[PATCH v4 12/15] arm64: mm: Map the kernel data/bss read-only in the linear map

public inbox for linux-mm@kvack.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, will@kernel.org,
	catalin.marinas@arm.com,  mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>,
	Ryan Roberts <ryan.roberts@arm.com>,
	 Anshuman Khandual <anshuman.khandual@arm.com>,
	Liz Prucka <lizprucka@google.com>,
	 Seth Jenkins <sethjenkins@google.com>,
	Kees Cook <kees@kernel.org>,  Mike Rapoport <rppt@kernel.org>,
	David Hildenbrand <david@kernel.org>,
	 Andrew Morton <akpm@linux-foundation.org>,
	linux-mm@kvack.org,  linux-hardening@vger.kernel.org
Subject: [PATCH v4 12/15] arm64: mm: Map the kernel data/bss read-only in the linear map
Date: Mon, 27 Apr 2026 17:34:29 +0200	[thread overview]
Message-ID: <20260427153416.2103979-29-ardb+git@google.com> (raw)
In-Reply-To: <20260427153416.2103979-17-ardb+git@google.com>

From: Ard Biesheuvel <ardb@kernel.org>

On systems where the bootloader adheres to the original arm64 boot
protocol, the placement of the kernel in the physical address space is
highly predictable, and this makes the placement of its linear alias in
the kernel virtual address space equally predictable, given the lack of
randomization of the linear map.

The linear aliases of the kernel text and rodata regions are already
mapped read-only, but the kernel data and bss are mapped read-write in
this region. This is not needed, so map them read-only as well.

Note that the statically allocated kernel page tables do need to be
modifiable via the linear map, so leave these mapped read-write.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/include/asm/sections.h |  1 +
 arch/arm64/mm/mmu.c               | 16 ++++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/sections.h b/arch/arm64/include/asm/sections.h
index 51b0d594239e..32ec21af0823 100644
--- a/arch/arm64/include/asm/sections.h
+++ b/arch/arm64/include/asm/sections.h
@@ -23,6 +23,7 @@ extern char __irqentry_text_start[], __irqentry_text_end[];
 extern char __mmuoff_data_start[], __mmuoff_data_end[];
 extern char __entry_tramp_text_start[], __entry_tramp_text_end[];
 extern char __relocate_new_kernel_start[], __relocate_new_kernel_end[];
+extern char __fixmap_pgdir_start[];
 
 static inline size_t entry_tramp_text_size(void)
 {
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 1a4b4337d29a..9361b7efb848 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1122,7 +1122,9 @@ static void __init map_mem(void)
 {
 	static const u64 direct_map_end = _PAGE_END(VA_BITS_MIN);
 	phys_addr_t kernel_start = __pa_symbol(_text);
-	phys_addr_t kernel_end = __pa_symbol(__init_begin);
+	phys_addr_t init_begin = __pa_symbol(__init_begin);
+	phys_addr_t init_end = __pa_symbol(__init_end);
+	phys_addr_t kernel_end = __pa_symbol(__fixmap_pgdir_start);
 	phys_addr_t start, end;
 	int flags = NO_EXEC_MAPPINGS;
 	u64 i;
@@ -1155,7 +1157,11 @@ static void __init map_mem(void)
 	 * of the region accessible to subsystems such as hibernate,
 	 * but protects it from inadvertent modification or execution.
 	 */
-	__map_memblock(kernel_start, kernel_end, pgprot_tagged(PAGE_KERNEL),
+	__map_memblock(kernel_start, init_begin, pgprot_tagged(PAGE_KERNEL),
+		       flags);
+
+	/* Map the kernel data/bss so it can be remapped later */
+	__map_memblock(init_end, kernel_end, pgprot_tagged(PAGE_KERNEL),
 		       flags);
 
 	/* map all the memory banks */
@@ -1168,6 +1174,12 @@ static void __init map_mem(void)
 		__map_memblock(start, end, pgprot_tagged(PAGE_KERNEL),
 			       flags);
 	}
+
+	/* Map the kernel data/bss read-only in the linear map */
+	__map_memblock(init_end, kernel_end, pgprot_tagged(PAGE_KERNEL_RO),
+		       flags);
+	flush_tlb_kernel_range((unsigned long)lm_alias(__init_end),
+			       (unsigned long)lm_alias(__fixmap_pgdir_start));
 }
 
 void mark_rodata_ro(void)
-- 
2.54.0.rc2.544.gc7ae2d5bb8-goog

next prev parent reply	other threads:[~2026-04-27 15:41 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-27 15:34 [PATCH v4 00/15] arm64: Unmap linear alias of kernel data/bss Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 01/15] arm64: mm: Map the linear alias of text/rodata as tagged Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 02/15] mm: Make empty_zero_page __ro_after_init Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 03/15] arm64: mm: Preserve existing table mappings when mapping DRAM Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 04/15] arm64: mm: Preserve non-contiguous descriptors " Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 05/15] arm64: mm: Remove bogus stop condition from map_mem() loop Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 06/15] arm64: mm: Drop redundant pgd_t* argument from map_mem() Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 07/15] arm64: mm: Permit contiguous descriptors to be rewritten Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 08/15] arm64: kfence: Avoid NOMAP tricks when mapping the early pool Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 09/15] arm64: mm: Permit contiguous attribute for preliminary mappings Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 10/15] arm64: Move fixmap page tables to end of kernel image Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 11/15] arm64: mm: Don't abuse memblock NOMAP to check for overlaps Ard Biesheuvel
2026-04-27 15:34 ` Ard Biesheuvel [this message]
2026-04-27 15:34 ` [PATCH v4 13/15] arm64: mm: Unmap kernel data/bss entirely from the linear map Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 14/15] arm64: mm: Generalize manipulation code of read-only descriptors Ard Biesheuvel
2026-04-27 15:34 ` [PATCH v4 15/15] arm64: mm: Remap linear aliases of the fixmap page tables read-only Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:51b0d594239 dfblob:32ec21af082 dfblob:1a4b4337d29
dfblob:9361b7efb84 )
 OR (
bs:"[PATCH v4 12/15] arm64: mm: Map the kernel data/bss read-only in the linear map" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260427153416.2103979-29-ardb+git@google.com \
    --to=ardb+git@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=anshuman.khandual@arm.com \
    --cc=ardb@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=david@kernel.org \
    --cc=kees@kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lizprucka@google.com \
    --cc=mark.rutland@arm.com \
    --cc=rppt@kernel.org \
    --cc=ryan.roberts@arm.com \
    --cc=sethjenkins@google.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox