From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org,
catalin.marinas@arm.com, mark.rutland@arm.com,
Ard Biesheuvel <ardb@kernel.org>,
Ryan Roberts <ryan.roberts@arm.com>,
Anshuman Khandual <anshuman.khandual@arm.com>,
Liz Prucka <lizprucka@google.com>,
Seth Jenkins <sethjenkins@google.com>,
Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
David Hildenbrand <david@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-hardening@vger.kernel.org
Subject: [PATCH v4 14/15] arm64: mm: Generalize manipulation code of read-only descriptors
Date: Mon, 27 Apr 2026 17:34:31 +0200 [thread overview]
Message-ID: <20260427153416.2103979-31-ardb+git@google.com> (raw)
In-Reply-To: <20260427153416.2103979-17-ardb+git@google.com>
From: Ard Biesheuvel <ardb@kernel.org>
Before moving the fixmap PUD/PMD tables into .rodata, update the
existing descriptor manipulation code so it will fallback to the fixmap
for any descriptor located in the .pgdir_rodata section.
This is slightly more costly, as it evaluates whether or not a
descriptor is in the kernel's rodata region at levels PMD and higher for
any configuration, rather than only when the level in question is the
root level.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/include/asm/pgtable.h | 27 ++++++++++----------
arch/arm64/kernel/vmlinux.lds.S | 8 ++++--
arch/arm64/mm/mmu.c | 24 ++++++++---------
3 files changed, 31 insertions(+), 28 deletions(-)
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index a1c5894332d9..94235dd428be 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -816,23 +816,22 @@ extern pgd_t swapper_pg_dir[];
extern pgd_t idmap_pg_dir[];
extern pgd_t tramp_pg_dir[];
extern pgd_t reserved_pg_dir[];
+extern pgd_t __pgdir_rodata_start[], __pgdir_rodata_end[];
-extern void set_swapper_pgd(pgd_t *pgdp, pgd_t pgd);
+extern void set_rodata_pte(pte_t *ptep, pte_t pte);
-static inline bool in_swapper_pgdir(void *addr)
+static inline bool in_pgdir_rodata(void *addr)
{
- return ((unsigned long)addr & PAGE_MASK) ==
- ((unsigned long)swapper_pg_dir & PAGE_MASK);
+ return addr >= (void *)__pgdir_rodata_start &&
+ addr < (void *)__pgdir_rodata_end;
}
static inline void set_pmd(pmd_t *pmdp, pmd_t pmd)
{
-#ifdef __PAGETABLE_PMD_FOLDED
- if (in_swapper_pgdir(pmdp)) {
- set_swapper_pgd((pgd_t *)pmdp, __pgd(pmd_val(pmd)));
+ if (in_pgdir_rodata(pmdp)) {
+ set_rodata_pte((pte_t *)pmdp, __pte(pmd_val(pmd)));
return;
}
-#endif /* __PAGETABLE_PMD_FOLDED */
WRITE_ONCE(*pmdp, pmd);
@@ -893,8 +892,8 @@ static inline bool pgtable_l4_enabled(void);
static inline void set_pud(pud_t *pudp, pud_t pud)
{
- if (!pgtable_l4_enabled() && in_swapper_pgdir(pudp)) {
- set_swapper_pgd((pgd_t *)pudp, __pgd(pud_val(pud)));
+ if (in_pgdir_rodata(pudp)) {
+ set_rodata_pte((pte_t *)pudp, __pte(pud_val(pud)));
return;
}
@@ -974,8 +973,8 @@ static inline bool mm_pud_folded(const struct mm_struct *mm)
static inline void set_p4d(p4d_t *p4dp, p4d_t p4d)
{
- if (in_swapper_pgdir(p4dp)) {
- set_swapper_pgd((pgd_t *)p4dp, __pgd(p4d_val(p4d)));
+ if (in_pgdir_rodata(p4dp)) {
+ set_rodata_pte((pte_t *)p4dp, __pte(p4d_val(p4d)));
return;
}
@@ -1102,8 +1101,8 @@ static inline bool mm_p4d_folded(const struct mm_struct *mm)
static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
{
- if (in_swapper_pgdir(pgdp)) {
- set_swapper_pgd(pgdp, __pgd(pgd_val(pgd)));
+ if (in_pgdir_rodata(pgdp)) {
+ set_rodata_pte((pte_t *)pgdp, __pte(pgd_val(pgd)));
return;
}
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 2dca18574619..e5e1d0fd7f27 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -243,8 +243,12 @@ SECTIONS
reserved_pg_dir = .;
. += PAGE_SIZE;
- swapper_pg_dir = .;
- . += PAGE_SIZE;
+ .pgdir_rodata : {
+ __pgdir_rodata_start = .;
+ swapper_pg_dir = .;
+ . += PAGE_SIZE;
+ __pgdir_rodata_end = .;
+ }
. = ALIGN(SEGMENT_ALIGN);
__init_begin = .;
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index a464f3d2d2df..84d81bae07a7 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -65,34 +65,34 @@ static bool rodata_is_rw __ro_after_init = true;
*/
long __section(".mmuoff.data.write") __early_cpu_boot_status;
-static DEFINE_SPINLOCK(swapper_pgdir_lock);
+static DEFINE_SPINLOCK(rodata_pgdir_lock);
static DEFINE_MUTEX(fixmap_lock);
-void noinstr set_swapper_pgd(pgd_t *pgdp, pgd_t pgd)
+void noinstr set_rodata_pte(pte_t *ptep, pte_t pte)
{
- pgd_t *fixmap_pgdp;
+ pte_t *fixmap_ptep;
/*
- * Don't bother with the fixmap if swapper_pg_dir is still mapped
- * writable in the kernel mapping.
+ * Don't bother with the fixmap if rodata is still mapped
+ * writable in the kernel and linear mappings.
*/
if (rodata_is_rw) {
- WRITE_ONCE(*pgdp, pgd);
+ WRITE_ONCE(*ptep, pte);
dsb(ishst);
isb();
return;
}
- spin_lock(&swapper_pgdir_lock);
- fixmap_pgdp = pgd_set_fixmap(__pa_symbol(pgdp));
- WRITE_ONCE(*fixmap_pgdp, pgd);
+ spin_lock(&rodata_pgdir_lock);
+ fixmap_ptep = pte_set_fixmap(__pa_nodebug(ptep));
+ WRITE_ONCE(*fixmap_ptep, pte);
/*
* We need dsb(ishst) here to ensure the page-table-walker sees
* our new entry before set_p?d() returns. The fixmap's
* flush_tlb_kernel_range() via clear_fixmap() does this for us.
*/
- pgd_clear_fixmap();
- spin_unlock(&swapper_pgdir_lock);
+ pte_clear_fixmap();
+ spin_unlock(&rodata_pgdir_lock);
}
pgprot_t phys_mem_access_prot(struct file *file, unsigned long pfn,
@@ -1071,6 +1071,7 @@ void __init mark_linear_text_alias_ro(void)
/*
* Remove the write permissions from the linear alias of .text/.rodata
*/
+ WRITE_ONCE(rodata_is_rw, false);
update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text),
(unsigned long)__init_begin - (unsigned long)_text,
pgprot_tagged(PAGE_KERNEL_RO));
@@ -1221,7 +1222,6 @@ void mark_rodata_ro(void)
* to cover NOTES and EXCEPTION_TABLE.
*/
section_size = (unsigned long)__init_begin - (unsigned long)__start_rodata;
- WRITE_ONCE(rodata_is_rw, false);
update_mapping_prot(__pa_symbol(__start_rodata), (unsigned long)__start_rodata,
section_size, PAGE_KERNEL_RO);
/* mark the range between _text and _stext as read only. */
--
2.54.0.rc2.544.gc7ae2d5bb8-goog
next prev parent reply other threads:[~2026-04-27 15:36 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 15:34 [PATCH v4 00/15] arm64: Unmap linear alias of kernel data/bss Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 01/15] arm64: mm: Map the linear alias of text/rodata as tagged Ard Biesheuvel
2026-04-28 14:16 ` Kevin Brodsky
2026-04-28 16:23 ` Ard Biesheuvel
2026-04-29 7:57 ` Kevin Brodsky
2026-04-29 7:58 ` Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 02/15] mm: Make empty_zero_page __ro_after_init Ard Biesheuvel
2026-04-28 12:27 ` Mike Rapoport
2026-04-28 14:16 ` Kevin Brodsky
2026-04-28 19:51 ` David Hildenbrand (Arm)
2026-05-09 11:04 ` Kiryl Shutsemau
2026-05-08 17:02 ` Jann Horn
2026-05-11 8:59 ` Ard Biesheuvel
2026-05-11 14:40 ` Jann Horn
2026-05-12 12:56 ` Ard Biesheuvel
2026-05-13 8:50 ` Mike Rapoport
2026-05-13 8:53 ` Ard Biesheuvel
2026-05-13 10:28 ` Mike Rapoport
2026-05-11 18:45 ` Kees Cook
2026-05-11 19:01 ` Jann Horn
2026-05-11 2:55 ` Feng Tang
2026-04-27 15:34 ` [PATCH v4 03/15] arm64: mm: Preserve existing table mappings when mapping DRAM Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 04/15] arm64: mm: Preserve non-contiguous descriptors " Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 05/15] arm64: mm: Remove bogus stop condition from map_mem() loop Ard Biesheuvel
2026-04-28 14:33 ` Kevin Brodsky
2026-04-27 15:34 ` [PATCH v4 06/15] arm64: mm: Drop redundant pgd_t* argument from map_mem() Ard Biesheuvel
2026-04-28 14:33 ` Kevin Brodsky
2026-04-27 15:34 ` [PATCH v4 07/15] arm64: mm: Permit contiguous descriptors to be rewritten Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 08/15] arm64: kfence: Avoid NOMAP tricks when mapping the early pool Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 09/15] arm64: mm: Permit contiguous attribute for preliminary mappings Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 10/15] arm64: Move fixmap page tables to end of kernel image Ard Biesheuvel
2026-04-29 13:52 ` Kevin Brodsky
2026-04-27 15:34 ` [PATCH v4 11/15] arm64: mm: Don't abuse memblock NOMAP to check for overlaps Ard Biesheuvel
2026-04-29 10:54 ` Kevin Brodsky
2026-04-29 14:23 ` Ard Biesheuvel
2026-04-29 14:30 ` Kevin Brodsky
2026-04-27 15:34 ` [PATCH v4 12/15] arm64: mm: Map the kernel data/bss read-only in the linear map Ard Biesheuvel
2026-04-29 13:54 ` Kevin Brodsky
2026-04-29 14:46 ` Ard Biesheuvel
2026-05-04 8:50 ` Kevin Brodsky
2026-04-27 15:34 ` [PATCH v4 13/15] arm64: mm: Unmap kernel data/bss entirely from " Ard Biesheuvel
2026-04-29 13:55 ` Kevin Brodsky
2026-04-29 17:37 ` Ard Biesheuvel
2026-05-04 8:52 ` Kevin Brodsky
2026-04-27 15:34 ` Ard Biesheuvel [this message]
2026-04-29 13:57 ` [PATCH v4 14/15] arm64: mm: Generalize manipulation code of read-only descriptors Kevin Brodsky
2026-04-27 15:34 ` [PATCH v4 15/15] arm64: mm: Remap linear aliases of the fixmap page tables read-only Ard Biesheuvel
2026-04-29 13:57 ` Kevin Brodsky
2026-04-29 14:08 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260427153416.2103979-31-ardb+git@google.com \
--to=ardb+git@google.com \
--cc=akpm@linux-foundation.org \
--cc=anshuman.khandual@arm.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=david@kernel.org \
--cc=kees@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lizprucka@google.com \
--cc=mark.rutland@arm.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=sethjenkins@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.