From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD48C238C0A for ; Mon, 19 Jan 2026 16:56:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841782; cv=none; b=hK4n9Nz/5IkWEnTjR8exC0Wo1hQBRK3+Uyx4jGem2/F7kKnoolM7xoh4IlrK2/oqJN2HiZJpwtlgM5oK3MHLe1lPAwIt9tCkY0wOd9DKfAhmlWBypcwYPFArOc6CHHOVoxsrqQ8TAzFAZxC5Ol1DeQU1uaJFdX8rqQLotsy/CPw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768841782; c=relaxed/simple; bh=oSLjBzTnXVDAP/mRF3nvEwY1etD3IWQlp28E/rtnbJE=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=J0hdlxm/zL4YV4XaD/Lm/vwyFHhFAw+bxjCTMLomfS5kjrr/MrAyZ9ik9EUwpB0U+BV/oZyf4S1pJlYRomQjIgEUaeOpuJN0ZmIi7JamX+oJ5sVxmkJGpBloV9W75e68SUaOm3rsGVhOlzgDWmN5wLk1b29wmYfFyQkvT3TCkmc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=CAD1hkpd; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CAD1hkpd" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-47ee33324e8so26113465e9.1 for ; Mon, 19 Jan 2026 08:56:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768841779; x=1769446579; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=cqYx/rmicLVCTzWxpJX94exhCZFDVHuQzS79ABnXJGg=; b=CAD1hkpdsxk/jqcW0Lb51JdO3Co63PJKo2CEByA+fNb6SapJaCm1h/kHN5kEarF2ig hugdd2VFCuZqG+Zv894aumxvq35Acgb5ZyJfrZOgs2FYlloI/4me2lLEkjCwp0we913Z sn01FBnsDIZzk/In49CB+B3CfOQ3eaQ220vMYHHMW+zltt6YJPx+YDoMuaMcLpyd3wX8 fwvStK+rg78Ig1pkosu3kjb5WORQUrCA7+52okUZB61ILG2ZJbtwl1LBhb5rwU6YZLvE +hdFHjDlLvrrcf+zG5x0dSyWd+uhGpojEJEnfSSNcO9TJS+o2P5H2rQr9CNfXe+bIclO w1nA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768841779; x=1769446579; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=cqYx/rmicLVCTzWxpJX94exhCZFDVHuQzS79ABnXJGg=; b=gXYqMIV+HPXGxC0xMt1QEe32b5PbINCyI9m8YKnEZA2lctnxcG7TC7p2XZ7lItU1up t9FSjbOCMIAGw9Um6ZdQiaxNQvYANls5vo916h1WKjbhEoFE2FP4l5GOvyuOr1KMRxGI tDEKHF6qam4A6SoLj8VocX/rQ8K1NMIeybliVU12U+fqykPv8kTtP6JC5WYdfOe1/Xz/ ALMWfhUZEVVvPIuoKogXiSzzk8Os0obun/2cRiFK3vC35d7f2sM+6JOeRgO8uHzyfPCa JorYNZVBG96ytXVbFqQLrSpYN5u20LnIG3hXE7YbM64wVvIL39DvdjU3E/sUWwXzrkqI o+oA== X-Gm-Message-State: AOJu0YyFqfHZYxMD0m7gpUhjudE3WwGCvgTVZboUIiJkc+gQRHx8DqEI HBVjJ+65tr3VPscNh8N7Ls1Rz8kYnlxAK4DNKoNe7uoTJea0cvjgCrFqxuNoEEfLNSrQdK5oU82 sx9n/7yBmFwgsaXnW6UaDIHG272Nnhm+7PQcXgmKdO5lsjWPqCMOJBeTcqDjHZgYb1+s134jp6F YU5H3CBeP0CgNkeTjYYgQ7rW8tQY0C4XnFsw== X-Received: from wmig10.prod.google.com ([2002:a05:600c:140a:b0:47a:9f70:c329]) (user=ardb job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4ec7:b0:47d:4fbe:e6cc with SMTP id 5b1f17b1804b1-4801e30dc6fmr154183145e9.13.1768841779319; Mon, 19 Jan 2026 08:56:19 -0800 (PST) Date: Mon, 19 Jan 2026 17:47:48 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=1372; i=ardb@kernel.org; h=from:subject; bh=aFXAYxFLHefKQqOMkpCoaUbNGK1uxu0eQnnDcJ/NvoE=; b=owGbwMvMwCVmkMcZplerG8N4Wi2JITMvweTYbSPzwrLd/e/qIuLfxspVdrHKTL2+/cGLWbINU ed+73jdUcrCIMbFICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACZyrY6R4f8C0UfLDR6832Q5 VyOtPjGKTy/0y17zdTfu9Mid3r5p2nJGhuYM00svCnPqyzX1nITWXT15gH2dQ8jJ9fOfe0/ewmu UyAEA X-Mailer: git-send-email 2.52.0.457.g6b5491de43-goog Message-ID: <20260119164747.1402434-6-ardb+git@google.com> Subject: [PATCH 0/4] arm64: Unmap linear alias of kernel data/bss From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, Ard Biesheuvel , Ryan Roberts , Liz Prucka , Seth Jenkins , Kees Cook , linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" From: Ard Biesheuvel One of the reasons the lack of randomization of the linear map on arm64 is considered problematic is the fact that bootloaders adhering to the original arm64 boot protocol may place the kernel at the base of DRAM, and therefore at the base of the non-randomized linear map. This puts a writable alias of the kernel's data and bss regions at a predictable location, removing the need for an attacker to guess where KASLR mapped the kernel. Let's unmap this linear, writable alias entirely, so that knowing the location of the linear alias does not give write access to the kernel's data and bss regions. Cc: Ryan Roberts Cc: Liz Prucka Cc: Seth Jenkins Cc: Kees Cook Cc: linux-hardening@vger.kernel.org Ard Biesheuvel (4): arm64: Move fixmap page tables to end of kernel image arm64: Map the kernel data/bss read-only in the linear map arm64: Move the zero page to rodata arm64: Unmap kernel data/bss entirely from the linear map arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/kernel/smp.c | 2 +- arch/arm64/kernel/vmlinux.lds.S | 5 +++ arch/arm64/mm/fixmap.c | 7 +-- arch/arm64/mm/mmu.c | 46 ++++++++++++++++++-- 5 files changed, 54 insertions(+), 8 deletions(-) -- 2.52.0.457.g6b5491de43-goog