From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D424C021B2 for ; Wed, 26 Feb 2025 00:06:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B2E3F28000B; Tue, 25 Feb 2025 19:06:52 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id ADDBD28000A; Tue, 25 Feb 2025 19:06:52 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9A57928000B; Tue, 25 Feb 2025 19:06:52 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 7D2D628000A for ; Tue, 25 Feb 2025 19:06:52 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 3600E1C7981 for ; Wed, 26 Feb 2025 00:06:52 +0000 (UTC) X-FDA: 83160155064.23.391CEF3 Received: from mail-oo1-f54.google.com (mail-oo1-f54.google.com [209.85.161.54]) by imf16.hostedemail.com (Postfix) with ESMTP id 4F66D18001A for ; Wed, 26 Feb 2025 00:06:50 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=GKJRppjE; spf=pass (imf16.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.54 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740528410; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cEQHtnjF2vZRn83mHHMuyJ6nMFok4NklDXTEXMMMyT8=; b=rTf8XjArcFU5crmYIjxbPentreioABUmLuRM1pZluGYtzA1cMU6OSvPu1ZCJYrEXvPVOEj NpNyewY6yFxGhLBQJeK9cIl2yfugLqPnk0kk8yP3uHeiRhUA7XrabvniOGVZahYalVb+Ak GvIsxalwESsibZ5XpIiLWsOmUE2VlFw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740528410; a=rsa-sha256; cv=none; b=RdGVDS6N7pDC6RAjiopu3b96Pe8ayTgEH5eTLT7cOzsphzEErhr7CPHzZjLHbsBTvLFbaV qs2ZdiiCMwtEimvk41ZaSeewWOWbX0OTwMSzsNs+IJ1HI7W/L0nnRIgFPZ8cNCQWgcMP0K ipcgqIgZKtOcxDNj3v9U6m75KQ1AhSc= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=GKJRppjE; spf=pass (imf16.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.54 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-oo1-f54.google.com with SMTP id 006d021491bc7-5f8978a899aso44181eaf.2 for ; Tue, 25 Feb 2025 16:06:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740528409; x=1741133209; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cEQHtnjF2vZRn83mHHMuyJ6nMFok4NklDXTEXMMMyT8=; b=GKJRppjEFAw6WtGvVJCMY0khXPr5rOBbE7LCmTGOdDQOtUY+eX4+Z5GMXFrs8iG2GK O4XjsENAtLP97yaVSYhWsL1hgxtg1dryJLUkrw+58Y4EU+r9EHGIvDc/32bOf1sZpmYn OBazX8wvEuf+1P7B6R2woTZcRw7rWo3vg1sBg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740528409; x=1741133209; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cEQHtnjF2vZRn83mHHMuyJ6nMFok4NklDXTEXMMMyT8=; b=rDLS5McwdTYci+OB8L5ULDv/Mc5d0c3BHX+hp+WH1NvUIovvwBDi9Fg1QPc9K0Fh5C 92HDKgUB5x3ga+IRqoZlOC+3GLSKomS0Zkp52nas/jbV0DBOwHe1z+Kyxp55szo5UKvB 6SYqIlJtH2EQXvzS0kGUT1hybp/R5C+aMJZBC2hkqvMs6cjhL4q2OzHa/sCT0DpsBk5y 2+4ARy3oH54H2nfIiCFhhdz7nftCSNeHei6Gi+4zuAvCIzSWa9GkrKhaOzPwzXk5ob74 buUvO/sZXdgvm4/tk23kXqSoaJMLc6nSp1vIuTS0AilNQEMVEene4fgSR6gbv6eOb6Rc l75Q== X-Forwarded-Encrypted: i=1; AJvYcCXVZAVMVqtXf7it9oiC0BmZ1eldj8WSy1JY6YSHlujcAXLGkOmRckPdQ2Q4GHK2llWprR9Nbz9xgA==@kvack.org X-Gm-Message-State: AOJu0YyjQsGF7g3N/ZiFdBzR1ofkrpEwtAuVycZVJ4E/ucc8a1jOQgeD xsFoW8m3gdWjRzClGRXO8Yw4vU3GAyXWjtuiiTYWcBkOEi30sC/mUVEGgCca905Y8daMPoMKuId mBSUYrvagbsindthvMtBr2mpX0qqjDH5vtS+i X-Gm-Gg: ASbGnctFzxItWThLGzKO0AINbhLlYoPPn3zQS5SWmjgfmK9C+rFuH5DYrDwKt3rlnGY T19sNuUc+fWLTLKJ/ikia91ZO/h2IEfmHxAICltQpZatiruh2R97xGGpLOZ5PE6JQOoOGKCU5Pi kFrbMh3ZtMimAzr8Rbd3EUlI1eIa8AIt6ZLM0= X-Google-Smtp-Source: AGHT+IEkVNQlEk7Bxd7v+XujCfyFZChBzX7n2px0GzS5hBJ1gxxX5fMOBHcLpxDKLvHORzQ6goY6cV15X1nVnc4Q2A0= X-Received: by 2002:a05:6820:1692:b0:5fc:f0fd:3cf7 with SMTP id 006d021491bc7-5fd19389a0fmr4090988eaf.0.1740528409160; Tue, 25 Feb 2025 16:06:49 -0800 (PST) MIME-Version: 1.0 References: <20250224225246.3712295-1-jeffxu@google.com> <20250224225246.3712295-7-jeffxu@google.com> <55a9ff15-c72e-45cb-ab38-ad814011e27e@lucifer.local> In-Reply-To: <55a9ff15-c72e-45cb-ab38-ad814011e27e@lucifer.local> From: Jeff Xu Date: Tue, 25 Feb 2025 16:06:37 -0800 X-Gm-Features: AQ5f1JqtMYoP2_skx7V3vIqYOv2gZjuF55AZ7cU2O2tsMHOlHUe0nuXvc4MgPGA Message-ID: Subject: Re: [PATCH v7 6/7] mseal, system mappings: uprobe mapping To: Lorenzo Stoakes , Oleg Nesterov Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: 4F66D18001A X-Rspamd-Server: rspam07 X-Stat-Signature: uojer7ogbni6urqj4kw363zktx4jitp7 X-HE-Tag: 1740528410-120290 X-HE-Meta: U2FsdGVkX1/s2Lg6gPGfhUds84SdLID0QF5lFk4pG5CNqs2Q9rxZa9CgUbSLf8VjoI0yP4vyC3TpHxESl8TRVjv7aHJ76sYy2Bk++foi6JNSP0XouQ0cR9ZE9QQUjPL6fgbTh7lINPrvfyMDg0aRI76ovjchi392q22HCAcK/V0bqGm3PEr68mWjjP7b++PtkREiz5TWB5FetVg/5q+DO8kELlUwyqlQfIgtBgrC6uDjgTzSn6WSpToTl7j7OT4HBs7yd7Pmzu7hgevJeFf0Ped34Eiz9tEqzHGBxpR4b4gK0KzhO/i/DT6SKLfsMlYUAOUflto0T4QkHDsae786KpkYTbpnm33JcDi59fXwzlgftNHHhrk/3Y1RjXF03HBQmniaWOR/IJOOwVE65PzLfMvdKYzrqwiaKYi0CSpOQEe4QlPX8PsL/RYmiR/snZj/5q3QPPkInWbB6/WlN+9riGYwfo1jgiXI2tU6DSOJQ/0ZUyYQh7Vkt+7yb5oXunqCkCcWHM0G4mOEiNU/VhDKdwyef0lGl0b0dhBC2m5tE77o4Y7UVZ3QKJS94LD7dfmuueVhguqmfQOUX+Fq5pt/8NlItjQ/YcjSst9VTYnuNCWq9itZ5j06k84ay1uxCuBh4xVixJvpU5DdAw4OXIzLqgDIMV/0VmmMg5zKPbsUodax7yjbsPBrRIKF7PbX0Rk9gMjzWu098hYDJVEDRvR8WV4aRLspOe0psRJ3AIvOxd7WPNI9ZDL9RJremEh7UQlsyfFVtOQmTmsQsLqsBKNWnf9Cr9w0B60tgMfOMTi/3NbSfT0L2nreviX5QIzZB9Zir92xdn2I3ytHtXcPqsnpCGE42SUI4igD88/WAMpSvDlPEkLzpGgkCMmzKTvLJmUr6ycjHVpIV9BHFINGEHFVdhfDq90BChxbrapNTUpKdYgkn8W2Fk0Nk3YG7hJimquLHFAUC0a5HaYVKLP0JUb VGvHuTSB 4/4P8Ce7DuUEXtbINKJqcIEKD/dNoi9aKwP6dURkVYn37HJkqhz21nDF/F319s6Ezqm2ecEWmTZsYOc+peDl7bpd3EINbfwIybULjiAlDoI9GI/0yyJtOmRPfI0pyc/7xcmBIVUdCgPH8luYt9il/OOAcGtQj/A/HmuUfEPxjF9jnB23Ap/c+aK0YuzLgAECFcGAqo01KHu6ISQHrW7bqVq4DYZjJqGqMWIxm9Yqc8HuQzCyqsXvCLKDJLq8pjNbu35narkjYRD2cm/FJMK0eyPfTGp3hh/kjuCjuBiWexWBJmC4A7bIgWcPzjtRiIQPSEm4c9tCdwxM5K1j5bIeLmfKFqCilX7+HnCCIjuvRr8jaxJk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Feb 24, 2025 at 10:24=E2=80=AFPM Lorenzo Stoakes wrote: > > On Mon, Feb 24, 2025 at 10:52:45PM +0000, jeffxu@chromium.org wrote: > > From: Jeff Xu > > > > Provide support to mseal the uprobe mapping. > > > > Unlike other system mappings, the uprobe mapping is not > > established during program startup. However, its lifetime is the same > > as the process's lifetime. It could be sealed from creation. > > > > I thought we agreed not to enable this for now? What testing > have you done to ensure this is functional? > I honestly don't know much about uprobe. I don't recall that I agree to ignore that though. As indicated in the cover letter, it is my understanding that uprobe's mapping's lifetime are the same as process's lifetime, thus sealable. [1] Oleg Nesterov, also cc, seems OK with mseal it in the early version of this patch [2] Are there any potential downsides of doing this? If yes, I can remove it. I'm also looking at Oleg to give more guidance on this :-), or if there are some functional tests that I need to do for uprobe. [1] https://lore.kernel.org/all/20241005200741.GA24353@redhat.com/ [2] https://lore.kernel.org/all/20241005200741.GA24353@redhat.com/ > I mean is this literally _all_ uprobe mappings now being sealed? > > I'd really like some more assurances on this one. And what are you > mitigating by sealing these? I get VDSO (kinda) but uprobes? > > You really need to provide more justification here. Sure. In our threat model, we need to seal all r-x, r--, and --x mappings to prevent them from becoming writable. This applies to all mappings, regardless of whether they're created by the kernel or dynamic linker. > > Signed-off-by: Jeff Xu > > --- > > kernel/events/uprobes.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c > > index 2ca797cbe465..8dcdfa0d306b 100644 > > --- a/kernel/events/uprobes.c > > +++ b/kernel/events/uprobes.c > > @@ -1662,6 +1662,7 @@ static const struct vm_special_mapping xol_mappin= g =3D { > > static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) > > { > > struct vm_area_struct *vma; > > + unsigned long vm_flags; > > int ret; > > > > if (mmap_write_lock_killable(mm)) > > @@ -1682,8 +1683,10 @@ static int xol_add_vma(struct mm_struct *mm, str= uct xol_area *area) > > } > > } > > > > + vm_flags =3D VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO; > > + vm_flags |=3D VM_SEALED_SYSMAP; > > vma =3D _install_special_mapping(mm, area->vaddr, PAGE_SIZE, > > - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, > > + vm_flags, > > &xol_mapping); > > if (IS_ERR(vma)) { > > ret =3D PTR_ERR(vma); > > -- > > 2.48.1.658.g4767266eb4-goog > >