[PATCH v3 07/13] arm64: mm: Use hierarchical XN mapping for the fixmap

Next message: Arnd Bergmann: "[PATCH 1/3] [RESEND] RDMA/hfi1: use a struct group to avoid warning"
Previous message: Ard Biesheuvel: "[PATCH v3 03/13] arm64: mm: Preserve non-contiguous descriptors when mapping DRAM"
In reply to: Ard Biesheuvel: "[PATCH v3 03/13] arm64: mm: Preserve non-contiguous descriptors when mapping DRAM"
Next in thread: Ard Biesheuvel: "[PATCH v3 11/13] arm64: mm: Don't abuse memblock NOMAP to check for overlaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ard Biesheuvel

Date: Fri Mar 20 2026 - 11:20:43 EST

From: Ard Biesheuvel <ardb@xxxxxxxxxx>

Nothing in the fixmap or in its vicinity requires executable
permissions, and given that it is placed at exactly 1 GiB from the end
of the virtual address space, we can safely set the hierarchical XN
attributes on the level 2 table entries covering the fixmap, without
running the risk of inadvertently taking away the executable permissions
on an adjacent mappings.

This is a hardening measure that reduces the risk of the fixmap being
abused to create executable mappings in the kernel address space.

Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
---
arch/arm64/mm/fixmap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/mm/fixmap.c b/arch/arm64/mm/fixmap.c
index c5c5425791da..c3dd3c868cf5 100644
--- a/arch/arm64/mm/fixmap.c
+++ b/arch/arm64/mm/fixmap.c
@@ -48,7 +48,8 @@ static void __init early_fixmap_init_pte(pmd_t *pmdp, unsigned long addr)
if (pmd_none(pmd)) {
ptep = bm_pte[BM_PTE_TABLE_IDX(addr)];
__pmd_populate(pmdp, __pa_symbol(ptep),
- PMD_TYPE_TABLE | PMD_TABLE_AF);
+ PMD_TYPE_TABLE | PMD_TABLE_AF |
+ PMD_TABLE_PXN | PMD_TABLE_UXN);
}
}

--
2.53.0.959.g497ff81fa9-goog