From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 71B62CD5BD0 for ; Tue, 26 May 2026 11:19:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=b0KoELKRRwmDAfahfJTUc+uIobAEiMIKaEk4W23H/VQ=; b=T3mE9iyDh8cNo4l0CHJ+oFrFol lDS24x/ZAOUOJPYKrr6I25/+Swx6YGAAb5XBJKRnn9LkILodCZk0r08DOW68z6bNjfWUUFTlBaSdd VRX+TIGbPy48/9VGxfMv1rj8G3DXb2H8Vs2QwfdERuF+We4RHSNRWpIAz8aoikwjLfcVrF0IvcS7X P3DLJxGICIbUMvK7Tx36Za6rFfo+b1csPfJMxjcrrbD6QwBG8tRAyJYbPeyAxnk3cHOHYI07xaD2+ dhf++IYQcnpNnWQSfPeAwc+12mJXg8ACbgBxInv4rM0nMEmf6ynOQQprUv4uAsrQ1kvD5S2O2kPcw bRoD2New==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wRpoV-00000001ljo-0xLp; Tue, 26 May 2026 11:19:11 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wRpo3-00000001lNg-0ZwZ for linux-arm-kernel@lists.infradead.org; Tue, 26 May 2026 11:18:44 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 89889169C; Tue, 26 May 2026 04:18:36 -0700 (PDT) Received: from localhost.localdomain (e123572-lin.cambridge.arm.com [10.1.194.54]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BC66F3F7D8; Tue, 26 May 2026 04:18:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1779794321; bh=1IVD5j1CEJNPyQPo469MFlwKHyDekxyzAgV8ZeSmEgg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=THS/riMi7C5yQcst131e6BfWvHZ4j8Q20HLkik52Zm72DsWMl/F3IYHE37P+hWzP9 2QaD6gtm46vGTqYNVC5VpdhA2x4NweSGQMu396+ImDEXFL7P4m7fJJ3qrF9IML03vP BdsU/rSjQON0gBzdNwW7FYvfQPOi6TnNT9Fhjff0= From: Kevin Brodsky Date: Tue, 26 May 2026 12:16:09 +0100 Subject: [PATCH RFC v8 20/24] arm64: kpkeys: Protect init_pg_dir MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260526-kpkeys-v8-20-eaaacdacc67c@arm.com> References: <20260526-kpkeys-v8-0-eaaacdacc67c@arm.com> In-Reply-To: <20260526-kpkeys-v8-0-eaaacdacc67c@arm.com> To: linux-hardening@vger.kernel.org Cc: Kevin Brodsky , Andrew Morton , Andy Lutomirski , Catalin Marinas , Dave Hansen , "David Hildenbrand (Arm)" , Ira Weiny , Jann Horn , Jeff Xu , Joey Gouly , Kees Cook , Linus Walleij , Marc Zyngier , Mark Brown , Matthew Wilcox , Maxwell Bland , "Mike Rapoport (IBM)" , Peter Zijlstra , Pierre Langlois , Quentin Perret , Rick Edgecombe , Ryan Roberts , Vlastimil Babka , Will Deacon , Yang Shi , Yeoreum Yun , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, x86@kernel.org, Lorenzo Stoakes , Thomas Gleixner X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1779794212; l=1970; i=kevin.brodsky@arm.com; s=20260427; h=from:subject:message-id; bh=1IVD5j1CEJNPyQPo469MFlwKHyDekxyzAgV8ZeSmEgg=; b=eLwx8ZM98HqZWVbBPTdulrsM8wMwYsZj4yX7k59cAfxS1/a1XsaaZ1mq+NT0nBuxniE8ugJ+p 5p/YyudMugbAID64kvNWLERxI8zOLDYmfP09kHVZYs82bE1iYEQfIv9 X-Developer-Key: i=kevin.brodsky@arm.com; a=ed25519; pk=N2QG+eJKrvkNovwhhwJhnJ4+ScVfsGCHldmqLfcMTFs= X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.9.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260526_041843_304925_D37B318A X-CRM114-Status: GOOD ( 12.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When kpkeys_hardened_pgtables is enabled, protect the page tables that map the kernel image by setting the appropriate pkey for the linear mapping of those pages. Most other static page tables (e.g. swapper_pg_dir) should be read-only both in the kernel image mapping and the linear mapping, so there is no need to change their pkey. Signed-off-by: Kevin Brodsky --- arch/arm64/include/asm/kpkeys.h | 7 +++++++ arch/arm64/mm/mmu.c | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/kpkeys.h b/arch/arm64/include/asm/kpkeys.h index c1daab643195..382ae27532e3 100644 --- a/arch/arm64/include/asm/kpkeys.h +++ b/arch/arm64/include/asm/kpkeys.h @@ -64,6 +64,13 @@ static __always_inline void arch_kpkeys_restore_pkey_reg(u64 pkey_reg) #endif /* CONFIG_ARM64_POE */ +#ifdef CONFIG_KPKEYS_HARDENED_PGTABLES + +#define arch_kpkeys_protect_static_pgtables arch_kpkeys_protect_static_pgtables +void arch_kpkeys_protect_static_pgtables(void); + +#endif /* CONFIG_KPKEYS_HARDENED_PGTABLES */ + #endif /* __ASSEMBLY__ */ #endif /* __ASM_KPKEYS_H */ diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index a9cc189affd8..072500579c94 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1055,6 +1055,19 @@ void __init mark_linear_text_alias_ro(void) PAGE_KERNEL_RO); } +#ifdef CONFIG_KPKEYS_HARDENED_PGTABLES +void __init arch_kpkeys_protect_static_pgtables(void) +{ + extern char __pi_init_pg_dir[], __pi_init_pg_end[]; + unsigned long addr = (unsigned long)lm_alias(__pi_init_pg_dir); + unsigned long size = __pi_init_pg_end - __pi_init_pg_dir; + int ret; + + ret = set_memory_pkey(addr, size / PAGE_SIZE, KPKEYS_PKEY_PGTABLES); + WARN_ON(ret); +} +#endif /* CONFIG_KPKEYS_HARDENED_PGTABLES */ + #ifdef CONFIG_KFENCE bool __ro_after_init kfence_early_init = !!CONFIG_KFENCE_SAMPLE_INTERVAL; -- 2.51.2