From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41F7E20969D for ; Mon, 24 Feb 2025 22:52:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437570; cv=none; b=Zzb9OtmbvSpYNNKblwr+gfAWyApVTL+fPQybz8ZG8tz5TFWXLqsm3kZQEqZ3h57ICwcX//Gsx8t1lyIP/sLSHP/Rr4BwGtFVhoTY4F6Em+1UqIFPkuQtGgwKe5EJXHLCxHRr9FpLjDaf9lzAEVy/DLkACTUQ5YkeIsSl0kWcuLk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437570; c=relaxed/simple; bh=EHkej4atJd0rKCJJMNxCG0jUmkBMWzE6gnyd/AI989c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RuvgRPwr+MZDgz8tXAf0qumVQLmZU/0Nlnh843N1zy4Z8qkliaSgznuPSMFXc8f9xcqoNxMv2UusTmxs4iEwvxMLP4/MQ5WQIzsx6dtUVZ3W0vUIOvID2pXG9qH4QmFVGB/Y0fj7CAUD5jDgnNf9zDQCGo2QrOJ5m9JV1LpWIZY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Ib0q1WoB; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Ib0q1WoB" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2210f7cb393so9909155ad.2 for ; Mon, 24 Feb 2025 14:52:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437568; x=1741042368; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr43TU7OB3/UBZWZ8a0+AJgECDu1pAru/awGEv3HrHg=; b=Ib0q1WoBriV+lqB4vcR+l2nhJmV9w83ObklUlhFf0RfJx99HDE8x10HQXtKqV9AA80 tn9c1LvIE1LIAsV2dItDv2mGp6c340aEIj86xL1Vkgv73Ww+o1QIc6o580clViSwgc+P /+ln1pP/WfakTtoiVPnuUtxfeJ+iF06pTgIOY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437568; x=1741042368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr43TU7OB3/UBZWZ8a0+AJgECDu1pAru/awGEv3HrHg=; b=MbtW/zCNBsozwRoO2Er3nllwe0e5TCV8EZvfjCPSxhWml7tOMz+VY6GUYB0ruj5Ob6 hJyWZNlKEq1Zk9u79XeRvA6KCo/USzh3I7TYy34RhUirULvx/C8xHodj3Pf4oB1pJH5P hl07CJKwp5z7oOyummICT58x8F+V4H0t3bXvmE/xmB5HJ7PYZbhtwzMdV2lkWX3lcnuA Xc3uFKnFTvku2N4C0e87YMxW+Rjq803yx8uTkGatdJ3Vuo1HD9FMdv6D22miiLzkDVej QXhwF+f+hDmZjO2a9YKBpzo1/7fTgbvEOZmMqJpaSgbmWU7oped39k2x638JZMn+MVII Zy5Q== X-Gm-Message-State: AOJu0Yw2dPC0KK59jx/WTTaDWm2yum2ypa8vx+DzyGyHS/8WcFnpAetr oD/TbEZd+sRQr6/yeJlt+ylDnyjzuCFJ6ZRfbogj9j/qPq/RApYJvWYXMqq2Sg== X-Gm-Gg: ASbGnctCnZ1y8AXg4+d2zdMPoBXHbPJIfomAA68aecOK3mUza/kWLpU1Nm080Hi1QIc 1KJtCO1LPtViGrQDympCeqWsAAegezQd0KpYbQaP8y74vKtewllk2ht6BdTGcVP/pcBOpcKQDLg rfJvKK0J447OH7LjFgpL23iw2bD+5/tu4YfjgVO3WMaqMT23qxGr5y/dx7njgYCZgbXdbvnod71 yU4TTdbsrxywKkQqKhvmq7RMkS1utg2KVHh1BPlZ92nuwZ+Vk/yWV9ze9hVUdCBKDxcqXStIBbu xVI8uRCzD1+zaGqWLs5TTo6KuRd5BW4FiB3wfckMEnv8hiNTmz8xH53+JfkU X-Google-Smtp-Source: AGHT+IESaZ58UChl4iGsoSvsujhtUwwJr3CbpWnJiWfiHt9MzqGV0YmPpuc1uUFRRY7FoYU65Kkk1w== X-Received: by 2002:a17:902:da92:b0:220:dae5:34b5 with SMTP id d9443c01a7336-2219ff5f4b9mr92927075ad.7.1740437568464; Mon, 24 Feb 2025 14:52:48 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a000a73sm1412625ad.42.2025.02.24.14.52.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:47 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 1/7] mseal, system mappings: kernel config and header change Date: Mon, 24 Feb 2025 22:52:40 +0000 Message-ID: <20250224225246.3712295-2-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide infrastructure to mseal system mappings. Establish two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS, ARCH_HAS_MSEAL_SYSTEM_MAPPINGS) and VM_SEALED_SYSMAP macro for future patches. Signed-off-by: Jeff Xu --- include/linux/mm.h | 10 ++++++++++ init/Kconfig | 18 ++++++++++++++++++ security/Kconfig | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 7b1068ddcbb7..8b800941678d 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4155,4 +4155,14 @@ int arch_get_shadow_stack_status(struct task_struct = *t, unsigned long __user *st int arch_set_shadow_stack_status(struct task_struct *t, unsigned long stat= us); int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long sta= tus); =20 + +/* + * mseal of userspace process's system mappings. + */ +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS +#define VM_SEALED_SYSMAP VM_SEALED +#else +#define VM_SEALED_SYSMAP VM_NONE +#endif + #endif /* _LINUX_MM_H */ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..07435e33f965 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS config ARCH_HAS_MEMBARRIER_SYNC_CORE bool =20 +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS + bool + help + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + To enable this feature, the architecture needs to update their + special mappings calls to include the sealing flag and confirm + that it doesn't unmap/remap system mappings during the life + time of the process. After the architecture enables this, a + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access + to the feature. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config HAVE_PERF_EVENTS bool help diff --git a/security/Kconfig b/security/Kconfig index f10dbf15c294..15a86a952910 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -51,6 +51,24 @@ config PROC_MEM_NO_FORCE =20 endchoice =20 +config MSEAL_SYSTEM_MAPPINGS + bool "mseal system mappings" + depends on 64BIT + depends on ARCH_HAS_MSEAL_SYSTEM_MAPPINGS + depends on !CHECKPOINT_RESTORE + help + Seal system mappings such as vdso, vvar, sigpage, uprobes, etc. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + Note: CHECKPOINT_RESTORE, UML, gVisor, rr are known to relocate or + unmap system mapping, therefore this config can't be enabled + universally. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config SECURITY bool "Enable different security models" depends on SYSFS --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BE19209F27 for ; Mon, 24 Feb 2025 22:52:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437571; cv=none; b=G/tvNwoY71utyMRNvIQC4HGX3SPLk4c2/y14rwEIcP6ZHaEGWn2tgOSzbvHzNRbRWpgzpk3Hx9a5jofy6KIcWo0Oj5ZMskQCNtsMUM/CU8uMcLoq7V4PB35YNEWkLNOLrC9Wt+c1cEBcE5mxX+vyhuIc4uW0Uxx2SIPl+r9KyJM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437571; c=relaxed/simple; bh=vx6vB9UgcnLZOWNDu7hZerIV11aErIGRCAi4dguYZw4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XUQLWfDC79PiknzwraM0d0zCcJcUJk1OUlCiv1beLIxY1YIJ3XpnKM+OtiVU2F+1dnbTNRX/bJUlZcIOKAcj74icw3yIeYRk+jzsOmLFcAQDtGm6owMFplihgBOR//EQg5Wx7qYXnNXexLVU09EF76m/neIIgL4rZ30rG7CQwAk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=iJlAgvdg; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="iJlAgvdg" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2211ea911b5so13208795ad.0 for ; Mon, 24 Feb 2025 14:52:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437569; x=1741042369; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uLPC0aGcYNb1lvLik1r4PuSirlrOiN9ljuV/brKB6K4=; b=iJlAgvdgtTCfaG6hOyucqOw1zthzJhXyoPf3t6Hjzd8UNgQKw1ZL4OxgbmboUsgn8S RjI8F9+PArJQgNj45YkaZZN7U+yP9Mum/+ccQQNLJZfDhPx8YQhhwhlTMvHlY14ywlYX 62oT0Hf2zlrA7P78A8JBXzWhWqLDbVEnQXiY8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437569; x=1741042369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uLPC0aGcYNb1lvLik1r4PuSirlrOiN9ljuV/brKB6K4=; b=ovpJC/WQcEDW9Hb3ZV/n/XvozuwsNyVbccFEH5l1KAma0+UWCxIsIhQ/bORPnaW8G7 dh/gR2RxmmAt4Veak+5i9yAqGbAtHVgAudfoWrL4ldKcK0i1zF+ZGRXRgnTQIJbL6Pg+ gdTM7iJaWKg/FNFnJmEgaI2rqDJiAheKZpbOKmC4z2JpM15KYbO6xQESNS8J8YjTc7N+ 5ShbBBZKkyOoPLM2g+6i9S4T2unPvPnxnu9HhgVNYt0dxirn1Ty7yvZWaneAzTbNgHro 4jo5AoZ8kwlGRbVkfXiMgjBCPte0ksQpNgotlyrCxBgHEFZNII6o6nC/4kmKheCaa7y0 ruWg== X-Gm-Message-State: AOJu0Yzl021/bR9WsXvBPqbDtXjSWC1DuDOQ9YCwMpxkV7TiNOo9WOpD Wt0P200BWTmwyCmhTbj3gLt7H4r2LwOIQabkQ5gVFHqmAGygjoyncgqJQHI4PA== X-Gm-Gg: ASbGncuSCUePnNLSHOBkG7faw1Fb3BP7sT/cAA46GD6yjv4dyFj/NuQqW3NJ57OdSGd Y+w8LtRHhKdAYlhIuLwMyTkiSQfs0cHSloqPB7dKt/CNwPkswWiDEmZYEuQIpTTNKuR0TbLXExu Fn94XOa3C4z7FGBMx640FlnvEldFvAyI0bpDaQQ+YM+YxFCcz8xO4aWFWU+O+zugLKgoP53jfmK IFtRhfoA1Jzf41dLm8UdTK87NlION9CyLBRbsv/4TGzelNa2J6/tAcsyyl2vGXTf6wU0MlWgqDO FiFGHiEmQSXbHiYegvKdTSyVY2x5e942HXTaRyGabaUwkgRtLyFTk+23L0mr X-Google-Smtp-Source: AGHT+IHCp48/6UHF/fa/HDiAGSPZBXV+VJjrvt3aHCsldayQ5uHsZNAe0/b2WwYSN5ozi8oGHlQeSA== X-Received: by 2002:a17:902:fc8d:b0:220:f708:b7a2 with SMTP id d9443c01a7336-2219ffdfe62mr95535885ad.11.1740437569437; Mon, 24 Feb 2025 14:52:49 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a092fe4sm1292045ad.147.2025.02.24.14.52.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:48 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v7 2/7] selftests: x86: test_mremap_vdso: skip if vdso is msealed Date: Mon, 24 Feb 2025 22:52:41 +0000 Message-ID: <20250224225246.3712295-3-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Add code to detect if the vdso is memory sealed, skip the test if it is. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes --- .../testing/selftests/x86/test_mremap_vdso.c | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tools/testing/selftests/x86/test_mremap_vdso.c b/tools/testing= /selftests/x86/test_mremap_vdso.c index d53959e03593..94bee6e0c813 100644 --- a/tools/testing/selftests/x86/test_mremap_vdso.c +++ b/tools/testing/selftests/x86/test_mremap_vdso.c @@ -14,6 +14,7 @@ #include #include #include +#include =20 #include #include @@ -55,13 +56,55 @@ static int try_to_remap(void *vdso_addr, unsigned long = size) =20 } =20 +#define VDSO_NAME "[vdso]" +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool vdso_sealed(FILE *maps) +{ + char line[MAX_LINE_LEN]; + bool has_vdso =3D false; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, VDSO_NAME)) + has_vdso =3D true; + + if (has_vdso && !strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + int main(int argc, char **argv, char **envp) { pid_t child; + FILE *maps; =20 ksft_print_header(); ksft_set_plan(1); =20 + maps =3D fopen("/proc/self/smaps", "r"); + if (!maps) { + ksft_test_result_skip( + "Could not open /proc/self/smaps, errno=3D%d\n", + errno); + + return 0; + } + + if (vdso_sealed(maps)) { + ksft_test_result_skip("vdso is sealed\n"); + return 0; + } + + fclose(maps); + child =3D fork(); if (child =3D=3D -1) ksft_exit_fail_msg("failed to fork (%d): %m\n", errno); --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9694D20AF9F for ; Mon, 24 Feb 2025 22:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437573; cv=none; b=NCXclVXRCsHetWX0Bt2LQTpNt3BnTtm2PUIxU4n+4tgcrAMK1kNx0CzMtdGvoCzAIh1KXqMTnj3yJ26JTfu/Lku0AWKlU8Fc8siN1+FfUwBOm4FfyLh20yAboBhCx7p87EtfP4cFw3dcAPrx9ZLpDnaTcq0g3jbqfbBvfS0dCQI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437573; c=relaxed/simple; bh=+Jr8v23L6iLuA3vKByURp4sY8Lw7JmuAhQkX6WPaKi0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=S+gjdIg24Lwt/i+wz2SpLONSjnDOCSIA18NAvTzz14LUaQpFG4YJr7yIo/SzAX5CnbEuWRCV6fVflefYoo1vooyNjhUKxXb6e7shm8n3VGQTak55iouJBJigXWYclt5hH0B+H3fi+8a0/6K1ZE+dixg5yf13ARBGuAWcaxij4YA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Oe9D7obk; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Oe9D7obk" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-220d47b035fso11398585ad.1 for ; Mon, 24 Feb 2025 14:52:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437571; x=1741042371; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HehPKH2HS0HzCH0hQSNM2QcWWpZkmDJGAEgO0vW2y+g=; b=Oe9D7obks1l1oooUS0SKe1ImDoOxar+pdTfmQbHaUw47+iKARS4qwt0ktRD/8p6zoo 4qqpqLZxxV5hdh67zOhfNIRRz6rYZcsvg9qTDO9kiacHbOjhB8oOYu031f1tzckZLmAy N50wvIKwPm0l37eVna1HA98qAo8jjGbgl1UEE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437571; x=1741042371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HehPKH2HS0HzCH0hQSNM2QcWWpZkmDJGAEgO0vW2y+g=; b=AfzPfMcq7PxKE35CNMiO3TsBB75khjnzwFJKu8L2F+P2rdZTHHLDBQsGYbeaDiJxz0 tQ/LdUkOrrgvYP1Ku81JIjIHvVXdUR9aiqrIoDpRSkQsVQTFYp8y78J68FrjbYkx+jaH wWSB1AIS6/1CUiJk+CmcmNbAfS6UB8nh6QPTrAM+G6LQjFHx/NKhdiKs/ZJR2VsdOgU+ WwoOJQbtp7+w5VEFB+XvxRdjhfyhwi8DFvpyvosYXcEorSttioWrEznGdZv4vJiDitRS b3AXZPMbJCH6Fqq6oYQQm+3LYH5fh/rHt5FyNB0JRxeKrfxdmjqeZdCSP2Kvbp25H/Rh 60xQ== X-Gm-Message-State: AOJu0YxmEb41AYq0PrDW7Y3fqi4QboFbPY3KSySBr8HpfefA+lHuPBJN JEVXT+14vtmJ3mYsk5z8chydTAnWDDJsCltfSLZym55VTpJLrit5Z9mwIfBkIw== X-Gm-Gg: ASbGncugJIXETSz6hZxjzjmswjfB+lHOYkS3mKhoyjHIhgjUUS95/8flLF/BlHSYBsK 3EoWvx1R9PPauM7HJgJRJEn1dR3ilCpXhwcbdRZM406vhiC+DVxfVQTWJj8RDQOvVLJumopI4ni aupHSJ4siazNmAUuubBvZe94pwni7upOBNB2iMlwrDQyYWNoB8i4DivNf8UMXWVWB2x+KUqs+2o izLKNVGpbabr0lRkPh+EO8NvCdZ11DI+63Wwh07KTGzQNK1N3eK1xETq0xGZcwcdbZe4aFX6+HX WIgrmv/1f7DdEXbw72Dcw8hwlUz/Ew+pF5gT8zdnFXw8gFgvZFH1JDuqF5AC X-Google-Smtp-Source: AGHT+IHvxyCpkXXkYjTLWWPzvLXpjBHCjYNwj83VFoOFzg3xddNwivdcqHIMBcGsWOCoYPcqKcpgHA== X-Received: by 2002:a17:902:e5d0:b0:215:9a73:6c4f with SMTP id d9443c01a7336-2219ff50d56mr94813075ad.6.1740437570374; Mon, 24 Feb 2025 14:52:50 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a0ae9acsm1300615ad.225.2025.02.24.14.52.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:49 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 3/7] mseal, system mappings: enable x86-64 Date: Mon, 24 Feb 2025 22:52:42 +0000 Message-ID: <20250224225246.3712295-4-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, covering the vdso, vvar, vvar_vclock. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu --- arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vma.c | 16 ++++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..8fa17032ca46 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -26,6 +26,7 @@ config X86_64 depends on 64BIT # Options that are inherently 64-bit kernel only: select ARCH_HAS_GIGANTIC_PAGE + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 select ARCH_SUPPORTS_PER_VMA_LOCK select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 39e6efc1a9ca..1b1c009f20a8 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -247,6 +247,7 @@ static int map_vdso(const struct vdso_image *image, uns= igned long addr) struct mm_struct *mm =3D current->mm; struct vm_area_struct *vma; unsigned long text_start; + unsigned long vm_flags; int ret =3D 0; =20 if (mmap_write_lock_killable(mm)) @@ -264,11 +265,12 @@ static int map_vdso(const struct vdso_image *image, u= nsigned long addr) /* * MAYWRITE to allow gdb to COW and set breakpoints */ + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D VM_SEALED_SYSMAP; vma =3D _install_special_mapping(mm, text_start, image->size, - VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, &vdso_mapping); =20 if (IS_ERR(vma)) { @@ -276,11 +278,12 @@ static int map_vdso(const struct vdso_image *image, u= nsigned long addr) goto up_fail; } =20 + vm_flags =3D VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; + vm_flags |=3D VM_SEALED_SYSMAP; vma =3D _install_special_mapping(mm, addr, (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + vm_flags, &vvar_mapping); =20 if (IS_ERR(vma)) { @@ -289,11 +292,12 @@ static int map_vdso(const struct vdso_image *image, u= nsigned long addr) goto up_fail; } =20 + vm_flags =3D VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; + vm_flags |=3D VM_SEALED_SYSMAP; vma =3D _install_special_mapping(mm, addr + (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VDSO_NR_VCLOCK_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + vm_flags, &vvar_vclock_mapping); =20 if (IS_ERR(vma)) { --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 358D420B7EB for ; Mon, 24 Feb 2025 22:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437573; cv=none; b=FRscUYawg8g10mnTLliijqfuazajX92/ZqZlXRS/DrNvn0z5jzRgaS8BUPLoktfJOcou0ZQn8F9ZCK2J24gIt/aV4VQ9XPxYqnFnYT9bcQ/4iMBtKrHb4VSJ5xAVzCAhfTz5PAiS9dposr71wwt1YVGgCccGCUROG2MtwY+D/wM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437573; c=relaxed/simple; bh=2yuHBoSnd2wsgNcC3esf33ETF3rGpThxv2gH4bJQmiU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AKwh/JR5nB1RX2JVwbvSa2qjUo16uKLiukxUz0MbBNvw5DjnTY1cv63h1yquguSyBsl6twL6V8xn0s/D5h8VQCY1Ev9s4O7pIZeD0oZjkXFnrT6QYPYYQsma2WMyxZJxIkOvDBXy1VjrhGvXNqNhuWjDFUFI/MhxcnjYy94v040= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=IDPl1vdA; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="IDPl1vdA" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-220cd9959f6so12644875ad.1 for ; Mon, 24 Feb 2025 14:52:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437571; x=1741042371; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mnbYZdR9Dsd6yNbIvKX9KQDi82tgjieU0sfh+fobVnA=; b=IDPl1vdAmpECLAazI2fkrXYit69k3Jve3/sfCNR00wk10ijuWTNZ+5ft07t/oxQ8Qd 868Ki7udGM22zjbMdgliMUrhxUZXLpsqpoxMEKwAxTV2kPOslCLB5+GTNwbqQRCe8awA HRoyMARA3SWVB2rxF5Nib3dL3zo+/3U6aYuEk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437571; x=1741042371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mnbYZdR9Dsd6yNbIvKX9KQDi82tgjieU0sfh+fobVnA=; b=Z6Xl4lEYxiCpZuCgE7vXdtxt5/IDPdwQqC8Xzp1vxlyFZR5CbNrx2y14V5T/mO5+fU gJvtzKtpqIQTqz81G0c6U5AZuRRaE3fVdVzC3+8iLr/sWR/Qa4/mp5aLOHcZFBEkBMpe 7aTPjpFhfkSvFgMGIUXTopt/eOk6IDN5lAKSXQfmwcz+fEzbYqRubQuIGuluOjqfAdIe FU6u5XmIpsXdzmn0jMA2D4Kv6Mtrf2nPKMxLXSi8ONJwHRn62nSj7RQewwSEzrmj7hpE iY+cJ4flmKGRN99f9cbJtUZEWj/+CiMsMb2Z1cJzwbF4YmOWOuCBnWH3fInvehhLWqcc CS8Q== X-Gm-Message-State: AOJu0YwNUPn8wq57+CNCYvF+XhXhc3c54psIon2L5b6uwLuKBNEbWb69 BDsla1sUgn5zv65wysreiB2nR1pnkpEzUGuadhMt2eGpNhDYJWWXPL4nK4Z66w== X-Gm-Gg: ASbGncv1Mhwof7lCcDReP42Lm8XHIVXCmXP5bEYxqahtLwGCymsxD+VJCQazjlBx4HP IH51GRSL4gJ/6yYBPmI3A0WcIcS6FSaXsmkfrLygNBvU4SWkVZ1foD/CS/sNqVVKoRZJMlHG7qg DYfh63Dbap0oOzUumzrYjJfQ1JShnSCqYPmi4s657ZW74cLZUC9U18JWS0RNSj20E1TRySQGqbV sNAzY/lZ0L72zRdMzTwRFwkibd5u+wfCobHUtqSDRufd2kRb9k+eZmuJC0T59cfQa2V1t9VUHtL xfb2X8ETPt2r3M9FU1e5nQUO+N7vCGLLkC1gl3v+dEFt5asY5PEqag0ORZLv X-Google-Smtp-Source: AGHT+IEhSKFRCZXsG2Zy3hOdxapBXQNVpwEKFfeiuGKe7NPaKl+bBQmXHsBtgSBl5DplToMs80po9g== X-Received: by 2002:a17:902:cec6:b0:215:aa88:e142 with SMTP id d9443c01a7336-2219ff6e82amr92327965ad.7.1740437571460; Mon, 24 Feb 2025 14:52:51 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a000536sm1358685ad.45.2025.02.24.14.52.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:50 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 4/7] mseal, system mappings: enable arm64 Date: Mon, 24 Feb 2025 22:52:43 +0000 Message-ID: <20250224225246.3712295-5-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on arm64, covering the vdso, vvar, and compat-mode vectors and sigpage mappings. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/vdso.c | 22 +++++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index fcdd0ed3eca8..39202aa9a5af 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -38,6 +38,7 @@ config ARM64 select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE select ARCH_HAS_MEM_ENCRYPT + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_NONLEAF_PMD_YOUNG if ARM64_HAFT diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index e8ed8e5b713b..12e6ab396018 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -183,6 +183,7 @@ static int __setup_additional_pages(enum vdso_abi abi, { unsigned long vdso_base, vdso_text_len, vdso_mapping_len; unsigned long gp_flags =3D 0; + unsigned long vm_flags; void *ret; =20 BUILD_BUG_ON(VVAR_NR_PAGES !=3D __VVAR_PAGES); @@ -197,8 +198,10 @@ static int __setup_additional_pages(enum vdso_abi abi, goto up_fail; } =20 + vm_flags =3D VM_READ|VM_MAYREAD|VM_PFNMAP; + vm_flags |=3D VM_SEALED_SYSMAP; ret =3D _install_special_mapping(mm, vdso_base, VVAR_NR_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_PFNMAP, + vm_flags, &vvar_map); if (IS_ERR(ret)) goto up_fail; @@ -208,9 +211,10 @@ static int __setup_additional_pages(enum vdso_abi abi, =20 vdso_base +=3D VVAR_NR_PAGES * PAGE_SIZE; mm->context.vdso =3D (void *)vdso_base; + vm_flags =3D VM_READ|VM_EXEC|gp_flags|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D VM_SEALED_SYSMAP; ret =3D _install_special_mapping(mm, vdso_base, vdso_text_len, - VM_READ|VM_EXEC|gp_flags| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, vdso_info[abi].cm); if (IS_ERR(ret)) goto up_fail; @@ -326,6 +330,7 @@ arch_initcall(aarch32_alloc_vdso_pages); static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; + unsigned long vm_flags; =20 if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) return 0; @@ -334,9 +339,10 @@ static int aarch32_kuser_helpers_setup(struct mm_struc= t *mm) * Avoid VM_MAYWRITE for compatibility with arch/arm/, where it's * not safe to CoW the page containing the CPU exception vectors. */ + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC; + vm_flags |=3D VM_SEALED_SYSMAP; ret =3D _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE, - VM_READ | VM_EXEC | - VM_MAYREAD | VM_MAYEXEC, + vm_flags, &aarch32_vdso_maps[AA32_MAP_VECTORS]); =20 return PTR_ERR_OR_ZERO(ret); @@ -345,6 +351,7 @@ static int aarch32_kuser_helpers_setup(struct mm_struct= *mm) static int aarch32_sigreturn_setup(struct mm_struct *mm) { unsigned long addr; + unsigned long vm_flags; void *ret; =20 addr =3D get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); @@ -357,9 +364,10 @@ static int aarch32_sigreturn_setup(struct mm_struct *m= m) * VM_MAYWRITE is required to allow gdb to Copy-on-Write and * set breakpoints. */ + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D VM_SEALED_SYSMAP; ret =3D _install_special_mapping(mm, addr, PAGE_SIZE, - VM_READ | VM_EXEC | VM_MAYREAD | - VM_MAYWRITE | VM_MAYEXEC, + vm_flags, &aarch32_vdso_maps[AA32_MAP_SIGPAGE]); if (IS_ERR(ret)) goto out; --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16FE120C006 for ; Mon, 24 Feb 2025 22:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437574; cv=none; b=KLw72HAYIStqx4TE+/1gRf+PVOeXZvx9eDRqpMmpT/ekqRPC6EsA06h3ydoiF0NhgmmE6VoRXE2HGg+Ygt21eZtsuYniNwOYzs+pQ3iqerNdEJXQYQ97yA1rk5/mHLzzStG0pnXzhhXVucb5ZZB58r1073k3EHszKVLptzuty60= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437574; c=relaxed/simple; bh=3yyGx1/qbWOwaz7n1P3h6mE9HnHTR0hKpDC/6427r/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gUDouMl4PQLor3uua0rJHrLOa7dqnfjFVPeSUF4mqSL9H9Oe7uzwpzF+j7xiGtTGN85bBO/5tiWR5NCpp/KMu+nssAjHq/ETXDG4NILgIwc8KetMe7WdAx04xZHNLgntItZ/nZqjWKhaNKMlDAirWgG+zu+Jbm3sywn23v9WWs8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=eK1raW8J; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="eK1raW8J" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-220cd9959f6so12644925ad.1 for ; Mon, 24 Feb 2025 14:52:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437572; x=1741042372; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9JxfqC34JK5pAuQi2kIh7I1xgd0YTjcXZqYM95ZHnLw=; b=eK1raW8JNsYOQOtcpNo0y2Imk49/hd//ZKeYo0qEeTEbAoLvYeBopRePA2dTkIR+th bHV7fzfm2WKbKqKsCAK3NX1PnIraL9MVvSA4Vy4XPDNNK+jo0Vbau4vI/Kz43QvB5FKN AUMG9ppnJIUKX1gvDi5yKNHGQzIHT36+9LnJc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437572; x=1741042372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9JxfqC34JK5pAuQi2kIh7I1xgd0YTjcXZqYM95ZHnLw=; b=p6zzdrUUiua99ZFxetCs+p4/bQ3Keb9ejMi8K0HXcOftOK61ve4JO4Xp96SGPB7fZ6 t6VurLPoSr8B6Mm1slry+i2JOEjmHXcvtyNhEFWf797b+Lyy/WbEOiG+hENiUZrJmHHg Xfn2Dzo+vTe5itj3YG/13s5RE5rP9kDsQeuEDoLO+sk5g7JT9eY+G9JEWTpUxM+l0Rk6 Ml7MlVF9c64gTD1qurzD+gYr4o+w7Mkfnmap3iRGRGvSl/lG+3yjrnjcEv3oZOP1Udhf kPp1ub7ObABOylyAZGE4EYH6z8pc4NKEOg3e05jUnCOkkjGITHttZAsSbUdzvop0WpsI eObQ== X-Gm-Message-State: AOJu0YzWa/B/blhQFN3rLpYw9fUORNIVl9p2Ih/z5Ffo+0dpYJ9oNigF wH8uF0EwTQ03EVhahPvfA2zyGTQE9IL5AcHd+vGaE03gepqlmpCdT1KwhnEHbw== X-Gm-Gg: ASbGnctJUmpdeVszf4kapfUs9wQ6F6IzKBf/aEqvgrKf/TIk6V0vd1o3hKmNjacKzdk UesiAOFyB1Rf0/CyK1ALZNXsGNss8TKNIpWGW436fVM8cvaumPe7TTxGyvcQbD1K3Vimdb4uXuE +6g+b1qDcGbxjucLqs2zIQhik89zq6IxYNrdg7ayoQ54cb94QBBBrBwWHqDn4PNS4mKk/GEPweq C9XT4N3IE8fpcp7KhgAcWHdiZxI/qF+XjDf6lHJ66OOkgB5EhlgQXufwuFDeHZhjQVZ+GMu+VHl ZRrim3wZ7t//d4armzThKDWJbSJzH8mycPVlwpdcHRXV53uQ8L0G/zateDvg X-Google-Smtp-Source: AGHT+IF5qFqZ2XMAkd11tZhw0TNlD5KvpPShH7QiyA0ymh3azQkuml1yZnRKVOO/3ENETx0NVF9uNw== X-Received: by 2002:a17:903:18d:b0:220:f181:4e70 with SMTP id d9443c01a7336-2219ffdfa48mr97695445ad.10.1740437572458; Mon, 24 Feb 2025 14:52:52 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a095f02sm1313475ad.152.2025.02.24.14.52.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:51 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Benjamin Berg Subject: [PATCH v7 5/7] mseal, system mappings: enable uml architecture Date: Mon, 24 Feb 2025 22:52:44 +0000 Message-ID: <20250224225246.3712295-6-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on UML, covering the vdso. Testing passes on UML. Signed-off-by: Jeff Xu Tested-by: Benjamin Berg Reviewed-by: Lorenzo Stoakes --- arch/um/Kconfig | 1 + arch/x86/um/vdso/vma.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 18051b1cfce0..eb2d439a5334 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -10,6 +10,7 @@ config UML select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_HAS_KCOV + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_STRNCPY_FROM_USER select ARCH_HAS_STRNLEN_USER select HAVE_ARCH_AUDITSYSCALL diff --git a/arch/x86/um/vdso/vma.c b/arch/x86/um/vdso/vma.c index f238f7b33cdd..fdfba858ffc9 100644 --- a/arch/x86/um/vdso/vma.c +++ b/arch/x86/um/vdso/vma.c @@ -54,6 +54,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm= , int uses_interp) { struct vm_area_struct *vma; struct mm_struct *mm =3D current->mm; + unsigned long vm_flags; static struct vm_special_mapping vdso_mapping =3D { .name =3D "[vdso]", }; @@ -65,9 +66,10 @@ int arch_setup_additional_pages(struct linux_binprm *bpr= m, int uses_interp) return -EINTR; =20 vdso_mapping.pages =3D vdsop; + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |=3D VM_SEALED_SYSMAP; vma =3D _install_special_mapping(mm, um_vdso_addr, PAGE_SIZE, - VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, &vdso_mapping); =20 mmap_write_unlock(mm); --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 337D42080FD for ; Mon, 24 Feb 2025 22:52:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437576; cv=none; b=psIwLi/Wx4try5IMco0udM5kIVnexaKHEyJmBjT5/40uSnpM9AE0IBp6rEbhNDHIlkij1YRw60P4v5GbeysbzRCuty7iqHB2ow8LQYO8CzCd9rfI79ZkJC1TpJdnbKaf5unIEcGiYqjRD0GieIamkJoSfjL1meN5TzGc7ldt1ZI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437576; c=relaxed/simple; bh=Ahb37i8tu8vEzrUDVo47OFw93L7v5pGugTT95nDEeAM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ncs92rWvKC8Bxm4YszBbqPqT/R2FoE35+F0TaTvPOeI/ScYERFH9b6Ev3zoxbxC17sfuaGJmEG5vW+eXiYVt1ZUd4FR59gEwxARnKB3bJTofuFe15ZZ+kz4cV82cU/hTU30pSdn1bh/IXQy1jqAp+F4rzacwUDy/gofbfiLtZiU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=lFKRnTU2; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="lFKRnTU2" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-22134a64d8cso12091355ad.3 for ; Mon, 24 Feb 2025 14:52:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437573; x=1741042373; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1iZa0J3oai+8Welu6Zi/1CRi8cf0vv3kefTwVSjChmA=; b=lFKRnTU2VEXw8ze8n7zxtER7TYsFf4YXSgxUkEN+WdHmqBHUXjBX+hArhvqkM9zN/C pVS18QyJJBeVw/cGnVrZecni44Uai/VvIqOX+viJJLU4MoqPWAcY9U11OgaX/V6guPtT horDiJetuuVa7hb3bh03czXSe2svzc3WsLUZY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437573; x=1741042373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1iZa0J3oai+8Welu6Zi/1CRi8cf0vv3kefTwVSjChmA=; b=N4shWTJ/P6W1KvSb+aJQKYTZzBUDt8olsrtSiM+3TaMjSm4Qw7f5v4RINr4X7ykHen N6L6MMQyTYiQvt7CEpj4Igqnq286GjBzLrl4vlr1gIpy4UWcgjKJdvoJwH72MCHbobSe e97y6cg3x5J7xTEjM2JlcMk4QbA76oSogOPoc43EHmLtC2cr8kU+PyXGWhD/b3qQeLhw eQVEjfb9T/EEPmlB++JwFFi8MLeCSDraiAKuHXSqM9+DGb0dyK2t0lqb2Hpxzwhb/Rbp hIpjJG2mjMyQ7C0EZYCv0wTIbHZVh3/GApXphe5Nroikrv9BXetB5xm5vdQmhrE8OJOi zudQ== X-Gm-Message-State: AOJu0Yw/ItDfl04Bs+WiSqkczrveODB1TM0oYJPHcYvFYRboK3idizXB aiEVtJqUlAJ9GMW9vY128KfKwlD8UUGnpXe6UUNtNS6myKId0v3NzHM60Bs+EA== X-Gm-Gg: ASbGnctd/IRc4CiSlR7ICnAl1ieS7EbVrEcBqSv6GaPGvrEGDB4RGO4YJ2bE7RdjiTS twkrNZdTQM/sUNVNvDt/kuShQhhuHF6MDv0JPP+6mRQ6ZL6oUQQiqkVB1gHaGXVDGEbj3M2spAe eOzuYcTp3eepj/4bOYCEBQaVxBwXWhPtYRKg8PCth0j0IY0RxJJUuCZsq4nYnu3I4bdseLppimZ MdOGLGnicSaXin6FeD4TzpQMd+FT2OHQ4/ROK4OXMTYd4o/EHVDr25GhlkIrxPQsIwUQwT9gK6k L9iey/eGwSrm0BZN/gb07D5nW+9oJ1jDhaBDUlQcmRi3EhA7yVAuG8SE0Rci X-Google-Smtp-Source: AGHT+IFg6PbCJykgEIaP4RauSlaTrid3Wz+OgE4C+L+jwZ9u9/LvDrktm5eCC+LrKCajBp0j3msv1g== X-Received: by 2002:a05:6a00:3cd4:b0:730:96fa:bdb5 with SMTP id d2e1a72fcca58-73426d9b38dmr8599645b3a.6.1740437573573; Mon, 24 Feb 2025 14:52:53 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d2e1a72fcca58-7347a839dffsm173674b3a.172.2025.02.24.14.52.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:52 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 6/7] mseal, system mappings: uprobe mapping Date: Mon, 24 Feb 2025 22:52:45 +0000 Message-ID: <20250224225246.3712295-7-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Provide support to mseal the uprobe mapping. Unlike other system mappings, the uprobe mapping is not established during program startup. However, its lifetime is the same as the process's lifetime. It could be sealed from creation. Signed-off-by: Jeff Xu --- kernel/events/uprobes.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ca797cbe465..8dcdfa0d306b 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1662,6 +1662,7 @@ static const struct vm_special_mapping xol_mapping = =3D { static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) { struct vm_area_struct *vma; + unsigned long vm_flags; int ret; =20 if (mmap_write_lock_killable(mm)) @@ -1682,8 +1683,10 @@ static int xol_add_vma(struct mm_struct *mm, struct = xol_area *area) } } =20 + vm_flags =3D VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO; + vm_flags |=3D VM_SEALED_SYSMAP; vma =3D _install_special_mapping(mm, area->vaddr, PAGE_SIZE, - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, + vm_flags, &xol_mapping); if (IS_ERR(vma)) { ret =3D PTR_ERR(vma); --=20 2.48.1.658.g4767266eb4-goog From nobody Sun Feb 8 04:30:32 2026 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5289F20CCF1 for ; Mon, 24 Feb 2025 22:52:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437576; cv=none; b=ZL5xhQPherRXMukpaVxWhm2cieSrqVCpZeT2NpwVeWJe+J7tjCxe0ADRBRWogWTsDY2QW8tZ7UfXymccDFYin6c5DRMFUW/Aavs2g1m+HfkKp0nKuouYj7fQDK+pBpI8nEfS1LLfPL5nsb7MmB8VcXYg22/wg8Z7+rMJg7gteEI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437576; c=relaxed/simple; bh=wCBUro8X74PEVZGjy8/v6ioiKNk+ksES9zc6oIeICgg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jSeNxiLdAOa+2lVKWxfVpdaw8jwgUdz2xqvFvJFONMp4boCqYZD4OmYviphwl7E7qV0AR8MQ4Yic/SX7DcTJO2DzRq5QxS+y/R1AmYddO9lOYKNiiQHe7R0QZD/fvBzSC25YIiNMi17SAsW7EH3k/9lEJkMQmaBcVDo67F+GnOU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Gdfh3RDM; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Gdfh3RDM" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-216513f8104so11890305ad.2 for ; Mon, 24 Feb 2025 14:52:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437574; x=1741042374; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JC+iCaenVWT1qC+wv1WYjnvGE2KwlNSxR7B2FLEJRHA=; b=Gdfh3RDMuL/f58E3rRMPSXDE481hOe7+hkV6sRSuAeK3oTMFbI5ngWeB0Co7L4y5mZ aimwR4seqrWPPgUf64FJDsh0aRci5+XZd6w4m1Htz3tCk2PTmH3OXypx/+QMcIaOEoJx Xk7S0m+RnbXMHNpt5NjlWW9lvB5bk7VbAa9jE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437574; x=1741042374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JC+iCaenVWT1qC+wv1WYjnvGE2KwlNSxR7B2FLEJRHA=; b=HeqiwlllJTbq0OoCYQb0mfMAf75NiVABOH67kN+vp7fG0mr+FLODiKyEyeDTKh9PGm O+SZhz35LzGpGiaTvG+seGkcLdvbgZnHMuI+32ZTpre6FdkRJPlcy7tWZLYHcrlB0wyD sFhlDFT8vdgvgJX1XIY6R3rRoWI9f7BToybeGIfdxzQcddiCQRn47JDkWSXm93abFc9c dXHNPAGDOkxehTTJ0oEvXNb7jrdprHwKsmTIAqZRkBVojafy3nAPM4Pkn9QQp1BveBTj 1Y2QZy/8wxUDrsUtCKhkqzlW8lMGBHzrNRZ4wzZYX8XHLUdIYpio5vWkMrPIAYetyx9o nWqA== X-Gm-Message-State: AOJu0YzfitxdN/7mfc1VQr72c1xl4LjZ8Sqcgeosga0ZAIVjDpIGv/fD HxLzH/GInyxUCiECW7mnCe6JnPNsH4M9aD5ZKyP1Wgmer0N0IL14JqXSC+y7jFNIJ8ErPLowNKo = X-Gm-Gg: ASbGncvh+0+/tR8c+4PtksNwpJEjqLkdfLfCBf3yGXC12ZO8LLjqBjKAdT8DTvIsiar 03j0yeXvfQ79/LeLxzoDNZaL9YozGPctcF3nDlUASRw4DWBRQ5jha4Jj4csE3UodYdo+OrEIYmR TgdZn+lDQjSuM2dkrVTMKH1nCAJVZK7ir8M4xlRYFA6oql5S4jeE/BVpL4qe3IIX/XdYSe7Sl3d I6+3kwU/87MeZbTULo4zEEqH2nSn1yvhNnwIgRk5Zd+wVDsnlFO/scuHaqrnrdzhIDrLeq26Mww nB0D5d2L4q0AjzJPvuijj8xCLIY/uc+JlStFcByKKI0FAZ2oZKKLafw8aLs0 X-Google-Smtp-Source: AGHT+IFWvMJ1DifgHpp00NgiU+l7P2X3hIfGn/N0QZgxCBlNaoLWIru7jUXTs0mtOdXL84lprXpfPg== X-Received: by 2002:a05:6a20:3d89:b0:1ee:d621:3c3f with SMTP id adf61e73a8af0-1eef3b1fcddmr10299435637.0.1740437574612; Mon, 24 Feb 2025 14:52:54 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id 41be03b00d2f7-aedaa6475dasm110603a12.54.2025.02.24.14.52.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:54 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v7 7/7] mseal, system mappings: update mseal.rst Date: Mon, 24 Feb 2025 22:52:46 +0000 Message-ID: <20250224225246.3712295-8-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Update memory sealing documentation to include details about system mappings. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook --- Documentation/userspace-api/mseal.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspac= e-api/mseal.rst index 41102f74c5e2..10147281bf2d 100644 --- a/Documentation/userspace-api/mseal.rst +++ b/Documentation/userspace-api/mseal.rst @@ -130,6 +130,13 @@ Use cases =20 - Chrome browser: protect some security sensitive data structures. =20 +- System mappings: + If supported by an architecture (via CONFIG_ARCH_HAS_MSEAL_SYSTEM_MAPPIN= GS), + the CONFIG_MSEAL_SYSTEM_MAPPINGS seals system mappings, e.g. vdso, vvar, + uprobes, sigpage, vectors, etc. CHECKPOINT_RESTORE, UML, gVisor, rr are + known to relocate or unmap system mapping, therefore this config can't be + enabled universally. + When not to use mseal =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Applications can apply sealing to any virtual memory region from userspace, --=20 2.48.1.658.g4767266eb4-goog