From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8E3FC02198 for ; Wed, 12 Feb 2025 03:31:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 464F56B0092; Tue, 11 Feb 2025 22:31:47 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 414FF6B0098; Tue, 11 Feb 2025 22:31:47 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2DC6D6B0099; Tue, 11 Feb 2025 22:31:47 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 0F3736B0092 for ; Tue, 11 Feb 2025 22:31:47 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 9B32A1415EE for ; Wed, 12 Feb 2025 03:31:46 +0000 (UTC) X-FDA: 83109868212.10.DC647F4 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf16.hostedemail.com (Postfix) with ESMTP id 22ED018000B for ; Wed, 12 Feb 2025 03:31:43 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=kcRI3TxX; spf=none (imf16.hostedemail.com: domain of rdunlap@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=rdunlap@infradead.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739331105; a=rsa-sha256; cv=none; b=cIBYB4lKTM2JdWdEXWsrfZrUzsXJbe/XAcxTqrMdQUsNhxPhuFt1BsYhzyYx8tN0cQKyVP MEhGDBipADWlhrjC2ltgGHJBUKxyLC6GUI4fJx77YUyiWNNlvm5gpDXeyY0QqyqK6BqJId jwsVR4R125Heyk2EoYtc5iWSAfXPOTU= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=kcRI3TxX; spf=none (imf16.hostedemail.com: domain of rdunlap@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=rdunlap@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739331105; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cQrSfRwNABviGfwM/d64pwDP/18rbhxrzT6j7L7xx9A=; b=VqTk5UQor+6uWtqKdEUWM8flZzWANBUB3Cw+y7DhupOMrhLTYA5/PTgU3Mf7MegtUZrHK5 p9fnbz8ztSvLZJgHmAMqKusErBzeF/YWX/uYcZZsqjSRiT/qHnOIOpBN3lQ2c2vYzwHOVe 0v8hA00DepUDsAofaPZNW63j89++7C0= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:From:References:Cc:To:Subject:MIME-Version:Date:Message-ID:Sender :Reply-To:Content-ID:Content-Description; bh=cQrSfRwNABviGfwM/d64pwDP/18rbhxrzT6j7L7xx9A=; b=kcRI3TxXWqA9lHV1TjIa6Veu+/ n4QvqUtpPd49yxixdh15WvTQJgAdtbDxs4Uj/2Ys2xDuXw1pwPUvS27Nry1XWRGF17egLp3U/ndcd BI1gLRapFQAYwx3EAaQa1Y9n2L/OXHkcImW0ThSKBOoRV+7CYh7Xh8olXl+ETQVrnMOUZg4P+BLdR ujtlqeIqkGar2DI+fwIZ87Cae04v9tW2/WOSaU3c3PqNXsZMCbudPMJNeJfFNE2MtaOe9XALYqI+g ffp0SGUkh8+UQaQ2f3sdl9b3aaCsGQwBeAmn9p6n0V05WS8gPogYfczHDMrqoEHw9js62n6VyUeZW vKPI+oXA==; Received: from [50.53.2.24] (helo=[192.168.254.17]) by casper.infradead.org with esmtpsa (Exim 4.98 #2 (Red Hat Linux)) id 1ti3TI-00000003BSQ-0ad9; Wed, 12 Feb 2025 03:31:32 +0000 Message-ID: <8899161a-573d-4826-a6f8-88c2dd145692@infradead.org> Date: Tue, 11 Feb 2025 19:31:19 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v5 1/7] mseal, system mappings: kernel config and header change To: jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com References: <20250212032155.1276806-1-jeffxu@google.com> <20250212032155.1276806-2-jeffxu@google.com> Content-Language: en-US From: Randy Dunlap In-Reply-To: <20250212032155.1276806-2-jeffxu@google.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 22ED018000B X-Stat-Signature: 8whr98a1qje1rygfyuw3yekcjo4cqjic X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1739331103-600700 X-HE-Meta: U2FsdGVkX18L9eNXPAZmSx9nkaF3s0+jcPQMTLUTig2UY/1RCugAmy3+mew5ASI5q+xXsOsFHrGYUBqWpa7UacC5XUtoA8SRjiZJ64rx9aaCCZwl3uPZoYap8P4Lp9CEUHp5X8/kuCVO0B07HKGdN2/d0iwrAULiVhZ+ErS5p+YdKctHmFPrSBtLugVxLjFYE7RxIqPlArXdkTzkJBBPG4nw/OC/Ryk35GK/z9K7cHaFFcVbhn2KzCtb3Midz2mW9Fs6VSL4ngAi1ZBq8OeEjiKdyN+7awLrekF3p+uzqpMzrLZoDFaD0AqjAyShwxq2dBcJ33EuJDKQPfz8qO/097Go4wSzXmcchZWrNzjrdHduKgHxW2gAEJYpSQv7VEqbchqoK3B28vYcT3lRRkxQm/0qeGWiI6kUmhUvDBIqDr4tEIoDCutP+iQyJFNlUZnDRHPcP8vTTH2sY1bAl1okbIGzVXIIeeSOuEpaYewXm2EzVAD1T8AmEBVsUXumkvwi70WVKa+jUv4CgK8lIhnsN0YOqN01f8+Vd+UsW3xllBRmEVTpty4OJ/PoHQ4tjIiQ4LBK4g6QXuN5fn1OojN+g6TuVJDgzpdxP/ICnsrSj+Kh8AoAqS1fdvq5B6PNJJbS5OP5WDNCSnMu80To9CkFEKYZQp+emSQc+10bapngsjpmP3hVfUzBpTKUxrke6fyaFeKcmsOwgIvQbuEUgKQxWT6z8eaYSIwav7kTccP4WZ+mP9jPIY2HrWQ4hxdXbYG59GbAhF3RBEi+byzmOLFh9tL1dKPL+cOhsSjwHVWI1Vkk5VPZkr3v+Zt64f0E2bGg+VaV+Ja0+cleNIuClVGPvL8Q2mfXvrAnZu53BpXUhZakErpYIu5/luCXWq1QItvSzA/Mru+jrq9eW+g7yMlM2pNuSoLHlprkXenLhWxi7yTSorns01dNJ6y2nVYg4nOAWnss3QFDkPFwYjRiMZ+ BaUpcBFL ObD6pV5K1nYxQs3Cd/BPWcPfISmwcYMsik2zzhCRmTZCb5iCNt9zgRC5bE2ZMRWwaOMVDGpNsgvIF1iE4bi858eEdBo1GqQIz/3MaFK3XzcS4SN9crarI4f0szCE1PX/t4KwWx0t4eHr1kDxeoxLkinKrujX8pP8k1PYk7/nEJH9xJJ9H9vWI8MVyj3p13G2Ktp0q8f/6Kqf+hGoUjBBpGPR81cB1nu9Q5edKEsi3SyUIiZyCiyxPoUd9TkA0lPgkZBFTO8AKlhMC2NAu4tCtZhelOhaF+Ym9oV+OyWivtJCmUAegNIWDiHIGSoVAct4nucmCgqpX73yBq+0splEPLl+cLLsVfcYuUFeelz5k/lhNr2U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2/11/25 7:21 PM, jeffxu@chromium.org wrote: > From: Jeff Xu > > --- > include/linux/userprocess.h | 18 ++++++++++++++++++ > init/Kconfig | 18 ++++++++++++++++++ > security/Kconfig | 18 ++++++++++++++++++ > 3 files changed, 54 insertions(+) > create mode 100644 include/linux/userprocess.h > > diff --git a/init/Kconfig b/init/Kconfig > index d0d021b3fa3b..892d2bcdf397 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS > config ARCH_HAS_MEMBARRIER_SYNC_CORE > bool > > +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > + bool > + help > + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. > + > + A 64-bit kernel is required for the memory sealing feature. > + No specific hardware features from the CPU are needed. > + > + To enable this feature, the architecture needs to update their > + speical mappings calls to include the sealing flag and confirm special > + that it doesn't unmap/remap system mappings during the life > + time of the process. After the architecture enables this, a > + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access > + to the feature. > + > + For complete descriptions of memory sealing, please see > + Documentation/userspace-api/mseal.rst > + > config HAVE_PERF_EVENTS > bool > help -- ~Randy