From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 116BCC021B2 for ; Tue, 25 Feb 2025 08:08:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 862CA6B007B; Tue, 25 Feb 2025 03:08:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7EA086B0082; Tue, 25 Feb 2025 03:08:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6D8ED6B0085; Tue, 25 Feb 2025 03:08:09 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 4F9DD6B007B for ; Tue, 25 Feb 2025 03:08:09 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id DA35AA2D9B for ; Tue, 25 Feb 2025 08:08:08 +0000 (UTC) X-FDA: 83157739056.21.67BFDE8 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by imf22.hostedemail.com (Postfix) with ESMTP id 0661FC0004 for ; Tue, 25 Feb 2025 08:08:06 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=linutronix.de header.s=2020 header.b=aSd0uwaM; dkim=pass header.d=linutronix.de header.s=2020e header.b=K82ey+kS; spf=pass (imf22.hostedemail.com: domain of t-8ch@linutronix.de designates 193.142.43.55 as permitted sender) smtp.mailfrom=t-8ch@linutronix.de; dmarc=pass (policy=none) header.from=linutronix.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740470887; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9SrLxlsEKlN3z3PPX6qEc7Y1rqFZZfeIMG6CIYjw5ec=; b=KZXJxwGCIXxa2A8SiyyXVevaPGbtN6AeEL2UK85MV/FO/sOIcxXM1n/GW2OUfFpvlZrJt/ S6zNH5R3AC1q0xs1qfO5TYBuuWsIgJDCtkS/sUyyEWvqnmivYGJJsLwTzLXQC5KjbBPXqN gQ/qXcHi4YVz9z9eUwp826eusDGvTcs= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=linutronix.de header.s=2020 header.b=aSd0uwaM; dkim=pass header.d=linutronix.de header.s=2020e header.b=K82ey+kS; spf=pass (imf22.hostedemail.com: domain of t-8ch@linutronix.de designates 193.142.43.55 as permitted sender) smtp.mailfrom=t-8ch@linutronix.de; dmarc=pass (policy=none) header.from=linutronix.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740470887; a=rsa-sha256; cv=none; b=jCB2AMxj2Civ26w+0S7NP96ubLhGX7T1WybUTT3IMpyYmz4aqmh9iwMSW1gjizYX3f/Fmd /imhJyPJqo/P4eNgTbP8dRCPohWftBCWIgtyo5/IP7Y2P46yxOclLPQRbSl/zHF1PRzZ+Z rCRjAZX/IU3AbaYjkhZLji+aUovJsi8= Date: Tue, 25 Feb 2025 09:08:03 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1740470884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=9SrLxlsEKlN3z3PPX6qEc7Y1rqFZZfeIMG6CIYjw5ec=; b=aSd0uwaMRywXvfcwXz6E1s7WMMvPcS0fYeUImVK48trosJ/EnRp7LhEgrMV21c+66KVfb7 68PvEh3spC0ixnzYv27hMl+brE4z78pFErb/7JUsLrxuTKaycdO/GzJJFOmjtRtgTB7ugx 3TFTgnpMe7RT5g8tgvNX7T+N1G7Xg8VCUT3rNPT+kafdqaNq1r2L9oX8dt/bpYZTeGV7Qd 7mhK8dl9FaVKXK9mELw/pgmctxokVMVyuUjcU6Zx408mhtgNftILuvY9CPOhyIpVXxbrfB 3N8WtEHxXanUo9y89jAfzlXW+6aDBnEzFt5gUG0cjhzNo+yKZVFsV2VWSsKQSg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1740470884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=9SrLxlsEKlN3z3PPX6qEc7Y1rqFZZfeIMG6CIYjw5ec=; b=K82ey+kSuc3PRkirrZCoSiOX7lC9ayDulqa2XPhk/ii8GpYPFzo//WeKXtLq/Qxa8f55Jc u70VogiGsVuYjhAA== From: Thomas =?utf-8?Q?Wei=C3=9Fschuh?= To: jeffxu@chromium.org Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Subject: Re: [PATCH v7 3/7] mseal, system mappings: enable x86-64 Message-ID: <20250225085728-24167715-8562-45a8-86cd-0ea503e4bc73@linutronix.de> References: <20250224225246.3712295-1-jeffxu@google.com> <20250224225246.3712295-4-jeffxu@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250224225246.3712295-4-jeffxu@google.com> X-Rspamd-Queue-Id: 0661FC0004 X-Stat-Signature: a5kt9uh8yap5ia9qcgjro3chfwqx65sk X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1740470886-625545 X-HE-Meta: U2FsdGVkX1/I6kfKT9v6UanzXWwSyKcCNaxkYSzIQqGRmWiKWiLiUrnCU9Jj6IlwJ0U+y5agVc1hfhqOglFSk95PbC/Wuc3OZXggZOvD+rXJxdsXF2SVLHi00a21B7BYsD5vnS3O6LuULRJui7w7/2A/t1JfuR9XISM/Wqn47m07aTuYgAuI0DLUuEX0yN8+GsFOVQTzKkhQSyD4tSAuKVjeWVhEKkdPu74MB7iTu7eFUkPPIoLxdqG3ARnVMRC0GhHMAHOnC0yG80Mq9e5+J6/yPOhXmfLv4QE7Bqyp14cLfWMuTIESfkhTy5a/PIzUXcxuNHTeBsNh4b14XD3dCfs78g6ckRT5JSR5pZN7MnUpp8/VZvyqT4YTB9eHRekcjNm3++z8PyB23K+VmtlQ8z0UHlpiB+gu6Urcb0OyojOO8QhjEZ9WmZnLAWufguNq/y82zlAeC8qNeiAil5RBnaXdXMbYIswiH0MPXLoEJT+/m5Kz0IVT8Hv7ZpdOv4JKjvhqqiXPym75aj1G0GO5Iant4HUDJMj03iWf0Ld8XehRaydR/Zjtcq1FWQpGT1cItRZqMg1MOOHIlSyQbcxF7rIpnFkcqhRvMGh3q+gRMRi4Q2+3w49YQe/eesQ7yPG2E82BJPN5+WK9hq9ums5vDLsiTnmbirtyzGbJMkqx6ToC0/LKbiuqPvNzxmrYBCQR11KU0agrxbwxMHBeTnJCrCGkNOQZG67XfhPrtk7PONbjEosb7J8fE+QcpR51GmEgX+iTKhoogyP/lQXdNwVP9PqGuNtOVMLldYdqPhbf+zX+OIz6u6Jnprti4+8W2G8V54v9zhdl3oKkx/8LeZO+rOYQlvV/lZwm5pXVWmh2UuHk+oQZCzpVCXpyyk+yA4xmM0beQq2ITK0KuteK5mhcMOywzttEZI7SM/FAr0D0H5qL/wLYpCspgULPKAuxV7e78VOPDA4hp6yHgtmiPOU 5sf566Lz 0dsRESLC5i39EowAoaRa2lzn/Yt6zxIjlmvv8VyClF1BVr2QRNzDrBCNp/QWVcQ/GZTGhNeImtBw9LKaequ3KW3HHP3bJlndEhp5D2DkJ34RGv05byk4VhBSB5IzPFFc7ZBe9g8ZbVwDUg2ag6i9+uNh+nIH64YMACgtVrqGM9NCEYHH6rvuPJgu3V+ULaMqtPt1o0K3WWWWTx8xOma4viUnsoGSYhMz4QdLrfMp+4zRvW3xrcVklXUaYy8gHSgAG+4d+iwyikdJ3fGMkt340oBYW6s2XK5GkJxiE93wV4t6AhiK56GtG+WsBv8TA8s/obNgY9Sg8knp9NPk/i+ojkVchUj83KpbiZQDzNiRxcmSKtlMkkj6NtGGSEx++qjWmFtuWaEu2TaAEAz7J9UeONow3R/whdvp2QXwXGqRwRxmfP+ihFNmcKUa+vanTW+CjNsfmLrHqftM71l1aqSi6XQ3d3hExcSnN+lZIIzhmYX+tgjgvysuUmg23/znDCgT7sxuFZwcNFSfsqKfHsYFRMeaLyQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Jeff, On Mon, Feb 24, 2025 at 10:52:42PM +0000, jeffxu@chromium.org wrote: > From: Jeff Xu > > Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, > covering the vdso, vvar, vvar_vclock. > > Production release testing passes on Android and Chrome OS. > > Signed-off-by: Jeff Xu > --- > arch/x86/Kconfig | 1 + > arch/x86/entry/vdso/vma.c | 16 ++++++++++------ > 2 files changed, 11 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 87198d957e2f..8fa17032ca46 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -26,6 +26,7 @@ config X86_64 > depends on 64BIT > # Options that are inherently 64-bit kernel only: > select ARCH_HAS_GIGANTIC_PAGE > + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 > select ARCH_SUPPORTS_PER_VMA_LOCK > select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE > diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c > index 39e6efc1a9ca..1b1c009f20a8 100644 > --- a/arch/x86/entry/vdso/vma.c > +++ b/arch/x86/entry/vdso/vma.c > @@ -247,6 +247,7 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) > struct mm_struct *mm = current->mm; > struct vm_area_struct *vma; > unsigned long text_start; > + unsigned long vm_flags; > int ret = 0; > > if (mmap_write_lock_killable(mm)) > @@ -264,11 +265,12 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) > /* > * MAYWRITE to allow gdb to COW and set breakpoints > */ > + vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; > + vm_flags |= VM_SEALED_SYSMAP; > vma = _install_special_mapping(mm, > text_start, > image->size, > - VM_READ|VM_EXEC| > - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, > + vm_flags, > &vdso_mapping); > > if (IS_ERR(vma)) { > @@ -276,11 +278,12 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) > goto up_fail; > } > > + vm_flags = VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; > + vm_flags |= VM_SEALED_SYSMAP; > vma = _install_special_mapping(mm, > addr, > (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, > - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| > - VM_PFNMAP, > + vm_flags, > &vvar_mapping); This hunk (and the vvar mapping in the arm64 patch) will conflict with my "Generic vDSO datapage" series. That series is already part of the tip tree (branch timers/vdso) and scheduled for the next merge window. https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=timers/vdso The conflict resolution is fairly easy: Move the new flag logic into lib/vdso/datastore.c Depending on the expected mainline timing for this series either mention this somewhere for the conflict resolution by Linus or rebase your series on top of tip/timers/vdso. > if (IS_ERR(vma)) { > @@ -289,11 +292,12 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) > goto up_fail; > } > > + vm_flags = VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; > + vm_flags |= VM_SEALED_SYSMAP; > vma = _install_special_mapping(mm, > addr + (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, > VDSO_NR_VCLOCK_PAGES * PAGE_SIZE, > - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| > - VM_PFNMAP, > + vm_flags, > &vvar_vclock_mapping); > > if (IS_ERR(vma)) { > -- > 2.48.1.658.g4767266eb4-goog >