Hi all,

This series makes the persistent huge zero folio read-only in the direct
map where the architecture can support it.

The motivation comes from Jann Horn's read-only zero page work[1] and the
follow-up discussion[2] with Yang Shi. As Jann pointed out, the kernel has
had bugs, including security bugs, where pages taken with read-only
semantics were later written to. For the huge zero folio, making the direct
map read-only turns such writes into faults instead of silently corrupting
shared zero contents.

Patch 1 adds a generic arch_make_pages_readonly() hook and uses it after
the persistent huge zero folio is allocated. Patches 2 and 3 implement the
hook for arm64 and x86.

If the hook is not implemented, or the architecture cannot safely update
the mapping, the existing writable mapping is left in place.

[1] https://lore.kernel.org/linux-mm/20260508-ro-zeropage-v1-1-9808abc20b49@google.com/
[2] https://lore.kernel.org/linux-mm/CAHbLzkrXXe7r3n3jXgDKtwZhRqj=jDx9E6dLOULohnhBguvi9A@mail.gmail.com/

RFC v1 -> RFC v2:
- Patch #01: Drop the READONLY_HUGE_ZERO_FOLIO Kconfig option
  (per Dave, thanks!).
- Patch #01: Replace the huge-zero-folio-specific hook with a generic
  page-range hook (per David, thanks!)
- Patch #02 and #03: Update the arm64 and x86 implementations for the new
  hook.
- https://lore.kernel.org/linux-mm/20260527035607.14919-1-xueyuan.chen21@gmail.com/

Xueyuan Chen (3):
  mm/huge_memory: make persistent huge zero folio read-only
  arm64/mm: make pages read-only in the linear map
  x86/mm: make pages read-only in the direct map

 arch/arm64/mm/pageattr.c | 13 +++++++++++++
 arch/x86/mm/init.c       |  9 +++++++++
 include/linux/mm.h       |  2 ++
 mm/huge_memory.c         | 13 ++++++++++++-
 4 files changed, 36 insertions(+), 1 deletion(-)

-- 
2.47.3