From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0EFCD261397 for ; Mon, 24 Feb 2025 17:45:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419119; cv=none; b=l8oiy4voUsKuOdXVmJ84YCbSVyG+FEj4XVopqpYbc42z0DbCC4PE5TExDLJQ8/ejZdFty8Kb3H2n5CKoNk5Av6Dd5hkZOWzmex29sA+Q7njh21a8yU5CNJjAXkqNR8edHM6SjBAVBv4NEBOWXkwHGwt67kMJLiDNUwocwrAnM3g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419119; c=relaxed/simple; bh=CuhsetWGwntbFJLGM7WL30SfPLdwGecEL2EQGjezrto=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SJnlu2crlcVAmAnTl0fzeCEI3aYiAjHTb9Nmtaz70Rlvwwk0/0HWxaIWKf1x2hZ6Q/TE0XQimp7e5sk1SLSM42BBKhhmzeE4WbW+BZVsbrUNFRXijdR4JZDdkTBVXUG17yuv69cNfZZ9mtwH3NZtuLJt1dP0OLGLgTwSpZmMcXQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=ASYqjxeK; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="ASYqjxeK" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-222def4189aso2675705ad.0 for ; Mon, 24 Feb 2025 09:45:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419116; x=1741023916; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=12YXJXd/yEdP4F/xsuPjPUzHYkrMQ/m+SagD7sBuyCE=; b=ASYqjxeKhVwNsfi2LUSYEmCuONt9yJ3aP16dqtPUuqBozSfPgHGD9TPs5pdN3eTsOm 3BHRQJv2ynKUwPhh5AjaIVo0Pi6v762J6iYJu1ze/Ww69hSi0y7aZT5QyxBRgym3HTYI MaSWarHnBtqHrTdMjmDlVvUEy/Xkfx/LLa1V8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419116; x=1741023916; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=12YXJXd/yEdP4F/xsuPjPUzHYkrMQ/m+SagD7sBuyCE=; b=v5p41X8YmfRyRmFokBuDLRfAV5hqrfYny4PHGG8nVPt8dkjDp922SnBYDE+6RnLr1r Y0Uuc0CuhysS3vplMnB1n4zogEYakeJX9o+YRvk49ZuNUpGCCl9F+tPPXs4RuaZ/mXPu zJDxdTUV7CtWGCSYeSxLSq1EbPiaVR0s8pLlLAeraprEtb4B21bhQL7V2DNHc+t6lbP/ zkuefqPoW/Rnu8WmBCRvM9idD4f2T7/c4aXGzJtZmti/2amBlwRGXouwUbKFphvPFTZO BgUj1maZ2Jz7T2gppgFFZYP3rtQVgPG8nLMtcBfRcamo5NHdQMGTORuVAPNR8xDQJDAC XmCA== X-Gm-Message-State: AOJu0YwUbaganKh7Qh07FhgE+CMxEn8yoYFeKB2w19pMQtSiM6BcWizA qjsAiSqM9/VdT9zaIrdz7SRjljV3WvfXea5Nz/Te56k43w6ZhFGOJAszf+qw/w== X-Gm-Gg: ASbGncuoW71vbMd3OjrRqawCnpRnzKuOAdlCnrDQlpy4tfljIKC+1hTB8mv1/crniMT ZFFYOyHxMOt+mlKflzR3CpNFCBXITU1LeB8UVA2J7fct34ngPoB9e08hf+TSHnUqCQaPZ/uDqLr Nsl2Ib6tyks903LfFGG6oVaTzkykdoz8KZW7UM8bDEGQKSoGNmzo2MZ+VIvWvKtHs+SgmXFd/XN VP/5Mf+uw8BVOxxRJDpdN7orkXbhMRlwo/xAivtoYLs7UDUbzw66iEmmPWOYWLfGIQdW5IIWC34 8N9uI7n7h9AbN+SCc/0ud/vqScVUiurSBNchIny8mY0sxVUtdcu26shffDAi X-Google-Smtp-Source: AGHT+IEM10lFU8wtWJoD9BVg2aWh3maIXwfJyL7OUpA65d05St26KsRXtPBtPPG4VoNhMT8Aot7f1Q== X-Received: by 2002:a17:902:e881:b0:215:8721:30b7 with SMTP id d9443c01a7336-2219ffbdfcbmr92049895ad.11.1740419116004; Mon, 24 Feb 2025 09:45:16 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-220d53491d4sm183028425ad.4.2025.02.24.09.45.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:15 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v6 1/7] mseal, system mappings: kernel config and header change Date: Mon, 24 Feb 2025 17:45:07 +0000 Message-ID: <20250224174513.3600914-2-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide infrastructure to mseal system mappings. Establish two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS, ARCH_HAS_MSEAL_SYSTEM_MAPPINGS) and MSEAL_SYSTEM_MAPPINGS_VM_FLAG macro for future patches. As discussed during mseal() upstream process [1], mseal() protects the VMAs of a given virtual memory range against modifications, such as the read/write (RW) and no-execute (NX) bits. For complete descriptions of memory sealing, please see mseal.rst [2]. The mseal() is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped. The system mappings are readonly only, memory sealing can protect them from ever changing to writable or unmmap/remapped as different attributes. System mappings such as vdso, vvar, and sigpage (arm), vectors (arm) are created by the kernel during program initialization, and could be sealed after creation. Unlike the aforementioned mappings, the uprobe mapping is not established during program startup. However, its lifetime is the same as the process's lifetime [3]. It could be sealed from creation. The vsyscall on x86-64 uses a special address (0xffffffffff600000), which is outside the mm managed range. This means mprotect, munmap, and mremap won't work on the vsyscall. Since sealing doesn't enhance the vsyscall's security, it is skipped in this patch. If we ever seal the vsyscall, it is probably only for decorative purpose, i.e. showing the 'sl' flag in the /proc/pid/smaps. For this patch, it is ignored. It is important to note that the CHECKPOINT_RESTORE feature (CRIU) may alter the system mappings during restore operations. UML(User Mode Linux) and gVisor, rr are also known to change the vdso/vvar mappings. Consequently, this feature cannot be universally enabled across all systems. As such, CONFIG_MSEAL_SYSTEM_MAPPINGS is disabled by default. To support mseal of system mappings, architectures must define CONFIG_ARCH_HAS_MSEAL_SYSTEM_MAPPINGS and update their special mappings calls to pass mseal flag. Additionally, architectures must confirm they do not unmap/remap system mappings during the process lifetime. In this version, we've improved the handling of system mapping sealing from previous versions, instead of modifying the _install_special_mapping function itself, which would affect all architectures, we now call _install_special_mapping with a sealing flag only within the specific architecture that requires it. This targeted approach offers two key advantages: 1) It limits the code change's impact to the necessary architectures, and 2) It aligns with the software architecture by keeping the core memory management within the mm layer, while delegating the decision of sealing system mappings to the individual architecture, which is particularly relevant since 32-bit architectures never require sealing. Prior to this patch series, we explored sealing special mappings from userspace using glibc's dynamic linker. This approach revealed several issues: - The PT_LOAD header may report an incorrect length for vdso, (smaller than its actual size). The dynamic linker, which relies on PT_LOAD information to determine mapping size, would then split and partially seal the vdso mapping. Since each architecture has its own vdso/vvar code, fixing this in the kernel would require going through each archiecture. Our initial goal was to enable sealing readonly mappings, e.g. .text, across all architectures, sealing vdso from kernel since creation appears to be simpler than sealing vdso at glibc. - The [vvar] mapping header only contains address information, not length information. Similar issues might exist for other special mappings. - Mappings like uprobe are not covered by the dynamic linker, and there is no effective solution for them. This feature's security enhancements will benefit ChromeOS, Android, and other high security systems. Testing: This feature was tested on ChromeOS and Android for both x86-64 and ARM64. - Enable sealing and verify vdso/vvar, sigpage, vector are sealed properly, i.e. "sl" shown in the smaps for those mappings, and mremap is blocked. - Passing various automation tests (e.g. pre-checkin) on ChromeOS and Android to ensure the sealing doesn't affect the functionality of Chromebook and Android phone. I also tested the feature on Ubuntu on x86-64: - With config disabled, vdso/vvar is not sealed, - with config enabled, vdso/vvar is sealed, and booting up Ubuntu is OK, normal operations such as browsing the web, open/edit doc are OK. In addition, Benjamin Berg tested this on UML. Link: https://lore.kernel.org/all/20240415163527.626541-1-jeffxu@chromium.o= rg/ [1] Link: Documentation/userspace-api/mseal.rst [2] Link: https://lore.kernel.org/all/CABi2SkU9BRUnqf70-nksuMCQ+yyiWjo3fM4XkRkL= -NrCZxYAyg@mail.gmail.com/ [3] Signed-off-by: Jeff Xu --- include/linux/mm.h | 10 ++++++++++ init/Kconfig | 18 ++++++++++++++++++ security/Kconfig | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 7b1068ddcbb7..0e2a4a45d245 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4155,4 +4155,14 @@ int arch_get_shadow_stack_status(struct task_struct = *t, unsigned long __user *st int arch_set_shadow_stack_status(struct task_struct *t, unsigned long stat= us); int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long sta= tus); =20 + +/* + * mseal of userspace process's system mappings. + */ +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS +#define MSEAL_SYSTEM_MAPPINGS_VM_FLAG VM_SEALED +#else +#define MSEAL_SYSTEM_MAPPINGS_VM_FLAG VM_NONE +#endif + #endif /* _LINUX_MM_H */ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..07435e33f965 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS config ARCH_HAS_MEMBARRIER_SYNC_CORE bool =20 +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS + bool + help + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + To enable this feature, the architecture needs to update their + special mappings calls to include the sealing flag and confirm + that it doesn't unmap/remap system mappings during the life + time of the process. After the architecture enables this, a + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access + to the feature. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config HAVE_PERF_EVENTS bool help diff --git a/security/Kconfig b/security/Kconfig index f10dbf15c294..15a86a952910 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -51,6 +51,24 @@ config PROC_MEM_NO_FORCE =20 endchoice =20 +config MSEAL_SYSTEM_MAPPINGS + bool "mseal system mappings" + depends on 64BIT + depends on ARCH_HAS_MSEAL_SYSTEM_MAPPINGS + depends on !CHECKPOINT_RESTORE + help + Seal system mappings such as vdso, vvar, sigpage, uprobes, etc. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + Note: CHECKPOINT_RESTORE, UML, gVisor, rr are known to relocate or + unmap system mapping, therefore this config can't be enabled + universally. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config SECURITY bool "Enable different security models" depends on SYSFS --=20 2.48.1.601.g30ceb7b040-goog From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8BBE264A89 for ; Mon, 24 Feb 2025 17:45:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419119; cv=none; b=Vcc3Lgq6JIeA1nFB8C5cKVMXSIsdEm/9R83HWYdt3QXUx1fHBLBCaNgdyDcUniTviol9FX6y3az8Iv88254jUnb55DrKEDuVxEMRXmSCbUsTAOmX2V6J9drRacLg9PUcdfX42nQT6jb/cBn4FsqrhZNcs7knoJ/ROK1JFdQ8fMo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419119; c=relaxed/simple; bh=OBBKl96vxFBmA1av2T8KVacZIA2ShhvhvpxM/xuQFAM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ALxRMke69j5gf2LN1TEV4yELushYOvHGp4hvX0NdVNWNUus7WQaZYbUKAPECWuqGXsLGLtMa0TQNENFkXk4SyJhOuS7wOIMcrPaWztelzMWN5kzE67jlNyyVfTMGCDmyQq4IRslc8LSU8E0vmQb31bX4A5GHHqITGyIa5d5KZsM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=oX45CEQi; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="oX45CEQi" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2217ea6d8daso12081325ad.3 for ; Mon, 24 Feb 2025 09:45:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419117; x=1741023917; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xOuDnv83CpzU9+Is9rRk+mGWBAWQzFMYMR0kufccTA4=; b=oX45CEQiaBFt2c3ke/zIZRDDmgl/Gj6ptwCMxYGCLSi197WwLvGN5fy2oVTYvCI5Fr dazXMgrlaCwHfVgQv43jtSJpMO8Ra+sKfpCo0VpxZl5EZqSeEe4fT6yiLytsL2R8S8Lv 7WBYKy7l+iykCRvn4gHJUa4vWJCav0WYNCwks= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419117; x=1741023917; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xOuDnv83CpzU9+Is9rRk+mGWBAWQzFMYMR0kufccTA4=; b=BDW20xU7GdOYmWoSZcWXSJ9X8CE61nHgHZplfyyX2ugbZ0dQ+ohuhxwPumvWnbrEot FJLBCp/xbu33AlB+QcpZaFvFVojQe9GLYHgwHErUDZTo4wbvLsok00QkWC7ub1E6QwnI uIAW1BEoqFrUFAahbhcUT3BY+HMvSaxFow+4a6kmwRo9xwwxs+juBQYrYEmaDT/EH4Mz sfFQ2YrhB4bOONE51AapXcMLfVCLyFPM8cW67xsQBlkK6rHiVAqvhMa1KW9cbyaKOPYs NUjpkZgVPqt2CBVmuNnmC44SvH6xnnY5TwcWGj58kEQUeTpXzFZpdAsbe1BQ7a/jCbfS rJTA== X-Gm-Message-State: AOJu0YxonxjhWtio/aE3olNvWM0lY+yrFckh6qdRxhzIz0tUea0aJQYo ZTxUvYxbZ6F/iwCaZwuAnDb7UC2H0g//0+1oHf7lkRfOTENlKbC2tLTG6fFjei9IajIR+JX/IXc = X-Gm-Gg: ASbGncuQF5ja5ZH2/CluyCTQViOSnXxLAQk67Z74ClGDlxFRYZrkdd4AAIPC6C/9gWu Uq5RUAGnwP9rXp9dA5JFo0bjVp2et1XOqw/Kwitvyg2WBFJyHWvnblmsaiu/1g+1VbasTDkXZ8f 6LxaF5OY14KELG75se+YqcbGral9HA43XJPKHsNoxaL0XEn6BXnNIRn1SofNH6e3F9KFNDwH4t+ cdU5zzFlvTyLVWNC79IcDeY85vJ4jdK2mDIAdAe3Cex/UG19Laj0PxpuFOnJt42mayTUD5si6aN QYtoh26f/lkpU0IsWMW9dmBaHvR0z4fGsOny6jQ3ySxwxxLt2Rlbe4qz2sPF X-Google-Smtp-Source: AGHT+IEeYZ54rRUbGdZQIOlhhcGLgC+WoktvweDeP2f3Op4uks5fDxTwn3C0YXbJAivdUXc4ZCp44A== X-Received: by 2002:a17:902:d4cb:b0:216:1d5a:f348 with SMTP id d9443c01a7336-2219ffc3d7amr90719385ad.11.1740419117182; Mon, 24 Feb 2025 09:45:17 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-220d5349634sm180515125ad.31.2025.02.24.09.45.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:16 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v6 2/7] selftests: x86: test_mremap_vdso: skip if vdso is msealed Date: Mon, 24 Feb 2025 17:45:08 +0000 Message-ID: <20250224174513.3600914-3-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Add code to detect if the vdso is memory sealed, skip the test if it is. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook --- .../testing/selftests/x86/test_mremap_vdso.c | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tools/testing/selftests/x86/test_mremap_vdso.c b/tools/testing= /selftests/x86/test_mremap_vdso.c index d53959e03593..c68077c56b22 100644 --- a/tools/testing/selftests/x86/test_mremap_vdso.c +++ b/tools/testing/selftests/x86/test_mremap_vdso.c @@ -14,6 +14,7 @@ #include #include #include +#include =20 #include #include @@ -55,13 +56,50 @@ static int try_to_remap(void *vdso_addr, unsigned long = size) =20 } =20 +#define VDSO_NAME "[vdso]" +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool vdso_sealed(FILE *maps) +{ + char line[MAX_LINE_LEN]; + bool has_vdso =3D false; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, VDSO_NAME)) + has_vdso =3D true; + + if (has_vdso && !strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + int main(int argc, char **argv, char **envp) { pid_t child; + FILE *maps; =20 ksft_print_header(); ksft_set_plan(1); =20 + maps =3D fopen("/proc/self/smaps", "r"); + if (!maps) { + ksft_test_result_skip("Could not open /proc/self/smaps\n"); + return 0; + } + + if (vdso_sealed(maps)) { + ksft_test_result_skip("vdso is sealed\n"); + return 0; + } + child =3D fork(); if (child =3D=3D -1) ksft_exit_fail_msg("failed to fork (%d): %m\n", errno); --=20 2.48.1.601.g30ceb7b040-goog From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2420264A94 for ; Mon, 24 Feb 2025 17:45:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419120; cv=none; b=loIsBQG34Xh97WO0YOAcP/NcJOkYK0fZZ9ter905HfQ1kXniE+Zobn0e2GwMb2v8yAPtugUUD/ldAXrHZmxGUcjboc1hLliSenSbeS3pWcFqNIq4qnot+wecS36hO4K0zuwKshg8otyARpbyMKdvvIYZIRAz5DGqzVtZAiq7xEk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419120; c=relaxed/simple; bh=xmzHvPBJYWRbOVSjpydPwly34jcpZ8PFFtLOGdMVeNc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PgQojhsHF4YwO74ZfVe4CuM/yuZlYpOmxbIOBUi+xsLc1x0kTCgVTGSz4WLrD1lIQhCBd9euKShx7Dpgz51STbiweCPKN62rcrbwxJ/QB5yCD5hf07AJtoARp1/MZ7XkN46ARuV55RlEDNvA7eHnBtfC7cUkwQKnt32TtWzBk28= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=hToPXKij; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="hToPXKij" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-220d27d490dso11076125ad.2 for ; Mon, 24 Feb 2025 09:45:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419118; x=1741023918; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=X21CnZpPkRdzfQTLm/xqoLd+RlCmfK8svSgo70Yr8/I=; b=hToPXKij9wa2grAVlezoNjVExcAYcEXvkLIATh9k4Stl4adHeYafdPoY0cwjtBvjdF b56FYlvthXEU7Vbr7aSo88/RH+nZ/ofXgZ29PPEYH1uylC9bpBoZ9mA4Phsz9M/lRj5E Q3stZmCfqy0kT8QVMgZojJ+lpnq3zcLeOawRo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419118; x=1741023918; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X21CnZpPkRdzfQTLm/xqoLd+RlCmfK8svSgo70Yr8/I=; b=p9wF8T4ufIUcUfG/QCfG6RwW9IwxigS62yIX2tQZHmqzVeEbIUMEJOKZ2jDQ3CgSE+ 0R+r+GtmBxesft6/CcEEWypG97uTVpD8xusIm8/SmHdX2yRRe99ZGQL/PAoyiGk82+9p XyocNM+eTchDC83K956wo3WmDVI5DSQUECfn1CHNuhCnz5GImEwX46CcHmUo1uYUNaGL RReiPZhrST5C9/jY0FlJSKWB7r70wsk/nhIzJaxV1YvSHe1KTzB4VDxJmiiaZJSQiyYh b3yM6/LUT+J3d/jAdhWCiw0xcTSQIP1wPbbSnbD+PZEwP0pIvcJbEJDLfclACaSAXT7/ bwoQ== X-Gm-Message-State: AOJu0YyXI7aGfnURIvmuKv4SQsIBXLYIP7n/ws6oVhekjlSs0fZ47HDg jRh4lL2cS6zR5EVyaRPxPfcTCZugK/taU+Yqq/pRirQH/R5njuNd/wiDm8n+/BXeKqMnugczGuk = X-Gm-Gg: ASbGnctHNFD8iwp1BEAbc4YNlNwSQlalaIOjzq+HgQpsiFpoROiS6kJg6bfx9ChC4rv lkGp+Xt66u8cqMx4/3j3cghyRyyHfyOyKPHRdyEtMiVG8PvTP2MBi1k8vJi3tjn0rEkPz1dm5+O Prbo2GBQTE0fiA1Vy+vnhuHDOFIqbVvPe6K65WRrMElrz1Z/KWxlyd4aQ4Rj9RbbHl3u5ap+mPn tKFlP1yyvQZKS4ocSphLnBiqZOYBnv8BVWzMzSuyGyC2ewZzzHA6XXjo2yj5Ci6LA+/VfJ+93Fa Wytl+A89e1QwnLbU6GJgBABk50QubrgRkT5YIggEEz6NCv1Ze+tU4CZAp1n9 X-Google-Smtp-Source: AGHT+IEIEwr4JLc08uaTem+ZJWi2exsrefWwA9KhDKMeXGKBmCEayibfQPpqr5pLiU9niDft6DfzOQ== X-Received: by 2002:a05:6a21:999f:b0:1ee:e16a:cfa0 with SMTP id adf61e73a8af0-1eef3dd0ddemr9610048637.9.1740419118151; Mon, 24 Feb 2025 09:45:18 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id 41be03b00d2f7-adb5a92c6d8sm19248497a12.65.2025.02.24.09.45.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:17 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v6 3/7] mseal, system mappings: enable x86-64 Date: Mon, 24 Feb 2025 17:45:09 +0000 Message-ID: <20250224174513.3600914-4-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, covering the vdso, vvar, vvar_vclock. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu --- arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vma.c | 16 ++++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..8fa17032ca46 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -26,6 +26,7 @@ config X86_64 depends on 64BIT # Options that are inherently 64-bit kernel only: select ARCH_HAS_GIGANTIC_PAGE + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 select ARCH_SUPPORTS_PER_VMA_LOCK select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 39e6efc1a9ca..54677964d0b5 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -247,6 +247,7 @@ static int map_vdso(const struct vdso_image *image, uns= igned long addr) struct mm_struct *mm =3D current->mm; struct vm_area_struct *vma; unsigned long text_start; + unsigned long vm_flags; int ret =3D 0; =20 if (mmap_write_lock_killable(mm)) @@ -264,11 +265,12 @@ static int map_vdso(const struct vdso_image *image, u= nsigned long addr) /* * MAYWRITE to allow gdb to COW and set breakpoints */ + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; vma =3D _install_special_mapping(mm, text_start, image->size, - VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, &vdso_mapping); =20 if (IS_ERR(vma)) { @@ -276,11 +278,12 @@ static int map_vdso(const struct vdso_image *image, u= nsigned long addr) goto up_fail; } =20 + vm_flags =3D VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; vma =3D _install_special_mapping(mm, addr, (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + vm_flags, &vvar_mapping); =20 if (IS_ERR(vma)) { @@ -289,11 +292,12 @@ static int map_vdso(const struct vdso_image *image, u= nsigned long addr) goto up_fail; } =20 + vm_flags =3D VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; vma =3D _install_special_mapping(mm, addr + (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VDSO_NR_VCLOCK_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + vm_flags, &vvar_vclock_mapping); =20 if (IS_ERR(vma)) { --=20 2.48.1.601.g30ceb7b040-goog From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 128ED265603 for ; Mon, 24 Feb 2025 17:45:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419121; cv=none; b=nygqn3O4KE8j2zfCte4gLtQMYMPLamB9bJOGp8fQUCKkebJn0VFOuL8fGE+jxGOB0gAC1xONxk+VGvDrpQMK30ROSmuHloWPgUn6R43IWv2gINuInCmkEyUvgKtmzAAifEw3ZYX9Ip9WfkesQDcNg+eQpo5W1hBi2L7esDMNWgk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419121; c=relaxed/simple; bh=MByr1qSJf4aiThtlCgoHWdU9O7TLM5j5t1IkQC3pHcM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HhYSN/NonZRQFWfJA5nsLVewcEdDabKVe98Jg3kPm1KJtdBcawVtU77EGWQZbGe7RLRema43jB0YGzSLLY3e7Ny5KJvqTpiVHesgjVE+kSsgvvjdch36xjZBg0MSFgY0mu9+cGIcBQJsAFymVSiNCWJ0Ro+gKkIdcxCkQsLrgcE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=WSi85Eo9; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="WSi85Eo9" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-220c895af63so12041055ad.0 for ; Mon, 24 Feb 2025 09:45:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419119; x=1741023919; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=83PJNkO9JARY6UfrwtNSh9B3t1cYA+bhOuyhuOOAsAw=; b=WSi85Eo9Heuy3mg+Asys2Hhzic5ARjz0b/ai3X/rEnGpBKTID93bAWzBRMLWiRhEe9 jJbADMmvQlD02TBu6vKXxx+wNsIoGNBOx5/wPyv9SnDGyMb97UCrHwmcJOx29dx6xYt9 5M+UyfzgfGV+Dcx6Zzxnx1wcIys8ynk8MFmrc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419119; x=1741023919; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=83PJNkO9JARY6UfrwtNSh9B3t1cYA+bhOuyhuOOAsAw=; b=gL/SfzZ2CZbj9FPt51OKfg3ogxLAxXzNiwYduoP3m/0ivwfaPWjpZ6GI3ycOhbnN1J 2uMKV55M6iTd7inMpbqF9LgQTOclEQNj6i2mHeqpRs17Hk44tjL0WbWHiqC6LhdVpsq4 l8wh4pTrezdw6NxXFFUaW3ZA9/Rf7e5Vct6UVj8aZn6q0vIfKFVpgTgArJgKva5v8I8m yRyg8wYpl1hmdK+5CMsEj5NK091ZqX+qNqm1bp5K2UedPXxzb2Z37zLMceHSmd0HaVtS s2uAG1WuPL64TpuIqwb4A6PWQKy8GWJ1sSwR+7q6PLf/dzhpibj/4YZo5CgbZaClDyPg YBOQ== X-Gm-Message-State: AOJu0Ywpvtb0UgsKhkevihtueH8xz4228z5y4qknXk0JIPmHHboFYl1Z UNqDl8AW6HikCytZq0Gr+xQr+iG7KKLWzW+5t5G71lJGAmDMoOgPXvMYlpTxsw== X-Gm-Gg: ASbGncvBiESz20UefaL4iqmRJaeGDaCugmfYzjW+ujtu8Aj5RB0tDNu0BoC4IXHeV00 o7ABTAL1pcRHLiQej7hqqTtgXYwTIUnsHouZzG043fyIzgeRP4ZOrRewjoPWkeFBDiTcTcB9D01 ZSEB3IzDlFk6Zpub4GU58B8ta+sT30HVo1y9UwrFQFIBHovv2uBZV8XavimXdUe0Q+fegY7m77c LOxtE3r1ZXq8a4ciUnx2TMmvlwzWG2LFnO+yGS8BZ0/Y9njDyut/c/EGUdjyIx/uiLm4AkvPJ1w cCIWEsHo60hoYGU5Ppt+x7hPsPn/q3hxxTc7XcEUXqmxf5TnPBMDVOLbQHKg X-Google-Smtp-Source: AGHT+IENcuh0GalF98aZHKN5+tl8yLBoqJnSu897mR97ZSdm7iKR5lpyIJSzEx3gH73SJaU8KQn4bw== X-Received: by 2002:a17:903:22c6:b0:21f:f02:4154 with SMTP id d9443c01a7336-2219ffe0dbdmr89037615ad.11.1740419119262; Mon, 24 Feb 2025 09:45:19 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-220d55850f5sm180508385ad.208.2025.02.24.09.45.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:18 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v6 4/7] mseal, system mappings: enable arm64 Date: Mon, 24 Feb 2025 17:45:10 +0000 Message-ID: <20250224174513.3600914-5-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on arm64, covering the vdso, vvar, and compat-mode vectors and sigpage mappings. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/vdso.c | 22 +++++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index fcdd0ed3eca8..39202aa9a5af 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -38,6 +38,7 @@ config ARM64 select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE select ARCH_HAS_MEM_ENCRYPT + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_NONLEAF_PMD_YOUNG if ARM64_HAFT diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index e8ed8e5b713b..fa3b85b7ff01 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -183,6 +183,7 @@ static int __setup_additional_pages(enum vdso_abi abi, { unsigned long vdso_base, vdso_text_len, vdso_mapping_len; unsigned long gp_flags =3D 0; + unsigned long vm_flags; void *ret; =20 BUILD_BUG_ON(VVAR_NR_PAGES !=3D __VVAR_PAGES); @@ -197,8 +198,10 @@ static int __setup_additional_pages(enum vdso_abi abi, goto up_fail; } =20 + vm_flags =3D VM_READ|VM_MAYREAD|VM_PFNMAP; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; ret =3D _install_special_mapping(mm, vdso_base, VVAR_NR_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_PFNMAP, + vm_flags, &vvar_map); if (IS_ERR(ret)) goto up_fail; @@ -208,9 +211,10 @@ static int __setup_additional_pages(enum vdso_abi abi, =20 vdso_base +=3D VVAR_NR_PAGES * PAGE_SIZE; mm->context.vdso =3D (void *)vdso_base; + vm_flags =3D VM_READ|VM_EXEC|gp_flags|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; ret =3D _install_special_mapping(mm, vdso_base, vdso_text_len, - VM_READ|VM_EXEC|gp_flags| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, vdso_info[abi].cm); if (IS_ERR(ret)) goto up_fail; @@ -326,6 +330,7 @@ arch_initcall(aarch32_alloc_vdso_pages); static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; + unsigned long vm_flags; =20 if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) return 0; @@ -334,9 +339,10 @@ static int aarch32_kuser_helpers_setup(struct mm_struc= t *mm) * Avoid VM_MAYWRITE for compatibility with arch/arm/, where it's * not safe to CoW the page containing the CPU exception vectors. */ + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; ret =3D _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE, - VM_READ | VM_EXEC | - VM_MAYREAD | VM_MAYEXEC, + vm_flags, &aarch32_vdso_maps[AA32_MAP_VECTORS]); =20 return PTR_ERR_OR_ZERO(ret); @@ -345,6 +351,7 @@ static int aarch32_kuser_helpers_setup(struct mm_struct= *mm) static int aarch32_sigreturn_setup(struct mm_struct *mm) { unsigned long addr; + unsigned long vm_flags; void *ret; =20 addr =3D get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); @@ -357,9 +364,10 @@ static int aarch32_sigreturn_setup(struct mm_struct *m= m) * VM_MAYWRITE is required to allow gdb to Copy-on-Write and * set breakpoints. */ + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; ret =3D _install_special_mapping(mm, addr, PAGE_SIZE, - VM_READ | VM_EXEC | VM_MAYREAD | - VM_MAYWRITE | VM_MAYEXEC, + vm_flags, &aarch32_vdso_maps[AA32_MAP_SIGPAGE]); if (IS_ERR(ret)) goto out; --=20 2.48.1.601.g30ceb7b040-goog From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 787C9265CC7 for ; Mon, 24 Feb 2025 17:45:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419122; cv=none; b=YJiO63nlpHBHxJ/5TdUarHXhbzAQW2DFDyM9o/gz18op8WkSu9G5O32wvLxnGSLH4NOluDyRhHYd3uBAI4+RVCQzJs/LhUoRfWpgk8KmTeNogXsGlyJp6vWo6H2ukyO5QozUU2kGvVX0r1kxJ+73N5iTBxwu2BiFM0aD4G3/vDc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419122; c=relaxed/simple; bh=Uk2AWseJqK82pjVKDpunCE3RpWexobHlM85zZUMX3CE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aWLL+Eb5v93KrMg27ewHSIphF+wRxqQqlfT5m8saSsHudniAcP3SKGMitlj4SyhkHN00l/R1/WLF1+rbo+2b0s98qSaezTtxKnqXUMOgrgNwkABqbVAmY8AJgtHd6CRR2dMelEKcT7ddJ2HYfQZmNq3k98bgeZuGdUjWr99+ZSw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=W6799ISL; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="W6799ISL" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-22134a64d8cso11339565ad.3 for ; Mon, 24 Feb 2025 09:45:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419121; x=1741023921; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uF6v4BAgInjRNjkqN7tLcQhcZv2LNrGaf63b7a8eFi0=; b=W6799ISLIZIQMsswIKItspexqAysbUYphZUwt5VCGMLFuxMdsO9et90LthCg8lIlqK F4KU3DFtpbjlVAq+IgkI4yMJubO2Y6eqgOXtLPuu/vCAXKp/S4tIwqzmQY7q7lHL1A79 2R9UGljo0wdEk00a+Smfak+AsuHZfzidtFHBU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419121; x=1741023921; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uF6v4BAgInjRNjkqN7tLcQhcZv2LNrGaf63b7a8eFi0=; b=nH3vvlsRwjT0DMyKHxSvGD1qZkjcPGIh3p+EcxaMQlKDXSE2P9COREOem6B1pgb2Ar cNAysznbifi5ZbzueN6QWxmZj65l8IwiqckDJL3zhRibvY8kJ7d4GKDty0ib9cUjLuog oy3ACbATXpvQ5CARFSuHmTPfnviV+vk9BRJXLGrEwQZcKOpeFSOcvjXDhe7eJmV1XSqA HEe1bNhcqEwnQ5t7W9gk6o8udRwJBvMWVOC0+LA4bkaCPMKzLw+1VBs3Zpr1syE/97vm pqa36HE4M5bGgPm91s9rIsLxBHdSGB14B5JwXZWAkLPb+OTydfFL6BDLE4fAiubphP0Y 6aYg== X-Gm-Message-State: AOJu0YyNB+MUABA2rVufvWcgwBctz/GDk0Rb88Z163i2yrPqksU8uzif YqXtD9mRo4cOruX4QDW5sACjO2RnOn4+hQX9ZiTdQa8n/KTV0+3OUsDzwx9eUA== X-Gm-Gg: ASbGncvhqXVgx9RGq8xFPNT4SvkyEdEsMlyvp+CnRqu6oXHteie0jnwBnRh1e5uLLpq +78F9Vc0Pj4bk8yWA6Y+UAV8zfxtFgbV/NhXghzF6iUPTPHMQYgGKjuouLSEidMGshrj9GVS5Eu lfECNzzrjlw9QlUMz0i99MYgQ/5DKzIZUb8/vPJr4GnHBbvUVwKldYTswUEZwCHSkJHSYA0gQky 9nyQwW2UBlFBCFVVC6D3T2rtzNG3Q+WqCkSBVv3TUAcQctKp/I14uiaBjytAgbyL3+mSYDm+rgd M1NLrp/Z8nK8ARvoXx50b7Syg8ihMIjIlwAaKCYmCvAsouYAwnpyxvNB6crl X-Google-Smtp-Source: AGHT+IHchQT9dzoJY2LEcYJPdtfWM7ipynXQ721dymkyqhvRjPShYl+mqIPBkEeCSpT4D/DXL4HZjw== X-Received: by 2002:a17:903:22c8:b0:21f:b7f5:ee58 with SMTP id d9443c01a7336-2219ff5b3e9mr87660905ad.4.1740419120715; Mon, 24 Feb 2025 09:45:20 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-220d5586080sm181990315ad.229.2025.02.24.09.45.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:19 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Benjamin Berg Subject: [PATCH v6 5/7] mseal, system mappings: enable uml architecture Date: Mon, 24 Feb 2025 17:45:11 +0000 Message-ID: <20250224174513.3600914-6-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on UML, covering the vdso. Testing passes on UML. Signed-off-by: Jeff Xu Tested-by: Benjamin Berg --- arch/um/Kconfig | 1 + arch/x86/um/vdso/vma.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 18051b1cfce0..eb2d439a5334 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -10,6 +10,7 @@ config UML select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_HAS_KCOV + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_STRNCPY_FROM_USER select ARCH_HAS_STRNLEN_USER select HAVE_ARCH_AUDITSYSCALL diff --git a/arch/x86/um/vdso/vma.c b/arch/x86/um/vdso/vma.c index f238f7b33cdd..ee6d8a58f9f6 100644 --- a/arch/x86/um/vdso/vma.c +++ b/arch/x86/um/vdso/vma.c @@ -54,6 +54,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm= , int uses_interp) { struct vm_area_struct *vma; struct mm_struct *mm =3D current->mm; + unsigned long vm_flags; static struct vm_special_mapping vdso_mapping =3D { .name =3D "[vdso]", }; @@ -65,9 +66,10 @@ int arch_setup_additional_pages(struct linux_binprm *bpr= m, int uses_interp) return -EINTR; =20 vdso_mapping.pages =3D vdsop; + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; vma =3D _install_special_mapping(mm, um_vdso_addr, PAGE_SIZE, - VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, &vdso_mapping); =20 mmap_write_unlock(mm); --=20 2.48.1.601.g30ceb7b040-goog From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 514A62661BA for ; Mon, 24 Feb 2025 17:45:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419125; cv=none; b=FbmXulDnTFQDjL/fKCi3djLBdl/meB1u5nU0K2uIHqrIKcqUqAQyID/nmKN+XtceYWixBGtNrpAB64g4T5NYUDOC0pT2QFf8HEG4zmeTGUqa5pMuRFn+aHy2I0h4S+FOuEL8l2/GryJdOM/HWExlxCYPpqzKocBcKU35vR6xTYU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419125; c=relaxed/simple; bh=GaZ3NHGqOhxDUVbP3LqTaXZumX7Y4lZDhfizHB7R2Kk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MPLLcJCepkq0VNYPOD4dfU9+i8tyLLSRvS0F+oUCYm514WYFmTewvTVGiwTd3cOxpaHP82KQxzx6a4LRilFTBwuG81ysqPTojiKUl20bLQ8Ec36MBpKHUd+w76ZxD8y/ngrAfyUC5rptE++ZFLMbOorr+YXw+CvAUcbWmyv/uPk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=IW7AmgjR; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="IW7AmgjR" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-2fc0ab102e2so1225580a91.1 for ; Mon, 24 Feb 2025 09:45:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419122; x=1741023922; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pPTxJ+9VApNW1wIyXAimG9WYLhdSeBQuD2wh8D+5JoY=; b=IW7AmgjRUZVUtX8De3//5x9KrWT+xqHCNPoU2YkjrQjBwYZu+RifIoaJxuGmoTQtg8 UzNJTuFt+9K+fFb0SsyrRrSHrOOSMDJafEfDFs11KuishRJa7NT5f9KjHtYkWPM9EMU8 sHnoZ9xpj1OKDf/eEBI68ks7w4g1Jh2bCgwdI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419122; x=1741023922; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pPTxJ+9VApNW1wIyXAimG9WYLhdSeBQuD2wh8D+5JoY=; b=BoHwkq6L6LhHaErbxr1bFtkDElsH1CEYjtINs9RyhU4MOfwJc8k075LikNH8h2JbZX trv2aK1+R4iKqjh5MBjBQlsUWtUTwTdgafPjnPk0oy7BamgTaJ5ynSM/2YxA1kjLAq+Y 5Y1yO4ZBrlLUtu/30zXYZI61YWLIYHUfbKI2Vzkmfs8hf/EiLIzA9YDmuenjlRnW/tuP 6bx2unMBSEBSMML5RBK6s+QUyc0ZGLGD+kBNTywYQs+rluZwCipoYliGHrWQHpgR6snq 46Gsyp5i22fZty5FNz1Nga+HUP05aT9HplUWmLUaGOPacUD/Hs8JExBhjx2dl+kFLBCi T6Dg== X-Gm-Message-State: AOJu0Yy1YvpdI68A58EjkvWJGoX0DIGPuLuze/Ju+tagOjn1WSkCL6Sj QR5a76CE++NM6wRjoIENzEVgvaev7e659Grn7Kr7fR7SiGQXgRW2rS0EViihvw== X-Gm-Gg: ASbGncuTyxTrUw5Ky4LYuqz8pSKAHwwAXTL3+R7UsD1bN5DCmPLE0ZyX0l6jX00pw7T xFmrjYigKtiG33NPFYv2Mt11zEx33C39R7M6HW6WNQ8Uij85PT70cuY19BKGirsbwNUdcECYIgg A/cs/LMuJ6YCkHFSmUVl5JLNMNg/MRoN13cKsZVlaQxMJJvHDWI6TjBdEEkkMDE0OyrA9jf8sQy fBcY6DAyDVMy/j1Zv2nY7hugjLqpLPIxtNxwncTuJea2BmhgLc4KrtmvheVttwTEwKqNNiI++w6 0a0kYUeuHXIAL1uTzzoUFwpfsL1yUThOPNfGwxoSeGFAM+44IM4sHX1Xmn6z X-Google-Smtp-Source: AGHT+IHP5BJhLkG1y5WlyMonne7HfrmaKX102f8M0T9GVc1W+S/OC3k6B6HWY8ssc4OyfR7EtUf+nA== X-Received: by 2002:a17:90b:3848:b0:2ee:cbc9:d50b with SMTP id 98e67ed59e1d1-2fce7aef973mr9370465a91.4.1740419121838; Mon, 24 Feb 2025 09:45:21 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id 98e67ed59e1d1-2fceb02d9b4sm7708790a91.6.2025.02.24.09.45.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:21 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v6 6/7] mseal, system mappings: uprobe mapping Date: Mon, 24 Feb 2025 17:45:12 +0000 Message-ID: <20250224174513.3600914-7-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support to mseal the uprobe mapping. Unlike other system mappings, the uprobe mapping is not established during program startup. However, its lifetime is the same as the process's lifetime. It could be sealed from creation. Signed-off-by: Jeff Xu --- kernel/events/uprobes.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ca797cbe465..c23ca39b81ac 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1662,6 +1662,7 @@ static const struct vm_special_mapping xol_mapping = =3D { static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) { struct vm_area_struct *vma; + unsigned long vm_flags; int ret; =20 if (mmap_write_lock_killable(mm)) @@ -1682,8 +1683,10 @@ static int xol_add_vma(struct mm_struct *mm, struct = xol_area *area) } } =20 + vm_flags =3D VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO; + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; vma =3D _install_special_mapping(mm, area->vaddr, PAGE_SIZE, - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, + vm_flags, &xol_mapping); if (IS_ERR(vma)) { ret =3D PTR_ERR(vma); --=20 2.48.1.601.g30ceb7b040-goog From nobody Thu Dec 18 08:29:43 2025 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A1E94266565 for ; Mon, 24 Feb 2025 17:45:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419125; cv=none; b=UeNBI7AUPRxBuIpsU0UwMqjH2g05MhOuz7zvvwrhPPzXBsPy8Q8QaQSbP4xlyNp4gRr/yDTyejw8ASLXc/hp/L6+7KdRYrivePk1cvnaqmEDFCCmEk8OHqM2+KX7GsibyMKWRq+Ch8Fis90TFB52vpSaNo2FSNeSQd0cc60uv/Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740419125; c=relaxed/simple; bh=1BOlD3CY7Q7i+Oz86sDe82UKyhlevhIg+0IIHAWWAOY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LEy3PQBrcZUBtPeV69uZ+tNNHtwhxZGa93kUU+ErB2Ynn8xgaMjQhG4tyADQFpwFmmtPDbkRgosFU1hkdTKf8Xs4dZ0O0gEptw5tIYVVTXORM1Y/BugV5T6/afqmBgLiukeuF+wclib+bhI/M7QQHiEjT+6cFoQi3Emu5Ocq1ro= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Rseh1RhV; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Rseh1RhV" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-21f8f3bd828so10201025ad.2 for ; Mon, 24 Feb 2025 09:45:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740419123; x=1741023923; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NedlQ833R+dfasjp2xtVkBoypa1M9tQutc1AiNG511A=; b=Rseh1RhVrbWeM2VulixoeyKqs9Qj49KooO2MR9jLWT03wzMGYNUsJUm2SoH6a5vCxY A6uJfT+81yL5v20/BLjyROgzUGW3SiB6pJnqpDH4gXD0UDzdkmiPcUz2eglNmAU0qfOq wa0Q2rbElFdCHaN7l785aOqpbiJrKkdHwzquE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740419123; x=1741023923; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NedlQ833R+dfasjp2xtVkBoypa1M9tQutc1AiNG511A=; b=VIU07dgu/T07lm702IF7ASPGYjQNjSEg4vHI/UQI1tlzSkjaIJ1ViIe3KAz2wWNaRB 88PnsPomlYw3Z5UdYAQEGRNNn1JpKgC85Gzq8GgoTX+TM/Ml7h98W+oXtb27AfYzgB5Z BVsDJl5O6bcpUMtd3LWWi/XQjBiVwiepM9vFG3k2k3na/8x3DGtXAkn0IClPdlm+6h/l YW8PEOKTgZ+IAboYLzHA3i9XvdVUASboeYoJ3INy4JgeM741MUZmdwkHmwbX2vcf+V5Q vQW4f6PXrEghI9AVa7aiyzJ54Y1kDE47l7P3P1WhaQ4OFXApgAj058xwVlZrb5oV9AmX iKHg== X-Gm-Message-State: AOJu0YzjwAavggU6r2jBmiCsDjigiG9tgfPpjsAhvbNB58kiGLT5YtCC PwAYge6PHKAjYWUtiLEijiBNsAscNxQ9OE5Mu3aZK57eXBAtuIiO4w1salt19g== X-Gm-Gg: ASbGncse23xMCls+PAIhxy3aUODMsi3n0J0GFk7zOrE2ZasgNCfM0SAjPY2l5/lO+4F ZKLzvhnkK4kiGp4EHuFln8E4qG78kDXoGKHJWVA/dpwotiIEFXEJ1psVQklIUagwVcY28i7fDqn yR99xWI8xyQFEHWJC+FNltR74BKhukSShSiQCjBuPIybdt9cLM40rULqeG4mpkJwqqlntmb+zrk swhCKHdOsqit/P1FmfysDGuj1GAZJG9R9EkrZ72mJXpo6piJLYElUzNeryopQH4Eqe/ILXk+C3r NNWmMlYJMoZLB0QpsuMydf87JlFsHCJ6MkpobPHgSCmhx3d3uSOsoz9SGJJ9 X-Google-Smtp-Source: AGHT+IFZVTqhLnFv9AH6bcykjpAlvnpYSGZUQrdwYTW7+qFqbmLc8OL95CLeT9nCPZhlXuZDXrrHjg== X-Received: by 2002:a17:902:d488:b0:220:e98e:4f17 with SMTP id d9443c01a7336-2219ff39595mr87888225ad.2.1740419122867; Mon, 24 Feb 2025 09:45:22 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id 98e67ed59e1d1-2fceb093d96sm6756326a91.40.2025.02.24.09.45.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 09:45:22 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v6 7/7] mseal, system mappings: update mseal.rst Date: Mon, 24 Feb 2025 17:45:13 +0000 Message-ID: <20250224174513.3600914-8-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224174513.3600914-1-jeffxu@google.com> References: <20250224174513.3600914-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Update memory sealing documentation to include details about system mappings. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook --- Documentation/userspace-api/mseal.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspac= e-api/mseal.rst index 41102f74c5e2..10147281bf2d 100644 --- a/Documentation/userspace-api/mseal.rst +++ b/Documentation/userspace-api/mseal.rst @@ -130,6 +130,13 @@ Use cases =20 - Chrome browser: protect some security sensitive data structures. =20 +- System mappings: + If supported by an architecture (via CONFIG_ARCH_HAS_MSEAL_SYSTEM_MAPPIN= GS), + the CONFIG_MSEAL_SYSTEM_MAPPINGS seals system mappings, e.g. vdso, vvar, + uprobes, sigpage, vectors, etc. CHECKPOINT_RESTORE, UML, gVisor, rr are + known to relocate or unmap system mapping, therefore this config can't be + enabled universally. + When not to use mseal =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Applications can apply sealing to any virtual memory region from userspace, --=20 2.48.1.601.g30ceb7b040-goog