From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98F4FC021A4 for ; Mon, 24 Feb 2025 21:07:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 27C366B0089; Mon, 24 Feb 2025 16:07:10 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 22C486B008C; Mon, 24 Feb 2025 16:07:10 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0CD1B28000A; Mon, 24 Feb 2025 16:07:10 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E48846B0089 for ; Mon, 24 Feb 2025 16:07:09 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5B6D6140132 for ; Mon, 24 Feb 2025 21:07:09 +0000 (UTC) X-FDA: 83156073378.10.264BFBC Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) by imf18.hostedemail.com (Postfix) with ESMTP id 4AB221C000A for ; Mon, 24 Feb 2025 21:06:50 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=SSxPvpjI; spf=pass (imf18.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.46 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740431210; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rOE07JAo0aeO2qkwqR37ZGgXUL5hffDQBvOrMvHkhEM=; b=mjnRdZfbUA75ve1dobatPcsEdq/M4VGN+/Gp9segjDRb5fQSh9fWp6D6ClP5v+O5tVsRmt D765U0JQhzhpWXMbcOm6MFNi6+47wabRE5Gv5akMa7mGrtlCiH52mv+gTmI/z3aeIDwydj duWhKqAkjN8xJb1yV5HduDOAcWk2hvk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740431210; a=rsa-sha256; cv=none; b=tIP3jWWfK5J3q15yuYcSgAcZ9ZhcjFykr50ILpNhix+49G4BJ6bDl6oxB1yUQS/2B86DM+ G51esr96WCWVij1KmvCS8eh1WS5aZPmRaK9WooC0jHe9He3pWw41/TdsRPDMK1ZztmlwBS Q1FizUXWiPPFZKCJwCyKMkw4SYkVAwM= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=SSxPvpjI; spf=pass (imf18.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.46 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-ot1-f46.google.com with SMTP id 46e09a7af769-7272b51f677so659092a34.1 for ; Mon, 24 Feb 2025 13:06:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740431209; x=1741036009; darn=kvack.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=rOE07JAo0aeO2qkwqR37ZGgXUL5hffDQBvOrMvHkhEM=; b=SSxPvpjI1+EmZhWaWoJWOAr5vdKSxKApfQtOIGu95qJUP1tdEtM32qZQLwaz2rZciJ VZ/5fZDJGdSGR//PaYvcvINEPbloaJ1DWo3xfyMewS59OUhD9+vPzHIM56eaQlIMe2gd km+WwhvE3O6wnVDRYuYa8qWEta97zLRsjqOms= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740431209; x=1741036009; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rOE07JAo0aeO2qkwqR37ZGgXUL5hffDQBvOrMvHkhEM=; b=L+C+I7unUCr96oGOsK6YEKLRfUn4AOxx4MAimgL68Q5uo6uKbij00zQpTC4zG9OG/S PqZZ0ZixII1Q+PkCZd8UuuBOI0hdF/XVuO+PUP4iQOYCpSsMF79NnyxC+Mr0iiThGvbW rsqaMuJBmOo3bVO0JRYHqnXN1GEuI8BzD6byQUaK9MzTI3fgd5SObHpe5RT8745fWJtd hjig5EhG+YvISowEwL/32LXvKcjeusU/YlzZNDgXTOak7EYpXIZBXMAGuP50JQskMyCX mwk+EtXkoVvq+7l91RdG+74F6srLojk8TeG2VBGpiI7R3O3NQa3bVISAkI4cWwv/JCAp snWQ== X-Forwarded-Encrypted: i=1; AJvYcCUcKCs2VZej8bRh/cIo7EpCJOLGcfwPjZSBWf/s5Ais7xedltCzxQP1BdmDIPBVbJLD7IecWVnZ9w==@kvack.org X-Gm-Message-State: AOJu0YzWFlPv7rO2ydW4Pb0w47UNSMkIXl33XZ/jjOVgk4h3TkkJKbZx HDIbkIQCSDwwV54SaNwIyQZSwq6EYSDq1jbaaOq6TQOe50yE2lN+3d6ebKvG7YyEzADwigyoLqW mWIZveZ5r7XatnAcw+4eEttAOs+bLcroGQZX5 X-Gm-Gg: ASbGncvA8e2pmuGOktsAKV6QFeVIvpBsgqZDb+0gt9QvzqqEVxk+rl3/HChUQCObPQ3 QJvqwf2+ZU63KjittA+Hb4yz/27IfjmbxTdFGlq9yUBZ4cW92NtfLs8pvF+nsJWKR9dsaKbHFLq Arrl77qvsTggRocRF307YqHV0U4s7enSAx8jFg X-Google-Smtp-Source: AGHT+IHwxUED7fRonpMySFdHn9FWsxFw+fOcub3O2dyBPDgDK2zdI7zlIRb+ojdTim+vpIhqeKMskqA8xjkLTVVSLO4= X-Received: by 2002:a05:6808:201a:b0:3f4:19c3:8cc0 with SMTP id 5614622812f47-3f42469ef19mr4033878b6e.1.1740431209155; Mon, 24 Feb 2025 13:06:49 -0800 (PST) MIME-Version: 1.0 References: <20250224174513.3600914-1-jeffxu@google.com> <20250224174513.3600914-8-jeffxu@google.com> In-Reply-To: From: Jeff Xu Date: Mon, 24 Feb 2025 13:06:38 -0800 X-Gm-Features: AWEUYZmrz_kKxIc5fJOxGGLkQwCE8hjxnIZdH2BjY5NJFECiClfbmfOlu_08FTY Message-ID: Subject: Re: [PATCH v6 7/7] mseal, system mappings: update mseal.rst To: "Liam R. Howlett" , jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: 4AB221C000A X-Rspamd-Server: rspam07 X-Stat-Signature: 48sfxb6x9zhiry51wdftfy33nrb9haz5 X-HE-Tag: 1740431210-764636 X-HE-Meta: U2FsdGVkX1/uCvHVwY1LcXN3iop0hSXtGoFxAJbammGr9sHwMIz3Ps9dTU5oYcmoVpz/4jJWFyuhuLjbE90+UFZJd/PaGehuQ35VKwbhDTMTITmh47DyMTNIZeSJMoT8sT7b4ZjZSCXv98haGJ7PeYOyIY9QTOOAIfryex9ObiblZsQycIyIuRFGH9W0IrCqfVOCP2loRLaBKyN2maaJ+sJh0TYX3toDbngrA5ev4op+J6spwTKWNKFxhRDzFhGnX+dF3cbmJ7OeWa9roYNu3Vva4fdXiQSPouA2+tBNJ9VS+RaRv4HHyy3HCLRU87bVest7Oo2BZ7rwAfFboDXVwOqFyjmGcDrOh/kaG235UqWuE+u/R4FfEoH3tj1fZICa65S096toPPGOFVZNaF6OEOEb91+nH0gXIGePsStEAiJaAg2p6DnfY5BuTQs2cPBrmXkm7ZHQ7nb4AV+i+/LRmLzempLCA4xivPy+GhZbZ2VfyL9TIZKX54/2r2TiQ/SHrDJWCIn6owbsmysnD/FeHPImiycQC0E/PqVYfySJHA1N3updA/pnSMvhKBYFe7b/9FRq3ZH+zl904yPL6jIBXmNlkIMX0bYMlojwyBg2m8b8hUUlXjAAxVkxNe1CqQi0TQoYXd+m2zXU1KC3K58koHM3Z3cmC7FWOMUhosAYPZDA6B7LRot5bfErecj5NmTYnvZNPgHjFPRBhTFLRtpOhQFQCiKoWU0kP+ki+HkHpohbW/8zhJN1WVUp8VlRTnueW/aerz67Dx7pHQNdG7rRfJWILTNMTOm76TTGpAlyVNLpPA1h8UGC4zWiO8UTA8PKBwN6RUfjQhhNOVPodw0H44FKRMoUV+QjirrRuptLA5nUnu0kaUAxSb7F6/X9kqAAj9TJs5pl2j91p+suYKso399+CZeU04+kLMG4Xd5kaPr1Y3bmaNZxWkzVnrxSSzdJpup+jeEdTsCGCCZQ1OG YLl7RUTh 3DN2HXmhHl8FXY2d6959yt9+2BVaDPW2DyaQWIDGUmUysJd5wj7EbHl5oIA4hlk3jhl3EatMflHbcmdnvuFIhreQwo2voZYc0R+haX/jWcfiQfE39gyfc8fY+cMjVcUDq5VgcxV9oJWno4ZtnWm5lFhLRqoWBlGjuL9lKf4AKT3foyHyGjChxG2qL0DIhmSlB1o55u9XFDi7a8Gjig+Zgie+AkQUB8vBL4ddQpruRGZcGwaLSjb/ZS3vyCGajjlxQByEgtgv18MsjYyytgULP5aaUkAvqtW5+MNUljf3VHqGUzxZVSgbOe4oijQUpsTrnI0fM X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Feb 24, 2025 at 12:26=E2=80=AFPM Liam R. Howlett wrote: > > * jeffxu@chromium.org [250224 12:45]: > > From: Jeff Xu > > > > Update memory sealing documentation to include details about system > > mappings. > > > > Signed-off-by: Jeff Xu > > --- > > Documentation/userspace-api/mseal.rst | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/user= space-api/mseal.rst > > index 41102f74c5e2..10147281bf2d 100644 > > --- a/Documentation/userspace-api/mseal.rst > > +++ b/Documentation/userspace-api/mseal.rst > > @@ -130,6 +130,13 @@ Use cases > > > > - Chrome browser: protect some security sensitive data structures. > > Did you mean to drop this line? > Ah, thank you for catching that. -Jeff > > > > +- System mappings: > > + If supported by an architecture (via CONFIG_ARCH_HAS_MSEAL_SYSTEM_MA= PPINGS), > > + the CONFIG_MSEAL_SYSTEM_MAPPINGS seals system mappings, e.g. vdso, v= var, > > + uprobes, sigpage, vectors, etc. CHECKPOINT_RESTORE, UML, gVisor, rr = are > > + known to relocate or unmap system mapping, therefore this config can= 't be > > + enabled universally. > > + > > When not to use mseal > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Applications can apply sealing to any virtual memory region from users= pace, > > -- > > 2.48.1.601.g30ceb7b040-goog > >