Google Git
Sign in
kernel/pub/scm/linux/kernel/git/ardb/linux.git/refs/heads/arm64-remap-linear-data-alias
commit
1d70ee7d4bfd946035f362fee60d751b713473c3
[log] [tgz]
author
Ard Biesheuvel <ardb@kernel.org>
Mon Jan 19 17:20:55 2026 +0100
committer
Ard Biesheuvel <ardb@kernel.org>
Mon Jan 19 17:32:23 2026 +0100
tree
a57b92b7cba7f318881491e7ee8caced8acaf18a
parent
f0afa45484a7ee91f7febe0cfa72ff2acfd5ec6d [diff]
arm64: Unmap kernel data/bss entirely from the linear map

The linear aliases of the kernel text and rodata are mapped read-only as
well. Given that the contents of these regions are mostly identical to
the version in the loadable image, mapping them read-only is a
reasonable hardening measure.

Data and bss, however, are now also mapped read-only but the contents of
these regions are more likely to contain data that we'd rather not leak.
So let's unmap these entirely in the linear map when the kernel is
running normally.

Only when going into hibernation or waking up from it do these regions
need to be mapped, so take care of this using a PM notifier.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
1 file changed
tree: a57b92b7cba7f318881491e7ee8caced8acaf18a
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. io_uring/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. rust/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .clang-format
  26. .clippy.toml
  27. .cocciconfig
  28. .editorconfig
  29. .get_maintainer.ignore
  30. .gitattributes
  31. .gitignore
  32. .mailmap
  33. .pylintrc
  34. .rustfmt.toml
  35. COPYING
  36. CREDITS
  37. Kbuild
  38. Kconfig
  39. MAINTAINERS
  40. Makefile
  41. README