From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org,
catalin.marinas@arm.com, mark.rutland@arm.com,
Ard Biesheuvel <ardb@kernel.org>,
Ryan Roberts <ryan.roberts@arm.com>,
Anshuman Khandual <anshuman.khandual@arm.com>,
Liz Prucka <lizprucka@google.com>,
Seth Jenkins <sethjenkins@google.com>,
Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
David Hildenbrand <david@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Jann Horn <jannh@google.com>,
linux-mm@kvack.org, linux-hardening@vger.kernel.org,
Kevin Brodsky <kevin.brodsky@arm.com>,
Feng Tang <feng.tang@linux.alibaba.com>
Subject: [PATCH v5 02/13] mm: Make empty_zero_page[] const
Date: Tue, 19 May 2026 17:16:19 +0200 [thread overview]
Message-ID: <20260519151616.2557018-17-ardb+git@google.com> (raw)
In-Reply-To: <20260519151616.2557018-15-ardb+git@google.com>
From: Ard Biesheuvel <ardb@kernel.org>
The empty zero page is used to back any kernel or user space mapping
that is supposed to remain cleared, and so the page itself is never
supposed to be modified.
So mark it as const, which moves it into .rodata rather than .bss: on
most architectures, this ensures that both the kernel's mapping of it
and any aliases that are accessible via the kernel direct (linear) map
are mapped read-only, and cannot be used (inadvertently or maliciously)
to corrupt the contents of the zero page.
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Acked-by: David Hildenbrand (Arm) <david@kernel.org>
Reviewed-by: Jann Horn <jannh@google.com>
Reviewed-by: Feng Tang <feng.tang@linux.alibaba.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
include/linux/pgtable.h | 2 +-
mm/mm_init.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index cdd68ed3ae1a..67aa23814010 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -1993,7 +1993,7 @@ static inline unsigned long zero_pfn(unsigned long addr)
return zero_page_pfn;
}
-extern uint8_t empty_zero_page[PAGE_SIZE];
+extern const uint8_t empty_zero_page[PAGE_SIZE];
extern struct page *__zero_page;
static inline struct page *_zero_page(unsigned long addr)
diff --git a/mm/mm_init.c b/mm/mm_init.c
index f9f8e1af921c..46cf001238c5 100644
--- a/mm/mm_init.c
+++ b/mm/mm_init.c
@@ -57,7 +57,7 @@ unsigned long zero_page_pfn __ro_after_init;
EXPORT_SYMBOL(zero_page_pfn);
#ifndef __HAVE_COLOR_ZERO_PAGE
-uint8_t empty_zero_page[PAGE_SIZE] __page_aligned_bss;
+const uint8_t empty_zero_page[PAGE_SIZE] __aligned(PAGE_SIZE);
EXPORT_SYMBOL(empty_zero_page);
struct page *__zero_page __ro_after_init;
--
2.54.0.563.g4f69b47b94-goog
next prev parent reply other threads:[~2026-05-19 15:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-19 15:16 [PATCH v5 00/13] arm64: Unmap linear alias of kernel data/bss Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 01/13] arm64: mm: Map the linear alias of text/rodata as tagged Ard Biesheuvel
2026-05-19 15:16 ` Ard Biesheuvel [this message]
2026-05-19 15:16 ` [PATCH v5 03/13] arm64: mm: Preserve existing table mappings when mapping DRAM Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 04/13] arm64: mm: Preserve non-contiguous descriptors " Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 05/13] arm64: mm: Remove bogus stop condition from map_mem() loop Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 06/13] arm64: mm: Drop redundant pgd_t* argument from map_mem() Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 07/13] arm64: mm: Permit contiguous descriptors to be rewritten Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 08/13] arm64: kfence: Avoid NOMAP tricks when mapping the early pool Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 09/13] arm64: mm: Permit contiguous attribute for preliminary mappings Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 10/13] arm64: Move fixmap page tables to end of kernel image Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 11/13] arm64: mm: Don't abuse memblock NOMAP to check for overlaps Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 12/13] arm64: mm: Map the kernel data/bss read-only in the linear map Ard Biesheuvel
2026-05-19 15:16 ` [PATCH v5 13/13] arm64: mm: Unmap kernel data/bss entirely from " Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260519151616.2557018-17-ardb+git@google.com \
--to=ardb+git@google.com \
--cc=akpm@linux-foundation.org \
--cc=anshuman.khandual@arm.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=david@kernel.org \
--cc=feng.tang@linux.alibaba.com \
--cc=jannh@google.com \
--cc=kees@kernel.org \
--cc=kevin.brodsky@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lizprucka@google.com \
--cc=mark.rutland@arm.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=sethjenkins@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox