From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CE94C197BF for ; Fri, 28 Feb 2025 00:04:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A89A6B0088; Thu, 27 Feb 2025 19:04:19 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 431CE6B008A; Thu, 27 Feb 2025 19:04:19 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2AB7D6B008C; Thu, 27 Feb 2025 19:04:19 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 0B0766B0088 for ; Thu, 27 Feb 2025 19:04:19 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 8C8DC52633 for ; Fri, 28 Feb 2025 00:04:18 +0000 (UTC) X-FDA: 83167406196.21.614AED8 Received: from mail-oo1-f43.google.com (mail-oo1-f43.google.com [209.85.161.43]) by imf25.hostedemail.com (Postfix) with ESMTP id 873B2A0017 for ; Fri, 28 Feb 2025 00:04:16 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=DguduNaZ; spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740701056; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TdAKRoI4MWNZS1p5ikuwofSWZ+m+ABE0cVc0cuX4/8s=; b=Ft5l4MU8NMevH7wwhiq/Uzv/46pcVGa5xtg1v4wd5n7KktdORP24Glr1B6iz260s7h/7NB oFZSXX5dnXA+WbHFv7CIiZRQ0XGlQGEOAS7gVijQnjZSD3+6Lw3DJC5Py+c5GM345SLDTT CTDlYUdXP9ujRY3qFcMHsOi5EkhYgEY= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=DguduNaZ; spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740701056; a=rsa-sha256; cv=none; b=XSenKcdMSa5fnlGbdGdMrGi8KaJKtvL//uriuayz0crfcWzKjC9dHOj1nodN3B/wLMh+W8 KmtdTYkeZTN50+jGr5lpPvxoUDTHPk9IAHGAzvYVbPXe9g1F9MUjIYinQQfzevpQGqkJKa KfImZRx6RR+8lnuNdyJlb1JZAZhp+QE= Received: by mail-oo1-f43.google.com with SMTP id 006d021491bc7-5fce7a8c3e6so81930eaf.3 for ; Thu, 27 Feb 2025 16:04:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740701055; x=1741305855; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TdAKRoI4MWNZS1p5ikuwofSWZ+m+ABE0cVc0cuX4/8s=; b=DguduNaZRYcm1q4ofsdBSxr0C6p5xgCGLpiP4AZQ8lclFdtJIH3XESwGXpFpucoiBb QjBhUg0sfWwOaDfP5pxRgZ8qvI0jmfW6bfSIPHbbv6ndmheLS+NZ/syqYIE7RJ//2P3t cyqkV96IG0hUzBudb+xm/952z1Qkocz8tfjgU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740701055; x=1741305855; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TdAKRoI4MWNZS1p5ikuwofSWZ+m+ABE0cVc0cuX4/8s=; b=fQqPtylrq43UDnGBI+XzuIEZ9+206nkOSj5HDANsvvHbjo+Dy5E6Dz7pKpOaKgbjph 0BXfdpfhM7oJub/NOTm265GFiwolUTr6uu0mJl+MYVsWtlFY1ANGznGoNII+e1meZW/f 60R82fzLJbxqb28hCP3wmfyUIzdMJ24GILZ/SDqXhLhZ7OFHfgxi8xAAF0KzmdNMQGLM P7O6NdL87+AkRU3QT+csabRoVjx50Jf1BAy6MGJ/gXYu3R+uiAaXNyZWtJU7Y5uWs+gp lTu60LHsRB18m2lPlZH3rXOv5HVq2fwAPJrdrgfulm7RBt/V9mdMoVq9Vcj2K2Y4YggW JKiw== X-Forwarded-Encrypted: i=1; AJvYcCUu1yB3m8ZfwLsoOEBY0t6QbuOqRkB24tzBZRBaTWmVK9a3re6baiyJAzRDnYOpUWDil0ZWHlv3ng==@kvack.org X-Gm-Message-State: AOJu0YwNZHQzn3EJxnh9IGlILue2JfpTatyyj/IhV1rYNJ+Q0g6s7imR pK3FrQk6T9oEqqkkBaKrZ3rAJtrayFPzrfqY6ecIxHWio3z5ix58w+EdUzY6PLxZTswwXD5P8lk hZ3r1TvBkrzZ61Q3TylF3mBYAODmzx2sIgRtU X-Gm-Gg: ASbGncvGK6IdK7DCf9Z6GgJSkogGJkycMvA3KvV4E460HuYI2Pbrd7J3LzDkQNN9n7p 772jzVB2BI90V+23LJ/qcASU4DfsVX02PaMQua+JbYOjeiQvpvHC3DyUvYfy/ATUJR3sz3F0JUg TEgV+h4V7xU9yxKZTUIC4SfXU1hzbLA8lwx04vW/Mm X-Google-Smtp-Source: AGHT+IGWuXQs0PIThChSzMMhBYpO8F+O5v1PgymX4okVh9IJ0FU07Sbjp0HW52pAlPT3tSirmglti/FDlIKqYQSJ9pg= X-Received: by 2002:a05:6830:6c0f:b0:727:2f27:2a5d with SMTP id 46e09a7af769-728b82f0b63mr269890a34.3.1740701055553; Thu, 27 Feb 2025 16:04:15 -0800 (PST) MIME-Version: 1.0 References: <20250224225246.3712295-1-jeffxu@google.com> <20250224225246.3712295-2-jeffxu@google.com> <9abd68d9-3e6d-46a0-b92c-5aee0a90abf3@lucifer.local> In-Reply-To: From: Jeff Xu Date: Thu, 27 Feb 2025 16:04:03 -0800 X-Gm-Features: AQ5f1Jq9-ymrZNzxRItoW5EEM_7nmfT5SZHdmMKzLXHDq-gTSSV1Cci_cu2NaII Message-ID: Subject: Re: [PATCH v7 1/7] mseal, system mappings: kernel config and header change To: Lorenzo Stoakes Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: w4tbgi66d1daypz3oc41rdsizy1ja87i X-Rspamd-Queue-Id: 873B2A0017 X-Rspamd-Server: rspam07 X-HE-Tag: 1740701056-100976 X-HE-Meta: U2FsdGVkX18fE+e01Mva2wqRL2ahQoEJ9kn+Ez9clLIRUCKwKYXO/Ok3NNGwD5dGQSstiQNb4WlnpRvdihsufxMoN/GdSJv7hCqZ5YDZ8NIn9IHXtyKwefKneD/plh2eAyZkqJJFWPaOiTBR+au/eSpV6SwlU7w06XxiVBj9bBTXp9NBF3UFfTRGKDxS6psJrwc7LVbUiW6AmU4z6AShaOsPsEM+FPla8+nJTD8jAypmwVMjxu+K3wMeITgUFKYHZRKR17v0deM6VU/8GiCHCW7swtG2qm9i4qagLxKtr5w+E/84Eh9jx2TtW797NrzcRyUSL74oTgVuIgYIbW5IoXPpmnBtnCHquxFznsipi9/XQCRs7fo+YdrjVisApASBjMclkk7GH6EHpcHtCRHMMfAxmxjiVlcbyZgbNQD67HOTIt9lrKaqA/Oy9D7Jx2kkz8l1E1vuIn6ysE9JWpdfzdjSBYZ7QI3lYpyG3ItPp8rmqc7Ls03hrBv+AbiAr+9OBGrUxYjVV8LCuDhp1cMc3JY/ssZCoFMkdjRZkT0y2exxvZqNMelx6sYT3lG0Z+KJNCMwP+NREicYP+mhGllofUf6GCeHbPo0WcoNlCh6brGy/bEJTBViPwUyysGVf60iJPz+rUeT/5+/FlzNcKzkgLnBoqahV4h9u+EPMXDMtLQ3wZXyYlPYAQ+YYc7/rw8HpRzPRXz1LfQZzAca3b7aZQGmf65aJCI70tOxOhs4eg6Mv7GkAzuv4MEzF8mr2vj62A6QiczMnc9Ddhx3qaJNQD9QtXO7TGX2Cr7RGvnqA2ziYFDTTO/bYXIjI6Ka0JkKZKdEh1TfwU8Q1bLopjts8N6Ex6iwoKX0TZJ27gAfNpAcqB0AZ8hbPTsdH/pYSxUJh/5Y988Nq+8x1TNh8OUC6DkPmnEC788W3akrG+qivSN5kSMySG8iSGBNsM0muMoMyvAKY8K5K1c4EXGixsS jGGeuRiM I3wicAx1CRduTu/lDNvohcgx2oZ7Twb46n6kLB1OJm6fdSQf+Xs/YfQ1iyi9MrixswgNCqkZ7zbUFifi+/gnaWcvbA3pb9vQmTG2JyWuAg9V83S049sYIskLKux08wI9xfEB3HsvU/rvbZTf+7IIKTGIdUWPDHcERJ6lATuXRY9a0vlMWzk6+LYjp9b/Eig9EdckANj4s3lx/cIwZVWAdVfqnQgNQgHFIY2SaIrfoYAORPAMV3RRHPR9Q8K7Qpj/ttpzpDkYrcEoUXUP4VrAjbUyXeD7e9x7vMnsVYL57OUv7UOU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.026772, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Feb 25, 2025 at 10:04=E2=80=AFPM Lorenzo Stoakes wrote: > > On Tue, Feb 25, 2025 at 05:33:24PM -0800, Jeff Xu wrote: > > On Mon, Feb 24, 2025 at 10:05=E2=80=AFPM Lorenzo Stoakes > > wrote: > > > > +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > > > > + bool > > > > + help > > > > + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. > > > > + > > > > + A 64-bit kernel is required for the memory sealing feature. > > > > + No specific hardware features from the CPU are needed. > > > > + > > > > + To enable this feature, the architecture needs to update th= eir > > > > + special mappings calls to include the sealing flag and conf= irm > > > > + that it doesn't unmap/remap system mappings during the life > > > > + time of the process. After the architecture enables this, a > > > > + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage = access > > > > + to the feature. > > > > > > Architectures also need to be confirmed not to require any form of VD= SO > > > relocation, which as discussed in previous series some arches appear = to > > > need to do. I'd mention that here. > > > > > This might need clarification, the system mapping includes vdso, right > > ? Why the focus on vdso ? > > My mistake, I thought scope was more limited than this when I first > looked. Please disregard the focus on VDSO here... :) > > > > > The sentence "... it doesn't unmap/remap system mappings during the > > lifetime of the process." already cover what you want here, I think. > > > > Right, I guess it just doesn't quite _emphasise_ it enough for me. Someth= ing > like the below would really help bring that out: > > The existing of this flag for an architecture implies that it doe= s not > require the remapping of these system mappings during process lif= etime, > so sealing these mappings is safe from a kernel perspective. > I'm not sure I get the difference, but I can add it, is below OK ? To enable this feature, the architecture needs to update their special mappings calls to include the sealing flag and confirm that it doesn't unmap/remap system mappings during the life time of the process. The existence of this flag for an architecture implies that it does not require the remapping of these system mappings during process lifetime, so sealing these mappings is safe from a kernel perspective. After the architecture enables this, a distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature. Thanks -Jeff