From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 519B9CD3427 for ; Tue, 5 May 2026 16:08:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=s3dq8O6d8NmXc5O/4sli56t/m7UACYHp8TI4lFc3/NA=; b=B361H3Lbk5N1+fydSiTFWVT93N OV4ah3c6tLfRNzjb3aj/g0ltFE5FEOrs44Lwtsb9lfW/OTqs8mKRhvRO/pzzDVMemJk0bpYKkR15t NTyYD/JFxuG/gd06Ljc3OeM4reQCTzWHHxWCqVgdqp0BnCdgVhWbGeSr9CsehrZiGOR+WTVh5iTpc i84xjGxgMFg9cNh2TztWNj1gGUH4iSAhJsrRnXjrpGfHGWF68CltQUqnprTfvK/w8T76t4IK1wq5B zJVRG1A/rmYyAOoAVwi/bnSK7kNY2hDxUabblAMlVyORtsHszJxJbTGRU8ejZ+l0opDJ/q7mpxUmT UOIkN7TQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1wKIJj-0000000Gngv-1Mnh; Tue, 05 May 2026 16:08:15 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1wKIJg-0000000GndE-1MjP for linux-arm-kernel@lists.infradead.org; Tue, 05 May 2026 16:08:13 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5CA2414BF; Tue, 5 May 2026 09:08:06 -0700 (PDT) Received: from localhost.localdomain (e123572-lin.cambridge.arm.com [10.1.194.54]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 96D743F763; Tue, 5 May 2026 09:08:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1777997291; bh=vINnrx3zWSjR/6habDkgMgD8LqwrfTQUOR9ysKRLj5A=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Sz1by1e6eRhCELKEY+Eyq+rsTuniaXf5+PqT1X0yQjZIReJ6Gn5u8T9Go+2W19DZ0 raHdjjPsdL4frdLCpTofS2QdrvQAAIRb1YoQDErymK5RqV/u7JS+71Nyan7jKhDCQ9 gLo7S1Or5aq6f9fM8+yiKuhAEZ2gcih3LDnAGiC4= From: Kevin Brodsky Date: Tue, 05 May 2026 17:06:04 +0100 Subject: [PATCH RFC v7 15/24] mm: kpkeys: Introduce hook for protecting static page tables MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260505-kpkeys-v7-15-20c0bdd97197@arm.com> References: <20260505-kpkeys-v7-0-20c0bdd97197@arm.com> In-Reply-To: <20260505-kpkeys-v7-0-20c0bdd97197@arm.com> To: linux-hardening@vger.kernel.org Cc: Kevin Brodsky , Andrew Morton , Andy Lutomirski , Catalin Marinas , Dave Hansen , "David Hildenbrand (Arm)" , Ira Weiny , Jann Horn , Jeff Xu , Joey Gouly , Kees Cook , Linus Walleij , Marc Zyngier , Mark Brown , Matthew Wilcox , Maxwell Bland , "Mike Rapoport (IBM)" , Peter Zijlstra , Pierre Langlois , Quentin Perret , Rick Edgecombe , Ryan Roberts , Will Deacon , Yang Shi , Yeoreum Yun , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, x86@kernel.org, Lorenzo Stoakes , Thomas Gleixner , Vlastimil Babka X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777997220; l=1755; i=kevin.brodsky@arm.com; s=20260427; h=from:subject:message-id; bh=vINnrx3zWSjR/6habDkgMgD8LqwrfTQUOR9ysKRLj5A=; b=urhbr3eEotRkuf/VqGLzk0z6RAzpgYY8gl0kZHrHnrAINYjJtkYR1qbJSvZ0vXWCYj6mSlhWU aFlEW0GDkSuDNt6LxoaJCvAZ3wrc1GrmM9zW197X5jDBxuHt+bxXaM5 X-Developer-Key: i=kevin.brodsky@arm.com; a=ed25519; pk=N2QG+eJKrvkNovwhhwJhnJ4+ScVfsGCHldmqLfcMTFs= X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260505_090812_510675_7C95B892 X-CRM114-Status: GOOD ( 11.65 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The kpkeys_hardened_pgtables infrastructure introduced so far allows compatible architectures to protect all page table pages (PTPs) allocated at runtime (first via memblock, then the buddy allocator). Some PTPs are however required even earlier, before any allocator is available. This is typically needed for mapping the kernel image itself. These PTPs are at least as sensitive as those allocated later on, and should be protected by mapping them with the privileged pkey. Exactly how these pages are obtained is entirely arch-specific, so we introduce a hook to let architectures that implement kpkeys_hardened_pgtables do the right thing. Signed-off-by: Kevin Brodsky --- include/linux/kpkeys.h | 4 ++++ mm/kpkeys_hardened_pgtables.c | 1 + 2 files changed, 5 insertions(+) diff --git a/include/linux/kpkeys.h b/include/linux/kpkeys.h index 544a2d954bc1..3f7f980f3a7c 100644 --- a/include/linux/kpkeys.h +++ b/include/linux/kpkeys.h @@ -142,6 +142,10 @@ void kpkeys_hardened_pgtables_init(void); phys_addr_t kpkeys_physmem_pgtable_alloc(void); +#ifndef arch_kpkeys_protect_static_pgtables +static inline void arch_kpkeys_protect_static_pgtables(void) {} +#endif + #else /* CONFIG_KPKEYS_HARDENED_PGTABLES */ static inline bool kpkeys_hardened_pgtables_enabled(void) diff --git a/mm/kpkeys_hardened_pgtables.c b/mm/kpkeys_hardened_pgtables.c index c7a8935571ac..9c6f32741009 100644 --- a/mm/kpkeys_hardened_pgtables.c +++ b/mm/kpkeys_hardened_pgtables.c @@ -66,6 +66,7 @@ void __init kpkeys_hardened_pgtables_init(void) static_branch_enable(&kpkeys_hardened_pgtables_key); ppa_finalize(); + arch_kpkeys_protect_static_pgtables(); } /* -- 2.51.2