From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B827ACD3427 for ; Tue, 5 May 2026 16:08:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=vd4ZUQgM8P2GyadStQQNoCo66Qnx/0mJN0Vgcwg0f0s=; b=q8CsVNF/oWYtCePmST7PUPG4/U 3IbCNdQnS131ZuYd9cAWxjBwcyOvC3O0GbXTmIk4TeWpDtPG36K0SE6YB6tFPxl6FiyLoSo3voHZL xBDe8cUrlDuaZ/f2DgrTcqk/jFxIsDikYoYCNPDMXa5HcJS9L+zawCdMLMvcNP5MXW0pdBRO4kqjn khqiNdh7je5a3VAaWKTKUuhp+B9zRGMPpw+hSoBUKfuyJ8FiKJqW+XRhIofhjjlIqMKbtHWxWheMX fN8GmFldGmFbUOO+dUeynXrl9zH9GIGp9L9RW+2ObtKBLuGqaZS0XkELBpw6B1UKRbEpUSHXVPueN wybfBlXA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1wKIK6-0000000GoBS-2DSF; Tue, 05 May 2026 16:08:38 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1wKIK3-0000000Go6N-1JcU for linux-arm-kernel@lists.infradead.org; Tue, 05 May 2026 16:08:36 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9588814BF; Tue, 5 May 2026 09:08:28 -0700 (PDT) Received: from localhost.localdomain (e123572-lin.cambridge.arm.com [10.1.194.54]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CF7AF3F763; Tue, 5 May 2026 09:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1777997313; bh=0t/i/af7XbPJAM8LRw7f7gNVe6Lqn8pDjULpf1JYXBk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SF6Ni3DHfg3cr3g1wGonGVfVeGZWjyIIj12L52MNiRx7v3ly3BLW5woW8lEXXJrEB Dg3rAyjjcetccCXjgz9E4QIJYNmvaXRK+YXjWoHRtd+5kSyH9d5NFlgf3kj7tXVSfU mw2oS1KMTotj0U/1TXo+uCvRLQibhnRnRdiOE5To= From: Kevin Brodsky Date: Tue, 05 May 2026 17:06:09 +0100 Subject: [PATCH RFC v7 20/24] arm64: kpkeys: Protect init_pg_dir MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260505-kpkeys-v7-20-20c0bdd97197@arm.com> References: <20260505-kpkeys-v7-0-20c0bdd97197@arm.com> In-Reply-To: <20260505-kpkeys-v7-0-20c0bdd97197@arm.com> To: linux-hardening@vger.kernel.org Cc: Kevin Brodsky , Andrew Morton , Andy Lutomirski , Catalin Marinas , Dave Hansen , "David Hildenbrand (Arm)" , Ira Weiny , Jann Horn , Jeff Xu , Joey Gouly , Kees Cook , Linus Walleij , Marc Zyngier , Mark Brown , Matthew Wilcox , Maxwell Bland , "Mike Rapoport (IBM)" , Peter Zijlstra , Pierre Langlois , Quentin Perret , Rick Edgecombe , Ryan Roberts , Will Deacon , Yang Shi , Yeoreum Yun , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, x86@kernel.org, Lorenzo Stoakes , Thomas Gleixner , Vlastimil Babka X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777997220; l=1970; i=kevin.brodsky@arm.com; s=20260427; h=from:subject:message-id; bh=0t/i/af7XbPJAM8LRw7f7gNVe6Lqn8pDjULpf1JYXBk=; b=8O9rU2WpeFiig0WwB/55Pw3dRg5PB0MCy4d/wM+xL2uu2T2n6EVglq54KE7Cu8c6GFeCbvk4c 2rsHMMhC1tOBX3m4pUGvVy/6bqpBhQunPbd4GPrmI/Jt1MJl9FO4Or+ X-Developer-Key: i=kevin.brodsky@arm.com; a=ed25519; pk=N2QG+eJKrvkNovwhhwJhnJ4+ScVfsGCHldmqLfcMTFs= X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260505_090835_520104_CD793E89 X-CRM114-Status: GOOD ( 13.29 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When kpkeys_hardened_pgtables is enabled, protect the page tables that map the kernel image by setting the appropriate pkey for the linear mapping of those pages. Most other static page tables (e.g. swapper_pg_dir) should be read-only both in the kernel image mapping and the linear mapping, so there is no need to change their pkey. Signed-off-by: Kevin Brodsky --- arch/arm64/include/asm/kpkeys.h | 7 +++++++ arch/arm64/mm/mmu.c | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/kpkeys.h b/arch/arm64/include/asm/kpkeys.h index 0c155b970582..71e2035566f4 100644 --- a/arch/arm64/include/asm/kpkeys.h +++ b/arch/arm64/include/asm/kpkeys.h @@ -64,6 +64,13 @@ static __always_inline void arch_kpkeys_restore_pkey_reg(u64 pkey_reg) #endif /* CONFIG_ARM64_POE */ +#ifdef CONFIG_KPKEYS_HARDENED_PGTABLES + +#define arch_kpkeys_protect_static_pgtables arch_kpkeys_protect_static_pgtables +void arch_kpkeys_protect_static_pgtables(void); + +#endif /* CONFIG_KPKEYS_HARDENED_PGTABLES */ + #endif /* __ASSEMBLY__ */ #endif /* __ASM_KPKEYS_H */ diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 4b9218483dd2..28100ad547e9 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1055,6 +1055,19 @@ void __init mark_linear_text_alias_ro(void) PAGE_KERNEL_RO); } +#ifdef CONFIG_KPKEYS_HARDENED_PGTABLES +void __init arch_kpkeys_protect_static_pgtables(void) +{ + extern char __pi_init_pg_dir[], __pi_init_pg_end[]; + unsigned long addr = (unsigned long)lm_alias(__pi_init_pg_dir); + unsigned long size = __pi_init_pg_end - __pi_init_pg_dir; + int ret; + + ret = set_memory_pkey(addr, size / PAGE_SIZE, KPKEYS_PKEY_PGTABLES); + WARN_ON(ret); +} +#endif /* CONFIG_KPKEYS_HARDENED_PGTABLES */ + #ifdef CONFIG_KFENCE bool __ro_after_init kfence_early_init = !!CONFIG_KFENCE_SAMPLE_INTERVAL; -- 2.51.2