From: Feng Tang <feng.tang@linux.alibaba.com>
To: Ard Biesheuvel <ardb+git@google.com>
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, will@kernel.org,
catalin.marinas@arm.com, mark.rutland@arm.com,
Ard Biesheuvel <ardb@kernel.org>,
Ryan Roberts <ryan.roberts@arm.com>,
Anshuman Khandual <anshuman.khandual@arm.com>,
Liz Prucka <lizprucka@google.com>,
Seth Jenkins <sethjenkins@google.com>,
Kees Cook <kees@kernel.org>, Mike Rapoport <rppt@kernel.org>,
David Hildenbrand <david@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v4 02/15] mm: Make empty_zero_page __ro_after_init
Date: Mon, 11 May 2026 10:55:53 +0800 [thread overview]
Message-ID: <agFFOZvRHMWCtPHm@U-2FWC9VHC-2323.local> (raw)
In-Reply-To: <20260427153416.2103979-19-ardb+git@google.com>
On Mon, Apr 27, 2026 at 05:34:19PM +0200, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
>
> The empty zero page is used to back any kernel or user space mapping
> that is supposed to remain cleared, and so the page itself is never
> supposed to be modified.
>
> So make it __ro_after_init rather than __page_aligned_bss: on most
> architectures, this ensures that both the kernel's mapping of it and any
> aliases that are accessible via the kernel direct (linear) map are
> mapped read-only, and cannot be used (inadvertently or maliciously) to
> corrupt the contents of the zero page.
Reviewed-by: Feng Tang <feng.tang@linux.alibaba.com>
We did hit the issue that zero page got corrupted due to non-kernel
reason earlier this year, and it took us weeks to track it down to
zero page corruption and the final root cause, as it randomly happened
to different user space tasks. Thanks for the patch!
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> mm/mm_init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/mm_init.c b/mm/mm_init.c
> index f9f8e1af921c..6ca01ed2a5a4 100644
> --- a/mm/mm_init.c
> +++ b/mm/mm_init.c
> @@ -57,7 +57,7 @@ unsigned long zero_page_pfn __ro_after_init;
> EXPORT_SYMBOL(zero_page_pfn);
>
> #ifndef __HAVE_COLOR_ZERO_PAGE
> -uint8_t empty_zero_page[PAGE_SIZE] __page_aligned_bss;
> +uint8_t empty_zero_page[PAGE_SIZE] __ro_after_init __aligned(PAGE_SIZE);
> EXPORT_SYMBOL(empty_zero_page);
>
> struct page *__zero_page __ro_after_init;
> --
> 2.54.0.rc2.544.gc7ae2d5bb8-goog
>
prev parent reply other threads:[~2026-05-11 2:56 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260427153416.2103979-17-ardb+git@google.com>
[not found] ` <20260427153416.2103979-19-ardb+git@google.com>
2026-05-08 17:02 ` [PATCH v4 02/15] mm: Make empty_zero_page __ro_after_init Jann Horn
2026-05-11 8:59 ` Ard Biesheuvel
2026-05-11 14:40 ` Jann Horn
2026-05-12 12:56 ` Ard Biesheuvel
2026-05-13 8:50 ` Mike Rapoport
2026-05-13 8:53 ` Ard Biesheuvel
2026-05-13 10:28 ` Mike Rapoport
2026-05-11 18:45 ` Kees Cook
2026-05-11 19:01 ` Jann Horn
[not found] ` <3d1a6b5c-f3bf-462f-879a-cdb5b60868ac@kernel.org>
2026-05-09 11:04 ` Kiryl Shutsemau
2026-05-11 2:55 ` Feng Tang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agFFOZvRHMWCtPHm@U-2FWC9VHC-2323.local \
--to=feng.tang@linux.alibaba.com \
--cc=akpm@linux-foundation.org \
--cc=anshuman.khandual@arm.com \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=david@kernel.org \
--cc=kees@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lizprucka@google.com \
--cc=mark.rutland@arm.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=sethjenkins@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox