From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5E8439E9BD
	for <linux-kernel@vger.kernel.org>; Tue, 23 Jun 2026 20:28:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1782246508; cv=none; b=aWnnW4XtxKULT4LiOiO67AY6IK7FJNKfu+zpv8y32JidBmwL535HuJExt/ljuoZFEDJ/rI4aINUE+elwZbfKf9EfxAuOUN2ZkcAaSGynBaFlIAnWQy+TRpde1cs0/YzfJcNfYgP0vV2GE4O+az8emYqKdPjlI6VcfoFL+Xrtqr0=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1782246508; c=relaxed/simple;
	bh=hHNfqvzswZNC2MTlMce18uNe5xrcthIGvLJ0Z4Q9GqY=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=qgHlwHvcpuLxILnEtTII2rhjYplor7ffXGcXg6ooeiUw4N4syLHLg04JV2b0609nP94MQ5L+VdRKbCkws/o7HsxikIRESR/vizTHugGdIP/jjP+XqZIpEXyPCXAWdMtgPA0Pdwg8H8QsSShjdQ0FLUK+Repox6foJeqaGXseNeA=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Jkxn4gUc; arc=none smtp.client-ip=209.85.128.74
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Jkxn4gUc"
Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-490b2f22ea2so1960865e9.1
        for <linux-kernel@vger.kernel.org>; Tue, 23 Jun 2026 13:28:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1782246505; x=1782851305; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=egV2Cj27OGtBaELQk+zCjLaNq17lbZGojv4n+pNUxY4=;
        b=Jkxn4gUcSX0AXNuNnqoM3CjcM4gW4xjcPUNhAd9+FUxP7gLxHrAFHS7jFeQrVA+Hhc
         uI6e3IYWbxzjO4bg8FpI8wvQFPFsmyR1OTaBstitbSazcSY9NVIF2qiRLEBydFeUowlX
         4IjCR9Rph28p10myKuyDZKU4MnIDJoUcM6ckXC3PcV8VK1OP9x2vnzNf2ii9QI4KNC4e
         tKJIfvFkTFNDIpLX4huNCJgU6pjOSUwctKE/l+5WFJ8wLCDLs1LfaqXwS2eTKX0OnASZ
         8WLMBR9l9If5OB1LZiCgeEK5V+Tam8J5WOnXuFr1BHk/TtDs0bTGJFDkOoWaLHI3OA0P
         f29Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1782246505; x=1782851305;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=egV2Cj27OGtBaELQk+zCjLaNq17lbZGojv4n+pNUxY4=;
        b=Wsh4JYpN/0iIkLByNcLnQ2jNWL5pFZj06duDCdwhLxkF/f88VKacceV3CGVedt42gP
         OLig9TKii/AAg64MQqZYNhWlo1qgsjac5w+0Hk/enrCRSSzrsHlwmptyR36s55WYNyLd
         ABjaYnLvmiAv0LuxTj4mdQHWaerODd7qQjNEOPWH8KMoRWL0z7raBVro8+SkKKxUgEAU
         Z3z+n3/AGTxVTP0oUD4RHt9qaqHmjsRTFyTl9ehXt5Vl29tfUJPyj6OtOgH9q7Fs4gVr
         /mnVjC80awu0D6zJBg/0OLzJiqt93flqCTY/zCM02p3fPZzBzCRtgoqHWP5ZMwrRxQSn
         gTxA==
X-Gm-Message-State: AOJu0Ywstu0Z8EYBaKykD+fb7Em1xpDnQdtvOitcYBhv0/GX8CHW2WUY
	4QaDkggULZenjlF6jbVDokSLID+k8WOowjnGq3gluRM3dwA7yrVqQP06HiW5Y57CmiaYxvxXRw=
	=
X-Received: from wrbfr5.prod.google.com ([2002:a05:6000:2a85:b0:468:7f36:9f66])
 (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4ec8:b0:492:5e21:458b
 with SMTP id 5b1f17b1804b1-4926084aad6mr3025575e9.8.1782246505129; Tue, 23
 Jun 2026 13:28:25 -0700 (PDT)
Date: Tue, 23 Jun 2026 22:28:18 +0200
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=2520; i=ardb@kernel.org;
 h=from:subject; bh=BHcLpzq4nDfnEcAf94/iXBUylDTH/0C5UUQpTrqyW+8=;
 b=owGbwMvMwCVmkMcZplerG8N4Wi2JIcvqTVLFl+23LVfnaEyRF9F2EeHYcvTqYZmm10vfTRLb2
 9fLfrexo5SFQYyLQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAEzE5SfDL+Y/zRfe1rCmTZDa
 zsymlaP37MDNHXd2zBZ6FfZr3c+SlGsM/xMuHo8+J67xUso/ztnrklrR7ykPKla8ZkkpuBJ3bS9 7GxcA
X-Mailer: git-send-email 2.55.0.rc0.799.gd6f94ed593-goog
Message-ID: <20260623202817.2225495-2-ardb+git@google.com>
Subject: [PATCH v2] arm64: mm: Defer read-only remap of data/bss linear alias
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, catalin.marinas@arm.com, will@kernel.org, 
	Kevin Brodsky <kevin.brodsky@arm.com>, Ard Biesheuvel <ardb@kernel.org>, 
	Fuad Tabba <fuad.tabba@linux.dev>
Content-Type: text/plain; charset="UTF-8"

From: Ard Biesheuvel <ardb@kernel.org>

Since commit

  f2ba877402e5 ("arm64: mm: Map the kernel data/bss read-only in the linear map")

the linear alias of the .data and .bss regions is remapped read-only
early during the boot. (Note that a subsequent patch to unmap this
region entirely was reverted just before the v7.2 merge window, and will
be brought back in an improved form for the v7.3 cycle)

Fuad reports that in some cases, the KVM init code may apply relocations
to variables that reside in .data, and does so via the linear map. This
means that remapping .data read-only beforehand is a bad idea, and
results in an early boot crash.

These variables in .data are only present when CONFIG_NVHE_EL2_DEBUG or
CONFIG_NVHE_EL2_TRACING are enabled, which is why it was not spotted in
testing.

So move the remap to mark_rodata_ro(), which is a reasonable place to
put this, and ensures that it happens much later during the boot. It
also means that rodata=off is now taken into account, and so the linear
alias will remain writable in that case.

Fixes: f2ba877402e5 ("arm64: mm: Map the kernel data/bss read-only in the linear map")
Reviewed-by: Fuad Tabba <fuad.tabba@linux.dev>
Tested-by: Fuad Tabba < fuad.tabba@linux.dev>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
v2: improve changelog, add Fuad's R-b

 arch/arm64/mm/mmu.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 9f354971b7e4..1f7eca86b5c1 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1198,11 +1198,6 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
-
-	/* Map the kernel data/bss read-only in the linear map */
-	__map_memblock(init_end, kernel_end, PAGE_KERNEL_RO, flags);
-	flush_tlb_kernel_range((unsigned long)lm_alias(__init_end),
-			       (unsigned long)lm_alias(__bss_stop));
 }
 
 void mark_rodata_ro(void)
@@ -1221,6 +1216,12 @@ void mark_rodata_ro(void)
 	update_mapping_prot(__pa_symbol(_text), (unsigned long)_text,
 			    (unsigned long)_stext - (unsigned long)_text,
 			    PAGE_KERNEL_RO);
+
+	/* Map the kernel data/bss read-only in the linear map */
+	update_mapping_prot(__pa_symbol(__init_end),
+			    (unsigned long)lm_alias(__init_end),
+			    (unsigned long)__bss_stop - (unsigned long)__init_end,
+			    PAGE_KERNEL_RO);
 }
 
 static void __init declare_vma(struct vm_struct *vma,
-- 
2.55.0.rc0.799.gd6f94ed593-goog