On Fri, May 08, 2026 at 07:02:51PM +0200, Jann Horn wrote: > On Mon, Apr 27, 2026 at 5:44 PM Ard Biesheuvel <[email protected]> wrote: > > The empty zero page is used to back any kernel or user space mapping > > that is supposed to remain cleared, and so the page itself is never > > supposed to be modified. > > > > So make it __ro_after_init rather than __page_aligned_bss: on most > > architectures, this ensures that both the kernel's mapping of it and any > > aliases that are accessible via the kernel direct (linear) map are > > mapped read-only, and cannot be used (inadvertently or maliciously) to > > corrupt the contents of the zero page. > > > > Signed-off-by: Ard Biesheuvel <[email protected]> > > Reviewed-by: Jann Horn <[email protected]> > > Sorry, I should have looked at this properly earlier instead of ending > up duplicating this patch with > <https://lore.kernel.org/all/[email protected]/>.
As you mention in your testing of the patch, could we add an LKDTM test that does the same to catch any regressions? -- Kees Cook
