From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8EF6BC021BB for ; Wed, 26 Feb 2025 00:21:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2AA1D280007; Tue, 25 Feb 2025 19:21:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2326E280003; Tue, 25 Feb 2025 19:21:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0D344280007; Tue, 25 Feb 2025 19:21:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E1310280003 for ; Tue, 25 Feb 2025 19:21:26 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 7BA3DB0EB8 for ; Wed, 26 Feb 2025 00:21:26 +0000 (UTC) X-FDA: 83160191772.16.5C17BBF Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) by imf17.hostedemail.com (Postfix) with ESMTP id 6C7274000F for ; Wed, 26 Feb 2025 00:21:24 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Mdt03mWs; spf=pass (imf17.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.42 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740529284; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=G7+1raIMQPaglzaGTumlpv6MCHAyLD6+J+LQuyLHZvQ=; b=bSL0M0Met9n7VeBxLVk7uZ0uHDILTOYlJ/w5VjSanw1OaV1ZhjqOTIiYXDHgLolh9qZULo sFeZnvDVJu+eQTNJGwTwfuzHdEOEweidtBCb2zlbhcG/06aWU/LyEwh7HyaPJeeMzb9s4v gYRHdZ9vw4UQ9d2iVgrtqowNjjg+Elw= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Mdt03mWs; spf=pass (imf17.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.42 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740529284; a=rsa-sha256; cv=none; b=Qkc4SGimSih8AfJM5eKaBTYddLQHIvAIxDY5jSgkSU4CMvi86/ukEcxh6CaQv1rmNx9QZW 0q03AkZp3vWhaTanc54M1fsQYuLNh99ktiDmi8r8oYAVvqjjxvcRMJrzQn8RGa+pIkh8wd O3d1ZLEM+wYNQx/zoVRmxXJ24hq/UOg= Received: by mail-ot1-f42.google.com with SMTP id 46e09a7af769-7272c81328bso524561a34.1 for ; Tue, 25 Feb 2025 16:21:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740529283; x=1741134083; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=G7+1raIMQPaglzaGTumlpv6MCHAyLD6+J+LQuyLHZvQ=; b=Mdt03mWs+fhhunmkRBbVI69pKZ2OSZCTqs7eQ/tCRRQYCgiiH9KeFQiIplG7Y98tN5 hyq1vBAAPJweMOIoJKF3NW+Cki98em/4mn+4dDQfoMQFlfHx/IDD1ZGWL5+pDdtYEU0L 10ep96liPv8wARYJs5A8gHRQmNNNEURHx3PrM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740529283; x=1741134083; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G7+1raIMQPaglzaGTumlpv6MCHAyLD6+J+LQuyLHZvQ=; b=Z0jlD2fCbq1rZYk08CccC14aJONsFGjjQrhnhwqxxusAlAZnkRDtVmML4XHEWcZIFZ IsvyQPocXjBIrNjKXeeaTjpZ5nhs9gLY/mNsnGdafLR7NK09uyL4fnfV/7nW5S+4a5K3 YLs/8LVx0/RZbxFj0ijwW5qa/Eqm+3gJyA0kVwhUAnVtK3LZD7VsVDB/lnlYxbu3yXJ9 9StJbpvikuUxzXGYn77Z9XyNnd9g4USevSDaootySq294/08CkLEHTJkSGHky7ptkt49 oDSvw0a8oEr9BxjAVVOU8k0eDpKFZIFt4GWf5AmJPeP6thuAMI6210Ay1i0C/hSjr8mk sVFw== X-Forwarded-Encrypted: i=1; AJvYcCX7y+aIQf7sCQWL188TBVrCB2ujs5F86Dk/M7Qh5ye9kdddrPioRsS55nUCtzQQneOt3pXKc+f0cA==@kvack.org X-Gm-Message-State: AOJu0Yy5hOmsP/eVJHg4vRzZ8ydyqvGTzJF6abfLAYHmFsP4WDva/M9B N3xcjAgV8Nvq6tP2dG1Kgsps2sZHTuBX6FEz4kD3VHmk805vLCl7jKZ4WKiC6NeKN0xDvTWOI0X OgzW0fczciMQ43ARaij+hioO4JH8VAkJpPM/X X-Gm-Gg: ASbGnctxkRhse4xKzIqtLZedYOUVlDp6R3EJXMnkVTrsMHLCcqx0WzRTmTrR8GyyFZB j3fB+/gcgzt88HUphqevaNJfz/q3k6UmI6D/6hJRJAhhQTnaUc1fzptAbJKDhRFc3XnWbjp10vo dlNNu7Oo6dGxKk0MbZ6PTvT0udj7l6oHx8WSw= X-Google-Smtp-Source: AGHT+IGY/afTPtHGu3S9iFPRBYMWvaVmp6AOJZ4waE968ELeWN3y78jCxYbne0VvSzzQbPe0wN0b9EYK+1gcKFKzcP8= X-Received: by 2002:a05:6808:13c4:b0:3f4:1ba:9e89 with SMTP id 5614622812f47-3f4246a145amr5505459b6e.1.1740529283456; Tue, 25 Feb 2025 16:21:23 -0800 (PST) MIME-Version: 1.0 References: <20250224225246.3712295-1-jeffxu@google.com> <20250224225246.3712295-4-jeffxu@google.com> <202502241703.10E2F5926F@keescook> In-Reply-To: <202502241703.10E2F5926F@keescook> From: Jeff Xu Date: Tue, 25 Feb 2025 16:21:11 -0800 X-Gm-Features: AQ5f1JraoweAReTNFgpv0N_8SgvtS5K7ko3SUH-S4TdSE7f4swI_E-wKBY547fU Message-ID: Subject: Re: [PATCH v7 3/7] mseal, system mappings: enable x86-64 To: Kees Cook Cc: akpm@linux-foundation.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 6C7274000F X-Stat-Signature: yfyicwjbq3wfj76z1w8q77oaggc3t6ms X-HE-Tag: 1740529284-183314 X-HE-Meta: U2FsdGVkX18dtCF4h91WddFbAK1EmCfr0DuA/5aVGHe/AjJgMIdn6584d7l0SYoBELFzUEElsl7IbXaTAfo+U4KY3r0oIfy8i3gwyKSY0eDoAmGWH8Sl/6iPnSiaZpEqfmTFw9qc7eMmayeud0SB6rNDio99bDC4hqqkQNb6X6U0dt8Ltt2GQfo0gxcJu3RsZuwcwDSJEUeHH8IQRdQx5Rn5+BWea5tJojGeCKpC2VsweKMwkYgPf+WtV9l0APpIWP4qc9G0Ikdp3mw6TRH3lNMot5vbiXaegH82Ueg0I6MyiUJ/HorC2yvFaQRcF6O+pJYWRccttpns+7nQLxgEc6UrJSekw+VqgD6mQmYdRwSMzV8xfifL+kFNSVZ4Wb2ypUUzcrq1F1EBuYhfywQsOCaioTPHiYowQmKJqzvT5/T+i0QSG7NQEknilTw4fuW0/W9aStwZd2G+9ueIEkzDWA/sSFUm4tlUmkRD/VLNnYHkFOZmO7FSGeJQmm/4gNZFGPPDJ3Y8PfYr2KoikvMpfE1jKXfDcvsShW70sPe+1of+YBhK8t2sHfbsGxYPSs6G1s23rgE59HVVmGy31dmf6GXrHwpGfdDwklzElY6qSSz3nP5txXbS4yp+x29745sUukJjyw6cIGR5FVhjJtv53vsMJkKQNTuum4zBSTQFw43i5597sxvEqa98aVNT9uSngwP0uzF3zdVCWGZ44269IOx31D10rAvJg1NqFFE1Wda9eUlKh+r3Sn6kWiOHYDXBrTZtH+PB6SEKglf0YhRSOLSRwS7vfUiMMt5qvbADbM17Aft9ueANC9FPN6py/HCYYnCkhDiFOHIZh1kgTjIc+mXZNH5wB0IiU2d48F+vQqwUhYGVKzbdNkv/ANkAfL3WFYXIc5cWFP3YlePEmsJssTlaqO1BY2jZk6a1YmKmsIotB4pVDkV5ygi/41p0Z+5+zFr1GEWw6mdLQpo1f9q K9dfHsYc Vwr20UNlO/wAugcy8Bhexp5ds/DTQdy7vV+etBHRal8M/xfubrbINDnTHVQo0fdN/ZHOB+WPeBJK9HRWi2Tvg21X/GcbH/skaJJl49hlXc54NqW20RMobnvIe3ZyHo2uURoz/U9GgeK0OSmfwh0S8aL260BJHGu2mDHQtZu5YB0OrPkBWz7lFh1xCeziefZOyWh7qc2jKtcOwAGHGlSOfy5SS5KXlzvp4l2s9r8+wgJC9th6rdDXqgXJvn6uNRkgdB2LKNZNwY0WfgRujft3Wao0KJwuZCuay7k9MUSt+8Som/XQJmtXbwAVUCzMMXKFkkF93 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Feb 24, 2025 at 5:03=E2=80=AFPM Kees Cook wrote: > > On Mon, Feb 24, 2025 at 10:52:42PM +0000, jeffxu@chromium.org wrote: > > From: Jeff Xu > > > > Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, > > covering the vdso, vvar, vvar_vclock. > > > > Production release testing passes on Android and Chrome OS. > > > > Signed-off-by: Jeff Xu > > --- > > arch/x86/Kconfig | 1 + > > arch/x86/entry/vdso/vma.c | 16 ++++++++++------ > > 2 files changed, 11 insertions(+), 6 deletions(-) > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 87198d957e2f..8fa17032ca46 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -26,6 +26,7 @@ config X86_64 > > depends on 64BIT > > # Options that are inherently 64-bit kernel only: > > select ARCH_HAS_GIGANTIC_PAGE > > + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > > select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 > > select ARCH_SUPPORTS_PER_VMA_LOCK > > select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE > > diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c > > index 39e6efc1a9ca..1b1c009f20a8 100644 > > --- a/arch/x86/entry/vdso/vma.c > > +++ b/arch/x86/entry/vdso/vma.c > > @@ -247,6 +247,7 @@ static int map_vdso(const struct vdso_image *image,= unsigned long addr) > > struct mm_struct *mm =3D current->mm; > > struct vm_area_struct *vma; > > unsigned long text_start; > > + unsigned long vm_flags; > > int ret =3D 0; > > > > if (mmap_write_lock_killable(mm)) > > @@ -264,11 +265,12 @@ static int map_vdso(const struct vdso_image *imag= e, unsigned long addr) > > /* > > * MAYWRITE to allow gdb to COW and set breakpoints > > */ > > + vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; > > + vm_flags |=3D VM_SEALED_SYSMAP; > > vma =3D _install_special_mapping(mm, > > text_start, > > image->size, > > - VM_READ|VM_EXEC| > > - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, > > + vm_flags, > > &vdso_mapping); > > I think these (in all patches) were supposed to be reworked without the > "vm_flags" variable addition? > OK. > -- > Kees Cook