| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260119164747.1402434-8-ardb+git@google.com>
Date: Mon, 19 Jan 2026 17:47:50 +0100
From: Ard Biesheuvel <ardb+git@...gle.com>
To: linux-kernel@...r.kernel.org
Cc: linux-arm-kernel@...ts.infradead.org, will@...nel.org,
catalin.marinas@....com, mark.rutland@....com,
Ard Biesheuvel <ardb@...nel.org>, Ryan Roberts <ryan.roberts@....com>,
Liz Prucka <lizprucka@...gle.com>, Seth Jenkins <sethjenkins@...gle.com>,
Kees Cook <kees@...nel.org>, linux-hardening@...r.kernel.org
Subject: [PATCH 2/4] arm64: Map the kernel data/bss read-only in the linear map
From: Ard Biesheuvel <ardb@...nel.org>
On systems where the bootloader adheres to the original arm64 boot
protocol, the placement of the kernel in the physical address space is
highly predictable, and this makes the placement of its linear alias in
the kernel virtual address space equally predictable, given the lack of
randomization of the linear map.
The linear aliases of the kernel text and rodata regions are already
mapped read-only, but the kernel data and bss are mapped read-write in
this region in this region. This is not needed, so map them read-only as
well.
Note that the statically allocated kernel page tables do need to be
modifiable via the linear map, so leave these mapped read-write.
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
---
arch/arm64/include/asm/mmu.h | 2 +-
arch/arm64/kernel/smp.c | 2 +-
arch/arm64/mm/mmu.c | 14 ++++++++++++--
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
index 137a173df1ff..8b64d2fcb228 100644
--- a/arch/arm64/include/asm/mmu.h
+++ b/arch/arm64/include/asm/mmu.h
@@ -77,7 +77,7 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
unsigned long virt, phys_addr_t size,
pgprot_t prot, bool page_mappings_only);
extern void *fixmap_remap_fdt(phys_addr_t dt_phys, int *size, pgprot_t prot);
-extern void mark_linear_text_alias_ro(void);
+extern void remap_linear_kernel_alias(void);
extern int split_kernel_leaf_mapping(unsigned long start, unsigned long end);
extern void linear_map_maybe_split_to_ptes(void);
diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
index 1aa324104afb..b5f888ab5d17 100644
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -441,7 +441,7 @@ void __init smp_cpus_done(unsigned int max_cpus)
hyp_mode_check();
setup_system_features();
setup_user_features();
- mark_linear_text_alias_ro();
+ remap_linear_kernel_alias();
}
void __init smp_prepare_boot_cpu(void)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 8e1d80a7033e..2a18637ecc15 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1023,14 +1023,24 @@ static void __init __map_memblock(pgd_t *pgdp, phys_addr_t start,
prot, early_pgtable_alloc, flags);
}
-void __init mark_linear_text_alias_ro(void)
+static void remap_linear_data_alias(void)
+{
+ extern const u8 __pgdir_start[];
+
+ update_mapping_prot(__pa_symbol(__init_end), (unsigned long)lm_alias(__init_end),
+ (unsigned long)__pgdir_start - (unsigned long)__init_end,
+ PAGE_KERNEL_RO);
+}
+
+void __init remap_linear_kernel_alias(void)
{
/*
- * Remove the write permissions from the linear alias of .text/.rodata
+ * Remove the write permissions from the linear alias of the kernel
*/
update_mapping_prot(__pa_symbol(_text), (unsigned long)lm_alias(_text),
(unsigned long)__init_begin - (unsigned long)_text,
PAGE_KERNEL_RO);
+ remap_linear_data_alias();
}
#ifdef CONFIG_KFENCE
--
2.52.0.457.g6b5491de43-goog
Powered by blists - more mailing lists