6Z1eVaQgD9ky3npzCPYoJGMmwCH8u
         4oW6ZJps43VuIO6FGZMmh01bdrUd/m7cWaAqCy41GiS6CAoqJhbsZIeqXC3J36uTpN0l
         1Ifa5x9jQg2+7KLOys43CvJFoMP5uDUixuFDJY8tYFm1OkOPJGoj/D4lMooQiVwgKy07
         1N0A==
X-Gm-Message-State: AOJu0YwxK4+VtpDT6ru1slASzt0N7HkGcNYzdskHfGLotB6c00pFlrEx
	fzZFE5sNQSneIPQBhiyOJ3BX8G54GJY5w7QsEo4Gy58PlTmBf5FGzHPk4DMec2Us79pxQjaDjA=
	=
X-Received: from edpg3.prod.google.com ([2002:aa7:d1c3:0:b0:68b:f715:5345])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6402:a29b:10b0:683:be46:c20c
 with SMTP id 4fb4d7f45d1cf-68c8a65763dmr15813a12.16.1780066952419; Fri, 29
 May 2026 08:02:32 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:03 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1322; i=ardb@kernel.org;
 h=from:subject; bh=4saoJOhT3cEc7dpWXJZksxFCf7gWJDz5CDZcsy0RHE0=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVe4Vpn2a3EuL7z5c9yPshq/FTf8NSmKzXz68s33ZB
 ld1mYh7HaUsDGJcDLJiiiwCs/++23l6olSt8yxZmDmsTCBDGLg4BWAibDIM/2u5Yv7kFfP5v2Ww
 OfqOx3NBpOKey7t5vhR6LI5Y9SY78z3D/5SO1Jh354yPPvIQfsjEWFAfIL3vxawn2VI8ya8XJ21
 dxwwA
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-29-ardb+git@google.com>
Subject: [PATCH v7 12/15] sh: Drop cache flush of the zero page at boot
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org, Yoshinori Sato <ysato@users.sourceforge.jp>,
	Rich Felker <dalias@libc.org>,
 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
	Geert Uytterhoeven <geert+renesas@glider.be>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

SuperH performs cache maintenance on the zero page during boot,
presumably because before commit

  6215d9f4470f ("arch, mm: consolidate empty_zero_page")

the zero page did double duty as a boot params region, and was cleared
separately, as it was not part of BSS. The memset() in question was
dropped by that commit, but the __flush_wback_region() call remained.

As empty_zero_page[] has been moved to BSS, it can be treated as any
other BSS memory, and so the cache flush can be dropped.

Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
---
 arch/sh/mm/init.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/arch/sh/mm/init.c b/arch/sh/mm/init.c
index 4e40d5e96be9..110308bdef01 100644
--- a/arch/sh/mm/init.c
+++ b/arch/sh/mm/init.c
@@ -331,9 +331,6 @@ void __init mem_init(void)
 	/* Set this up early, so we can take care of the zero page */
 	cpu_cache_init();
=20
-	/* clear the zero-page */
-	__flush_wback_region(empty_zero_page, PAGE_SIZE);
-
 	vsyscall_init();
=20
 	pr_info("virtual kernel memory layout:\n"
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 935ED3F9F5E
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066956; cv=none;
 b=sB5rVrTFgFcdLP9JfwItwMSxI6+pMRhW2wc0cuFnxJpgwtNHev7oDo+wPTWuV7bMYzYz4x87jbq1X51ZvU1M1IplptI0dCp9+V2CR7nlJJjSiOKDiplJaWIstcp1r44FNQLRMq3I53x+4HZ11dtuCAwpRpN5qZHE0wXhSR1PG54=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066956; c=relaxed/simple;
	bh=0W8cmWeo/elCcQMUWDRnf0TD4aZw8wpUlwnXz0G5xws=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=QGGKtzEm2THaNUZiv2q0n+42dfuNqTz7AGiRa/aWxCUXMeVPOcO0f30JAXb1uM0np/EgkIbp9iVBdEZXXzw8W1Qd9Fe8/yKMVc7nHeH6+yDZ5cq48cV/Lt/ie/FkWpWA+8ZiWJS5A3A7a+AlNCYbMwn4GT7OtLZdSycL1G+JKXA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=k1Je0QWo; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="k1Je0QWo"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-48eb0da933fso93693005e9.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066954; x=1780671754;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=kuldBekegH9n0W4LLX2RtMOFJe4Z/6YrXjIgxtYQaL8=;
        b=k1Je0QWoyo2afIXfsSLAnPowe4ak+9hm77V84lf5tr3MPCTzPOnZGY6fNl/y7OHnb4
         MIru8IP38NIashBQc4jwa1EcyIjuTAaNqoYWYoGie9qWOB4z0AuvnxQzzqKZO3h0OfB0
         Iu5H0ZTkhgyE+OU0ygmw8aiwkOmI5r0/9OrnuzqZCGcMfq7cjH9jazq9XSTznUHnrihK
         BLI5ivIPLPGhCYfr1rWSnNVlCQW34w3Zilcj2azAeWvMFKrQfldI+ulX2vd+HETWkRMK
         IHR2No/BgDH3mHSs8cQYHqqOYwGRD5as++2nymrZBFkDawfCByzDlNtxgq7Yva/kzaKy
         /h4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066954; x=1780671754;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=kuldBekegH9n0W4LLX2RtMOFJe4Z/6YrXjIgxtYQaL8=;
        b=D1Gv8ukRsfpzZRbeRjyHiz2Clc3KVHQGvDFZJWzLE645ibTfpdWvGiuNk3iG4DH+va
         8fG2HpP1OQeAgFmP4Wocqb4dOL3rD3GK7HALCn3dTEF4YE3NCYoNTqpA7FxlJq/xqMEr
         LpoGaMJcAKt+p1LT6kTEZfedwI3tfeAPz9hIgliVtwzYXkTq/QeY9M7hqr1mDQBpC9sD
         jaHNvYqjQ83OlvT7fIkK4UPKS1Np9xl7E7ge7spR5UJu22ZeJ4roZXMsP6Y/0JN3pRLE
         BiyoldfSMYb8x3G49w5Mg8d1PvSyffIV7HbzMSS48cqJAdNhBUx6wyNu2iqpyhHXaEgT
         sexA==
X-Gm-Message-State: AOJu0Yxvmuj1JAgcI/G4aEy/vbZaBr5/OoFXmixmtamZyMGSs8VxEkFq
	VggQLkPLU7KlAqEPXBXEPYuOhtuEzqpQhaMScRlC60LLHxFeL539oLrDEPAolUzlHyAX11cZRw=
	=
X-Received: from wmbds9.prod.google.com
 ([2002:a05:600c:6289:b0:488:c686:2b56])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:3552:b0:490:58f4:ba23
 with SMTP id 5b1f17b1804b1-4909c0ea669mr54166795e9.30.1780066953743; Fri, 29
 May 2026 08:02:33 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:04 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1898; i=ardb@kernel.org;
 h=from:subject; bh=dIgftrvtjy9n7J++AHRmcZhewFAl9rYaD0F4euqeHS8=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVd47S5EVE1yUzEILxG4o87+S6v8hxD9hp5NyQ8ruu
 0eqhL90lLIwiHExyIopsgjM/vtu5+mJUrXOs2Rh5rAygQxh4OIUgIkcVGP4X3vEZYrpXP0XPhoq
 LB8n7Xn7w1MyccZGAxbjdtX1WbwLNjL89511yu9VgsV9/ZkbXeb/7X59yD7RKOaQzExH3lUBFrd
 CeQA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-30-ardb+git@google.com>
Subject: [PATCH v7 13/15] mm: Make empty_zero_page[] const
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org, Feng Tang <feng.tang@linux.alibaba.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The empty zero page is used to back any kernel or user space mapping
that is supposed to remain cleared, and so the page itself is never
supposed to be modified.

So mark it as const, which moves it into .rodata rather than .bss: on
most architectures, this ensures that both the kernel's mapping of it
and any aliases that are accessible via the kernel direct (linear) map
are mapped read-only, and cannot be used (inadvertently or maliciously)
to corrupt the contents of the zero page.

Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Acked-by: David Hildenbrand (Arm) <david@kernel.org>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Feng Tang <feng.tang@linux.alibaba.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 include/linux/pgtable.h | 2 +-
 mm/mm_init.c            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index cdd68ed3ae1a..67aa23814010 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -1993,7 +1993,7 @@ static inline unsigned long zero_pfn(unsigned long ad=
dr)
 	return zero_page_pfn;
 }
=20
-extern uint8_t empty_zero_page[PAGE_SIZE];
+extern const uint8_t empty_zero_page[PAGE_SIZE];
 extern struct page *__zero_page;
=20
 static inline struct page *_zero_page(unsigned long addr)
diff --git a/mm/mm_init.c b/mm/mm_init.c
index f9f8e1af921c..46cf001238c5 100644
--- a/mm/mm_init.c
+++ b/mm/mm_init.c
@@ -57,7 +57,7 @@ unsigned long zero_page_pfn __ro_after_init;
 EXPORT_SYMBOL(zero_page_pfn);
=20
 #ifndef __HAVE_COLOR_ZERO_PAGE
-uint8_t empty_zero_page[PAGE_SIZE] __page_aligned_bss;
+const uint8_t empty_zero_page[PAGE_SIZE] __aligned(PAGE_SIZE);
 EXPORT_SYMBOL(empty_zero_page);
=20
 struct page *__zero_page __ro_after_init;
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com
 [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBD303321C2
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.74
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066958; cv=none;
 b=Ja27v708IwLuqdAIupYQ+fTrzFLJ4zbj7JI8qvQ/qetuTCXfX4ZzDEOcVMlsMvQD/csB1g8K00Zm95UM/5cKTWPX8emDy4L6hV3Jf6quHRQ3CGhkRe/VDhiojPFscHt2kiEURsb6U3cJkiL5vTFdXnn4AuE347rTNgMLCi+QU2w=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066958; c=relaxed/simple;
	bh=4ltJ+tnV31+lI4WiO4qNd68D48W9zgCf68aVmdnq5Js=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=Q+C/JJaRXJtL3rznqCSXyYkgKWCh0C2MxNHm3gDxPHEmnJyflBFxnnyfEFfzqG+TxIoxJ10U6mAOJBj16CcabLZ9k0Ui27arvPQS3x0qDwaBFd4D0M4WMUQf8k+MgcfBhQUsTVzDzLz5V6gyf7sX6/o9+s4f4oPiemP2RoVmB4s=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=Et6lEwzX; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="Et6lEwzX"
Received: by mail-wm1-f74.google.com with SMTP id
 5b1f17b1804b1-48fd33b4921so91254075e9.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066955; x=1780671755;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=RUlY0Cb5F8XLpE5JfjwZ+7xlX215FRQLeW3ZifZ4LCc=;
        b=Et6lEwzXaJiFyiCAuNmI5fRp5Ank2ePStfJhoowDd6/MfbLJ6tnnxzrxd9i4ust8d4
         dU3T5syQJUvgDipigYkIu+eyRGC5BVjULmwOFVpeYOUewjD/jAdtk0Ezm6tIsVAVnpHF
         YApK460xg1nZUTF/ChLHCfX6f2aACdKBTdGQLucchxaGZzSTFaSMGCvo8raN6hpJrbM7
         +rTflUGTPnKtwgiblrAqfHRyO8EYcvgSvsdNW0dwdUZ+LLMMbhQrSuTGChzg85DJnnpQ
         w0JuURv+l3nRf3r11I/cvs+VbQ19HmeaonQzYIoZsA29tKcBtm93udbO1GOKzzpL5Mqm
         vDQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066955; x=1780671755;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=RUlY0Cb5F8XLpE5JfjwZ+7xlX215FRQLeW3ZifZ4LCc=;
        b=I6k31dl0iEQtUknvyRcKRd5MNVouJbHgZH/UzfkytfSkD+i8WNzvPSQdPcdUqAlSuA
         ucVniTAy/FJTjHXSl+DVuJQCN8o9pHtE2059oUQsPZqbP6rIEMoK8bDAAZOYBxVMrkgR
         sdrPjRnEBAQe5iCu+SfE5xKyz8znn6vtwutxXlBk33+wF70pyvywIpkIIgsiMYL6qKhZ
         mWJQgdFLCGL20XeT1rjY4s3uvDQPlL4BrN9hmegqQ4vHrsMSDYfsOveS0Ls20CDOaED7
         FWubprGPMFRLlnsarKkMHu9MuRg1innmuULxxqIgqcPVb9oy0b0BXfn7pMnZJbzXe9Iy
         Q4Sw==
X-Gm-Message-State: AOJu0YymrYFWkkaL/FHmLRAQueVyV08e4L8EN2Pk8i+2z0i0qLWjhKWu
	RabvqzMhX2BlpVgXOm+9jP0jrCS259ovRWy4PtVau5k8Du/g2vJ+WBFzYb0Wyx90Sw/ybcJ87A=
	=
X-Received: from wmte9.prod.google.com ([2002:a05:600c:8b29:b0:48f:de4f:a90])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:3b13:b0:490:44eb:c1d7
 with SMTP id 5b1f17b1804b1-4909c0f30c7mr58093455e9.30.1780066955148; Fri, 29
 May 2026 08:02:35 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:05 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2481; i=ardb@kernel.org;
 h=from:subject; bh=hrcFvMrty6wWPLsRojP9eqDUmoO4ZLfdaegUjBt5TKE=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIUtyVT7LQrk5StrVnhW9eSm1/NNic7seSLefqruzq2ZDx
 bLLO9w6SlkYxLgYZMUUWQRm/3238/REqVrnWbIwc1iZQIYwcHEKwEQWTmP4Z9y4/eO0WW8mJKrq
 1MW9sj4c8WmpWkn/Y9030oYr+jdxWTH8DxJlLpd0i0/zDFP5wK+8gt14wjNV0eevVH96qbb/sHn
 BAwA=
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-31-ardb+git@google.com>
Subject: [PATCH v7 14/15] arm64: mm: Map the kernel data/bss read-only in the
 linear map
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

On systems where the bootloader adheres to the original arm64 boot
protocol, the placement of the kernel in the physical address space is
highly predictable, and this makes the placement of its linear alias in
the kernel virtual address space equally predictable, given the lack of
randomization of the linear map.

The linear aliases of the kernel text and rodata regions are already
mapped read-only, but the kernel data and bss are mapped read-write in
this region. This is not needed, so map them read-only as well.

Note that the statically allocated kernel page tables do need to be
modifiable via the linear map, so leave these mapped read-write.

Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/mm/mmu.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index dcfca5667e5c..7b18dc2f1721 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1138,7 +1138,9 @@ static void __init map_mem(void)
 {
 	static const u64 direct_map_end =3D _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start =3D __pa_symbol(_text);
-	phys_addr_t kernel_end =3D __pa_symbol(__init_begin);
+	phys_addr_t init_begin =3D __pa_symbol(__init_begin);
+	phys_addr_t init_end =3D __pa_symbol(__init_end);
+	phys_addr_t kernel_end =3D __pa_symbol(__bss_stop);
 	phys_addr_t start, end;
 	int flags =3D NO_EXEC_MAPPINGS;
 	u64 i;
@@ -1173,7 +1175,11 @@ static void __init map_mem(void)
 	 * contents of the region accessible to subsystems such as hibernate,
 	 * but protects it from inadvertent modification or execution.
 	 */
-	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
+	__map_memblock(kernel_start, init_begin, pgprot_tagged(PAGE_KERNEL),
+		       flags);
+
+	/* Map the kernel data/bss so it can be remapped later */
+	__map_memblock(init_end, kernel_end, pgprot_tagged(PAGE_KERNEL),
 		       flags);
=20
 	/* map all the memory banks */
@@ -1186,6 +1192,11 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
+
+	/* Map the kernel data/bss read-only in the linear map */
+	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO, flags);
+	flush_tlb_kernel_range((unsigned long)lm_alias(__init_end),
+			       (unsigned long)lm_alias(__bss_stop));
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.823.g6e5bcc1fc9-goog
From nobody Mon Jun  8 10:56:41 2026
Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com
 [209.85.128.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 066EC3FF89E
	for <linux-kernel@vger.kernel.org>; Fri, 29 May 2026 15:02:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.73
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1780066959; cv=none;
 b=AF49cIdIDQI4VJmthiTIF3JXRxz5WrXomAV0i1xLh2RrwYAaRR4fAhp3zRBSRqNwgeOhSBluVM/ywuIqP0CBUZR6w7E+9enahP6JMyF8e5ItRgzH1QO/t/zl6ZI34xxTUoJ1mYLLj2UxU8ahWKx5dVV7l5UNQd9QxZrj5OC/E3E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1780066959; c=relaxed/simple;
	bh=wk/GXhyQgaR0CIaJVu8tmQnleFEAH/nc1GEBzpfXZ3k=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=u7sDGdTFLicUzp0ix94OSsbJWV/ORibeDexZtw9sG+Tq1l03w9KdlIo/y4HEOZcspUbWn2xrZ8MEpnmxApeMIlGWUIu3nyfV1Jo8H9ZCaDiAKnMzaAMutuKRG0MqMepaq/KR+ZuHbZlUfld67b8GGDC3wUtmfiTQ1JUVa0qNQ74=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=gU4m+XxN; arc=none smtp.client-ip=209.85.128.73
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="gU4m+XxN"
Received: by mail-wm1-f73.google.com with SMTP id
 5b1f17b1804b1-4909e29e78fso5072195e9.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 29 May 2026 08:02:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1780066956; x=1780671756;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=XQKx64xQcW6ZDY2ZWUkqEvIbYSGgY2Fsos5YN6YfoOU=;
        b=gU4m+XxNynAKLwkB+53YrtWiImthrECP9W2VAJTeQV42+ip7ww8TMgZloFXFdqJHGF
         iBbfs2gMGoHC4XEuba8QN0qLLzi9E2KUAi80dhGGZsxbbRFSY+VxvXAVbYO/wv70a8Cx
         R58nSzLDIZn/XSgHygaZNuOLbsGlGCkprRZ+k4MZsSRZOrKyxgqpDs+iTn/z4v0ab0R6
         S3aOi3GMRRJbvYFMHyvfOuax06jJDrLFFnNFNLMT8CeBFzp73iB8uazV53OtKuKB6xqk
         cDErSkOSfpCeEvyP3yz/iAHwQm8QtmYsG4OP1KPPG7iy+Pwk/PQujWMmWU4I5RoaUPcH
         O0bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780066956; x=1780671756;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=XQKx64xQcW6ZDY2ZWUkqEvIbYSGgY2Fsos5YN6YfoOU=;
        b=Rjg6GIiM1aFIY2g9DCxNtZRj7htzG82qyJffQSk2xwvL6Iq1MGCWOE7qz39oAL+Jh8
         Iix+hR50K79Tmhaouaxv75OscEA34AVz8dGXDVY0ePnOUGMuZeuVewSQj/wsRkxdAtqv
         a2+nDtkE+tGPSbDYOPhWG6cK3nofFNsnFTCE0lKhrsfdg20ORcSrJw0VgegXDRkT61Mt
         3mo4Q79L+qtrSBQkVROL6fptzln6xKnbHZLzJUEk+9h17VUJfI6CPiUFArHj0bsSQlf8
         h3xJaciKRWUcTQfZclvl5O5eu0VOv54oXzqAJ7RPQfo4ArBwnKMKFTvQmUaPY1/9vcIb
         TBcQ==
X-Gm-Message-State: AOJu0YxcF+X0Ajum7TCOMgUd0/DMEez6zsmqoWHlCC/7VCWAwP54C9Th
	4+BZmsYYt7Y0zL5yMEvkMLltHYZxBlje62/IDgVeNfweJCwP+CLSicvD4njhD/jMud85roy++Q=
	=
X-Received: from wmbez9.prod.google.com
 ([2002:a05:600c:83c9:b0:48f:e3fc:d858])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:600c:4fd6:b0:490:5655:8d3f
 with SMTP id 5b1f17b1804b1-4909c0ed167mr56446625e9.28.1780066956218; Fri, 29
 May 2026 08:02:36 -0700 (PDT)
Date: Fri, 29 May 2026 17:02:06 +0200
In-Reply-To: <20260529150150.1670604-17-ardb+git@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260529150150.1670604-17-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=3406; i=ardb@kernel.org;
 h=from:subject; bh=XSavLFKj4RYiFTOsx9dpbIASgaMnJejevEPNl4lZqhM=;
 b=kA0DAAoWMG4JVi59LVwByyZiAGoZqnCghcJA5fPW2Z72X9X37eu+fqYYMOTvKUc5VemCkE+q7
 oh1BAAWCgAdFiEEEJv97rnLkRp9Q5odMG4JVi59LVwFAmoZqnAACgkQMG4JVi59LVy8pQEA6HlB
 3WUW3N8HA9+DidOWBYQI1frKFGwVYEQ7O27c8DUBAJEH2JVQ9ldiz63/YvZsdSlPfdvNDLvL7Jf
 SNW10NGsD
X-Mailer: git-send-email 2.54.0.823.g6e5bcc1fc9-goog
Message-ID: <20260529150150.1670604-32-ardb+git@google.com>
Subject: [PATCH v7 15/15] arm64: mm: Unmap kernel data/bss entirely from the
 linear map
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org, catalin.marinas@arm.com,
	mark.rutland@arm.com, Ard Biesheuvel <ardb@kernel.org>,
 Ryan Roberts <ryan.roberts@arm.com>,
	Anshuman Khandual <anshuman.khandual@arm.com>,
 Kevin Brodsky <kevin.brodsky@arm.com>,
	Liz Prucka <lizprucka@google.com>, Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
 David Hildenbrand <david@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>, Jann Horn <jannh@google.com>,
 linux-mm@kvack.org,
	linux-hardening@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
	linux-sh@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Ard Biesheuvel <ardb@kernel.org>

The linear aliases of the kernel text and rodata are also mapped
read-only in the linear map. Given that the contents of these regions
are mostly identical to the version in the loadable image, mapping them
read-only and leaving their contents visible is a reasonable hardening
measure.

Data and bss, however, are now also mapped read-only but the contents of
these regions are more likely to contain data that we'd rather not leak.
So let's unmap these entirely in the linear map when the kernel is
running normally.

When going into hibernation or waking up from it, these regions need to
be mapped, so map the region initially, and toggle the valid bit so
map/unmap the region as needed.

Doing so is required because pages covering the kernel image are marked
as PageReserved, and therefore disregarded for snapshotting by the
hibernate logic unless they are mapped.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
---
 arch/arm64/mm/mmu.c | 45 ++++++++++++++++++--
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 7b18dc2f1721..07a6fa210171 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -24,6 +24,7 @@
 #include <linux/mm.h>
 #include <linux/vmalloc.h>
 #include <linux/set_memory.h>
+#include <linux/suspend.h>
 #include <linux/kfence.h>
 #include <linux/pkeys.h>
 #include <linux/mm_inline.h>
@@ -1056,6 +1057,29 @@ static void __init __map_memblock(phys_addr_t start,=
 phys_addr_t end,
 				 end - start, prot, early_pgtable_alloc, flags);
 }
=20
+static void mark_linear_data_alias_valid(bool valid)
+{
+	set_memory_valid((unsigned long)lm_alias(__init_end),
+			 (unsigned long)(__bss_stop - __init_end) / PAGE_SIZE,
+			 valid);
+}
+
+static int arm64_hibernate_pm_notify(struct notifier_block *nb,
+				     unsigned long mode, void *unused)
+{
+	switch (mode) {
+	default:
+		break;
+	case PM_POST_HIBERNATION:
+		mark_linear_data_alias_valid(false);
+		break;
+	case PM_HIBERNATION_PREPARE:
+		mark_linear_data_alias_valid(true);
+		break;
+	}
+	return 0;
+}
+
 void __init mark_linear_text_alias_ro(void)
 {
 	/*
@@ -1064,6 +1088,21 @@ void __init mark_linear_text_alias_ro(void)
 	update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text),
 			    (unsigned long)__init_begin - (unsigned long)_text,
 			    PAGE_KERNEL_RO);
+
+	/*
+	 * Register a PM notifier to remap the linear alias of data/bss as
+	 * valid read-only before hibernation. This is needed because the
+	 * snapshot logic disregards PageReserved pages (such as the ones
+	 * covering the kernel image) unless they are mapped in the linear
+	 * map.
+	 */
+	if (IS_ENABLED(CONFIG_HIBERNATION)) {
+		static struct notifier_block nb =3D {
+			.notifier_call =3D arm64_hibernate_pm_notify
+		};
+
+		register_pm_notifier(&nb);
+	}
 }
=20
 #ifdef CONFIG_KFENCE
@@ -1193,10 +1232,8 @@ static void __init map_mem(void)
 			       flags);
 	}
=20
-	/* Map the kernel data/bss read-only in the linear map */
-	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO, flags);
-	flush_tlb_kernel_range((unsigned long)lm_alias(__init_end),
-			       (unsigned long)lm_alias(__bss_stop));
+	/* Map the kernel data/bss as invalid in the linear map */
+	mark_linear_data_alias_valid(false);
 }
=20
 void mark_rodata_ro(void)
--=20
2.54.0.823.g6e5bcc1fc9-goog