Re: [PATCH v6 09/15] arm64: Move fixmap and kasan page tables to end of kernel image
From: Ard Biesheuvel
Date: Fri May 29 2026 - 07:24:26 EST
On Fri, 29 May 2026, at 10:27, Kevin Brodsky wrote:
> On 26/05/2026 19:58, Ard Biesheuvel wrote:
>> From: Ard Biesheuvel <ardb@xxxxxxxxxx>
>>
>> Move the fixmap and kasan page tables out of the BSS section, and place
>> them at the end of the image, right before the init_pg_dir section where
>> some of the other statically allocated page tables live.
>>
>> These page tables are currently the only data objects in vmlinux that
>> are meant to be accessed via the kernel image's linear alias, and so
>> placing them together allows the remainder of the data/bss section to be
>> remapped read-only or unmapped entirely.
>>
>> Reviewed-by: Kevin Brodsky <kevin.brodsky@xxxxxxx>
>> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
>> ---
>> arch/arm64/include/asm/mmu.h | 2 ++
>> arch/arm64/kernel/vmlinux.lds.S | 8 +++++++-
>> arch/arm64/mm/fixmap.c | 6 +++---
>> arch/arm64/mm/kasan_init.c | 2 +-
>> 4 files changed, 13 insertions(+), 5 deletions(-)
>>
>> diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
>> index 5e1211c540ab..fb95754f2876 100644
>> --- a/arch/arm64/include/asm/mmu.h
>> +++ b/arch/arm64/include/asm/mmu.h
>> @@ -13,6 +13,8 @@
>>
>> #ifndef __ASSEMBLER__
>>
>> +#define __pgtbl_bss __section(".pgdir.bss") __aligned(PAGE_SIZE)
>> +
>> #include <linux/refcount.h>
>> #include <asm/cpufeature.h>
>>
>> diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
>> index e1ac876200a3..2b0ebfb30c63 100644
>> --- a/arch/arm64/kernel/vmlinux.lds.S
>> +++ b/arch/arm64/kernel/vmlinux.lds.S
>> @@ -349,9 +349,15 @@ SECTIONS
>> _edata = .;
>>
>> /* start of zero-init region */
>> - BSS_SECTION(SBSS_ALIGN, 0, 0)
>> + BSS_SECTION(SBSS_ALIGN, 0, PAGE_SIZE)
>> __pi___bss_start = __bss_start;
>>
>> + /* fixmap BSS starts here - preceding data/BSS is omitted from the linear map */
>> + .pgdir.bss (NOLOAD) : ALIGN(PAGE_SIZE) {
>
> Do we actually need the NOLOAD type here?
Yes, otherwise it is emitted as PROGBITS, resulting in all of BSS to be
emitted into Image.