[PATCH 2/4] arm64/mm: migrate swapper_pg_dir

Introduce new_swapper_pg_dir to save virtual address of new swapper_pg_dir. Signed-off-by: YaoJun --- arch/arm64/include/asm/mmu_context.h | 2 +- arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/mm/kasan_init.c | 2 +- arch/arm64/mm/mmu.c | 1 + 4 files

[PATCH 4/4] arm64/mm: migrate swapper_pg_dir

Migrate swapper_pg_dir and tramp_pg_dir. And its placement in the virtual address space does not correlate with the placement of the kernel. Signed-off-by: YaoJun --- arch/arm64/mm/mmu.c | 67 +++-- 1 file changed, 46 insertions(+), 21 deletions(-) diff

[PATCH 0/4] arm64/mm: migrate swapper_pg_dir

is dynamically allocated. Since it is allocated during the kernel boot process and the address is relatively fixed, further randomization may be required. YaoJun (4): arm64/mm: Introduce __pa_swapper_pg_dir to save physical address of swapper_pg_dir. And pass it as an

[PATCH 3/4] arm64/mm: migrate swapper_pg_dir

Make tramp_pg_dir and swapper_pg_dir adjacent. So we can migrate them together. Signed-off-by: YaoJun --- arch/arm64/kernel/entry.S | 4 ++-- arch/arm64/kernel/vmlinux.lds.S | 10 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/arm64/kernel/entry.S b/arch

[PATCH 1/4] arm64/mm: migrate swapper_pg_dir

Introduce __pa_swapper_pg_dir to save physical address of swapper_pg_dir. And pass it as an argument to __enable_mmu(). Signed-off-by: YaoJun --- arch/arm64/include/asm/mmu_context.h | 4 +--- arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64

[PATCH] arm64: mm: mark tramp_pg_dir read-only

can then modify kernel text directly through this mapping. In this way, an arbitrary write can be converted to multiple arbitrary writes. Signed-off-by: YaoJun --- arch/arm64/mm/mmu.c | 4 1 file changed, 4 insertions(+) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index

[PATCH] mark tramp_pg_dir read-only

To prevent KSMA(Kernel Space Mirroring Attack), it's necessary to set tramp_pg_dir read-only after initialization. --- arch/arm64/mm/mmu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 2dbb2c9f1ec1..964520e4e675 100644 --- a/arch/arm64/mm/m

[PATCH 0/4] migrate swapper_pg_dir

swapper_pg_dir and _text. Because this is done during kernel booting, the physical address of new swapper_pg_dir may be fixed. Do we need to further randomize it? YaoJun (4): Introduce a variable to record physical address of swapper_pg_dir. Introduce a variable to record new virtual address of

[PATCH 4/4] migrate swapper_pg_dir

Migrate swapper_pg_dir and tramp_pg_dir. And its placement in the virtual address space does not correlate with the placement of the kernel. --- arch/arm64/mm/mmu.c | 67 ++--- 1 file changed, 45 insertions(+), 22 deletions(-) diff --git a/arch/arm64/mm/mm

[PATCH 2/4] migrate swapper_pg_dir

Introduce a variable to record new virtual address of swapper_pg_dir. --- arch/arm64/include/asm/mmu_context.h | 2 +- arch/arm64/include/asm/pgtable.h | 1 + arch/arm64/mm/kasan_init.c | 2 +- arch/arm64/mm/mmu.c | 1 + 4 files changed, 4 insertions(+), 2 deletion

[PATCH 3/4] migrate swapper_pg_dir

Because tramp_map_kernel/tramp_unmap_kernel macro update ttbr1 by add/sub offset, so we need to migrate both swapper_pg_dir and tramp_pg_dir. Before doing that, make tramp_pg_dir and swapper_pg_dir adjacent. --- arch/arm64/kernel/entry.S | 4 ++-- arch/arm64/kernel/vmlinux.lds.S | 10 +

[PATCH 1/4] migrate swapper_pg_dir

Currently, __enable_mmu() uses swapper_pg_dir directly. To migrate swapper_pg_dir, we need to pass it as an argument to __enable_mmu(). At the same time, __pa_swapper_pg_dir is introduced to save physical address of swapper_pg_dir. By changing its value, we can migrate swapper_pg_dir. --- arch/ar