diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2026-05-29 17:02:06 +0200 |
|---|---|---|
| committer | Will Deacon <will@kernel.org> | 2026-06-02 16:29:16 +0100 |
| commit | 63e0b6a5b6934d6a919d1c65ea185303200a1874 (patch) | |
| tree | 13ebd6d28aeddec1f72dfe875db3490dde5f2040 /scripts/Makefile.thinlto | |
| parent | f2ba877402e5f74b27d9dbc2c8d059e7e9daf500 (diff) | |
arm64: mm: Unmap kernel data/bss entirely from the linear map
The linear aliases of the kernel text and rodata are also mapped
read-only in the linear map. Given that the contents of these regions
are mostly identical to the version in the loadable image, mapping them
read-only and leaving their contents visible is a reasonable hardening
measure.
Data and bss, however, are now also mapped read-only but the contents of
these regions are more likely to contain data that we'd rather not leak.
So let's unmap these entirely in the linear map when the kernel is
running normally.
When going into hibernation or waking up from it, these regions need to
be mapped, so map the region initially, and toggle the valid bit so
map/unmap the region as needed.
Doing so is required because pages covering the kernel image are marked
as PageReserved, and therefore disregarded for snapshotting by the
hibernate logic unless they are mapped.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'scripts/Makefile.thinlto')
0 files changed, 0 insertions, 0 deletions