| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1752092219-16248-2-git-send-email-hamzamahfooz@linux.microsoft.com>
Date: Wed, 9 Jul 2025 13:16:59 -0700
From: Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>
To: linux-kernel@...r.kernel.org
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
David Woodhouse <dwmw@...zon.co.uk>,
Guenter Roeck <linux@...ck-us.net>,
Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>,
Jared White <jaredwhite@...rosoft.com>
Subject: [PATCH 2/2] x86/mm/64: free the gap between BSS_MAIN and BSS_DECRYPTED
This region is unused after mark_rodata_ro() and takes up, up to 2 MiB
of memory. So, free it in mark_rodata_ro().
Co-developed-by: Jared White <jaredwhite@...rosoft.com>
Signed-off-by: Jared White <jaredwhite@...rosoft.com>
Signed-off-by: Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>
---
arch/x86/include/asm/sections.h | 1 +
arch/x86/kernel/vmlinux.lds.S | 2 ++
arch/x86/mm/init_64.c | 4 ++++
3 files changed, 7 insertions(+)
diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h
index 30e8ee7006f9..1d6589bc0f68 100644
--- a/arch/x86/include/asm/sections.h
+++ b/arch/x86/include/asm/sections.h
@@ -8,6 +8,7 @@
extern char __relocate_kernel_start[], __relocate_kernel_end[];
extern char __brk_base[], __brk_limit[];
extern char __end_rodata_aligned[];
+extern char __start_bss_decrypted_gap[];
#if defined(CONFIG_X86_64)
extern char __end_rodata_hpage_align[];
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 522297cebe7c..f74a7a0d7a01 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -82,6 +82,8 @@ const_cpu_current_top_of_stack = cpu_current_top_of_stack;
* decrypted to avoid exposing more than we wish.
*/
#define BSS_DECRYPTED \
+ . = ALIGN(PAGE_SIZE); \
+ __start_bss_decrypted_gap = .; \
. = ALIGN(PMD_SIZE); \
__start_bss_decrypted = .; \
__pi___start_bss_decrypted = .; \
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index fdb6cab524f0..ff7ff5c12eb4 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1385,6 +1385,8 @@ void mark_rodata_ro(void)
unsigned long end = (unsigned long)__end_rodata_hpage_align;
unsigned long text_end = PFN_ALIGN(_etext);
unsigned long rodata_end = PFN_ALIGN(__end_rodata);
+ unsigned long bss_decrypted_gap_start = PFN_ALIGN(__start_bss_decrypted_gap);
+ unsigned long bss_decrypted_gap_stop = PFN_ALIGN(__start_bss_decrypted);
unsigned long all_end;
printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
@@ -1422,6 +1424,8 @@ void mark_rodata_ro(void)
(void *)text_end, (void *)rodata_start);
free_kernel_image_pages("unused kernel image (rodata/data gap)",
(void *)rodata_end, (void *)_sdata);
+ free_kernel_image_pages("unused kernel image (bss_decrypted gap)",
+ (void *)bss_decrypted_gap_start, (void *)bss_decrypted_gap_stop);
}
/*
--
2.49.0
Powered by blists - more mailing lists