From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4638C02198 for ; Wed, 12 Feb 2025 03:40:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 57D126B0088; Tue, 11 Feb 2025 22:40:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 52D106B0089; Tue, 11 Feb 2025 22:40:31 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3CD556B008A; Tue, 11 Feb 2025 22:40:31 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 19B106B0088 for ; Tue, 11 Feb 2025 22:40:31 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id CB3F41C6CA4 for ; Wed, 12 Feb 2025 03:40:30 +0000 (UTC) X-FDA: 83109890220.13.64CED8B Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) by imf12.hostedemail.com (Postfix) with ESMTP id E8D164000C for ; Wed, 12 Feb 2025 03:40:28 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=WKND3eup; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf12.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.181 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739331629; a=rsa-sha256; cv=none; b=aFiqk+M6X/d3imxuJjYwMbuntUAiAZCW/qSpLsBNfU6nDFhB3re7dXLNU7/HHbbwN8jjtK kPGzyaIT36mj3WUfjX+/iRuPmQEF7j6W7TZddat4cMx/0l9PMCCzAgOImcRIiLjNaqn2n2 6/nQ1k07AHjKXtr8Ak5yY0fI0qqtuNs= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=WKND3eup; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf12.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.181 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739331629; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=k1O1+kqXPDLIzus277gFO2o1Khwx0jyRKEzNJbJfbQ8=; b=pzDsks62zDI5SczzAO9YkUuX3angRhEa3Tkv1o4oODAzZb2DxNmpZ2dzqvBQOE+3qwsm++ MY4cC95BSq8uBhtmImeALqsrOqeS1sD7C4lBBQHu4fn/pPxiuVgYEXfCMmWvOFIjKuFXTt HVmOmK9Q6HJlTGcNhxt/tOvfCgl44RE= Received: by mail-oi1-f181.google.com with SMTP id 5614622812f47-3f3c0c172f1so293847b6e.1 for ; Tue, 11 Feb 2025 19:40:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1739331628; x=1739936428; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=k1O1+kqXPDLIzus277gFO2o1Khwx0jyRKEzNJbJfbQ8=; b=WKND3eupJeINnTjDuSZykhsK4NX9F2yF/nLSi6LnTmtl/J/QWcChr5giT3mQT4VgBJ CQ/HoI535hDhIJrlzSYserKr5O8YJIYO4ROcESGhCVZOZhjj8EB9pNFGJdEhkB66dwLv m/6uMrwqYxee2MwrsYbMHGhlfySnkOYivFhVU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739331628; x=1739936428; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k1O1+kqXPDLIzus277gFO2o1Khwx0jyRKEzNJbJfbQ8=; b=GMj6ICaYgtYyox8shEvqtujCHHi/1RVuDHfEV2K8cJGzbts+rgxOeGzrrxo+F+m87C I4oF5vRJ3VMv0Q0hl6FmgEPYY164Szk4g02CTWocsp+ejG+3IGSjU2SK9hekyJzUqrUk 3Fm2JPbvXIf9Dbo+5OYpnTYFchPr8XAc0EL6nNmyfecYwGkQ4bQkSp24aCz5sDSeHk1I hojACw28zmfbinqc4am0DRJfjIKRQyYY2fxypPfM6jmBYtXh0pIwwONJhpDi2k9Ct5ft KywcwKRP01q6BBilcRpZu6CI3gebmup2PvqOHvYVd7uEd92XQVILxxw8+OZ1Iyrxq4bi Zn3A== X-Forwarded-Encrypted: i=1; AJvYcCXMzyOSrgAGyytIFWlE/jxdvLGG9KkIP1a81g8T+o+VY5dXTAiKGec1fYtxryZflGhnAc9dXszHLA==@kvack.org X-Gm-Message-State: AOJu0YwJPeBx8cmb3psB/SEIYt4v6ml0vLLnwceiE/3ytm0ccDm478Pk Q744+Sgsfm2ZecyE5Z2I2vKh8YqOr4YNzRfi9nkBf75YzP39J2co6OPA11GS5uUQRM58XNFfVL/ iPM1n6ktzV3lAJqkY5fa4M2Xz482qll5wOmOv X-Gm-Gg: ASbGncuSQuMafonLTBPgAKofA0gjHRzxAPcwxVNq1wiO62BNx5QVNG+z9W/8OhsoqTz XvR51oDnhBtOBCjUmaP8z6O8iWIUpnaNaPahLvdUbuUtVIsSThPt5qG2goia6jCkWVFDMNGo9/0 KQM2Dyr4xm4jhU8yNHszs75GC4iMm7TQ== X-Google-Smtp-Source: AGHT+IHS5JwD+Jt0SwmBinJt8SPZp/OeUf8HMOU2PgEZ1F7kG42eaLlTkBqNf1TT9g4dqMBA7NLngUztb2UDdxDdlzk= X-Received: by 2002:a05:6808:1817:b0:3f3:b2e6:f57d with SMTP id 5614622812f47-3f3cefd766bmr279476b6e.3.1739331627854; Tue, 11 Feb 2025 19:40:27 -0800 (PST) MIME-Version: 1.0 References: <20250212032155.1276806-1-jeffxu@google.com> <20250212032155.1276806-2-jeffxu@google.com> <8899161a-573d-4826-a6f8-88c2dd145692@infradead.org> In-Reply-To: <8899161a-573d-4826-a6f8-88c2dd145692@infradead.org> From: Jeff Xu Date: Tue, 11 Feb 2025 19:40:16 -0800 X-Gm-Features: AWEUYZmE2X6QlpBPZRLc059M-Bg0dneOqDbOfyqMe-duzNz4oMske6H0kyectqU Message-ID: Subject: Re: [RFC PATCH v5 1/7] mseal, system mappings: kernel config and header change To: Randy Dunlap Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: E8D164000C X-Stat-Signature: s197w9qbnks46s8snamtgabbiizzwhyo X-Rspam-User: X-HE-Tag: 1739331628-28999 X-HE-Meta: U2FsdGVkX1/4zw4AMIzx3SIAwJ8VLev1urLofWDE7J6wS4rkWnsddsyoGQv5L52lfIYOaQF4RPz1NTV2ytnqBV16fsaOEM6D/r2RDGsFaRo9U4kMbtPelqW8ns0/DnjCXfqA5t3PgMNKg9gxxP9X3m01BNNUyqCa0ZERxNYYdXpLPrT6DWeOQT4HtH92tyEbtUHSHRWBpMgW42m2jFNs1dqkL70ZeSKvP+C8bitfDCf6GA0iA/c+QnTw2jiuSPIKZCQ//KLb5vstVQUSWBdKAIUolPn1hX8KtGv/9DRVrJagdMZcEm+xKO1jKHjcy0hA6WgrBtZuMXRzGA3PaqzJHwAg4vXvPCsHjfX7GoT/scXd5v6OpKuyJ10fycw18lqYWiWP3t+BxP9RmpShoPiWcEuHu2o0f4gjoHFyaiZnjjFbfFppjsrQleNZBz93h7YsVZpanWWpBMhLmuDs9miikbIIGvRK3PdugqEaxf/Yh4r2dqIB23zr1LgaBsz4MvuvPti61WGCp+XiHTkLaG41RNKXqUUIw/4qRSSHpqe6l6wTOTwvaPsY5KMOKabJMPn14Yt59R3rmsUfmGaQoApNtQIc8GUAGhrC2prKng5Ri48E0AF46p6bZ4PNtGIycQOU7HDsZX86S4lEe+Q1tiw7pPL0uAZoXOS5Cf/IMT7qzCepZ8amM3RiGxaUoKunQlcOokykHcFnR2Fa71k/bJFuHrqCEeoCy9ry5Jc9ad3y8tTlMLCpDUj2Rr7QwQqBWausaDIHzXy5g7PgtmFQel2bWc0Ii2mpWHlkGA/JMONRB3ZlOvsHkjF++Ce1BLvl7ieAL1OzNV1Cf7Ymkaiq28GbaqZ357BXDLLGOHjWqwajyny1emWnGoy8FLl/JqOH2O6Yy8B6wkeyscXsGVcgIv7gbKUKHWWSG6qJaARb/G1pEDVzrg6eB/iGK73DOxtUL7yXhKBFI87nGSYcSdpTlMa RNZurc0Q iwp+BF2KagNDBaa7cZ+crYgv0/FLF2o18dlMBudCKrGJOfp6qQLkTKTcA2vKTbPfDJHhs8MCYsrUQsbQkP9/tihw7eYlz71wzWLIv9VGHrOYJRssXzmCvMVqjO+2v9UyMQW9K/S799yiiMWb4h/gBMss37EIL9R5f3obPlCsKOUbn5e+/eOzb2qYxFaiH8ltM7ZkGKlZdcecmibVEjin4nbh+0qL8e8sNiK0lm7t57xHcmuCAHME3MrETNC8MbsM4oetZjQDaCzcYO+DVV11Q32Bazdhj+Bmw1+QXaAgZZzNr/i0OoML9m7gHV06kcoxQf/Q1xNUDGCXjuVO/8akZkqdVU0pPBt2JWido X-Bogosity: Ham, tests=bogofilter, spamicity=0.000003, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Feb 11, 2025 at 7:31=E2=80=AFPM Randy Dunlap wrote: > > > > On 2/11/25 7:21 PM, jeffxu@chromium.org wrote: > > From: Jeff Xu > > > > > --- > > include/linux/userprocess.h | 18 ++++++++++++++++++ > > init/Kconfig | 18 ++++++++++++++++++ > > security/Kconfig | 18 ++++++++++++++++++ > > 3 files changed, 54 insertions(+) > > create mode 100644 include/linux/userprocess.h > > > > > diff --git a/init/Kconfig b/init/Kconfig > > index d0d021b3fa3b..892d2bcdf397 100644 > > --- a/init/Kconfig > > +++ b/init/Kconfig > > @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS > > config ARCH_HAS_MEMBARRIER_SYNC_CORE > > bool > > > > +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > > + bool > > + help > > + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. > > + > > + A 64-bit kernel is required for the memory sealing feature. > > + No specific hardware features from the CPU are needed. > > + > > + To enable this feature, the architecture needs to update their > > + speical mappings calls to include the sealing flag and confirm > > special > Ack, will fix. Thanks ! -Jeff > > + that it doesn't unmap/remap system mappings during the life > > + time of the process. After the architecture enables this, a > > + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage acce= ss > > + to the feature. > > + > > + For complete descriptions of memory sealing, please see > > + Documentation/userspace-api/mseal.rst > > + > > config HAVE_PERF_EVENTS > > bool > > help > > > -- > ~Randy >