From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFCBEC3ABC0 for ; Wed, 7 May 2025 16:18:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D15696B009B; Wed, 7 May 2025 12:18:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C9D1C6B009E; Wed, 7 May 2025 12:18:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B188D6B009F; Wed, 7 May 2025 12:18:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8D4206B009B for ; Wed, 7 May 2025 12:18:45 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 406B15BE09 for ; Wed, 7 May 2025 16:18:46 +0000 (UTC) X-FDA: 83416620252.29.40A5307 Received: from mail-oa1-f42.google.com (mail-oa1-f42.google.com [209.85.160.42]) by imf17.hostedemail.com (Postfix) with ESMTP id 2B4E94000E for ; Wed, 7 May 2025 16:18:43 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=f7aumg9Z; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf17.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.42 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746634724; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=upjViEFaEDV8pwi3bE89UDVAqHk4uCfII2dkKtqh7XQ=; b=yZm/Eudc2l0WEYTZD5vtNy0TuGLodBBhY9wpuuShalDn3M9rK8fJWgeydtEGZuUOkabpkW NkgZ8xiI2a1yf/BAmzU2iFKQriLnoQY4ffIfuaxKForUwfecyTyP1xD3Ry0LaMUL/GUtP0 X+QMrSMvEKaRf0AS1tE8Xuy/kgBHFWY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746634724; a=rsa-sha256; cv=none; b=vNyRGQPM5D1KBBn3GLYMQkjYZbFn8uReWS2ImEyJiJgkBIfA0XqfwXFCNITzfprmVueMDy QKhT90v4GTgTgSu4SRiFld+WQPTmda7GNWEO6UwU6DzDLc+r9q/UeTKKyJVH55Ux8HWxa/ v8bHRa226O4wjov8GmuhKBtZ5Ikw7fw= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=f7aumg9Z; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf17.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.42 as permitted sender) smtp.mailfrom=jeffxu@chromium.org Received: by mail-oa1-f42.google.com with SMTP id 586e51a60fabf-2da39478181so10924fac.2 for ; Wed, 07 May 2025 09:18:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1746634723; x=1747239523; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=upjViEFaEDV8pwi3bE89UDVAqHk4uCfII2dkKtqh7XQ=; b=f7aumg9Z+pHjxkitNGJYtmzw9ijkiqb93jA9/YsvjY6Z8fCgJJbUPF9bTUpKrSBSgu kOBf3BGV41KMUrbp9gb4Hb7qb4tdvAJSb5vEHr+CqqyEKxxi/Am8oRDB8LvKn1koEZ2U japRc/KbmVuqip2Se+niVnVCRVgw+V5KhNpT8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746634723; x=1747239523; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=upjViEFaEDV8pwi3bE89UDVAqHk4uCfII2dkKtqh7XQ=; b=aSLyWjvKYh/tCdGWI58L6ZEHXmzpZFarFn6o2FcYGyQuoWcS0NzodzLyAudCFvOvMI 4O09iwo0/TTJzHnQ4etMiduvgssMk4QOzRpZ6gLI+mOZkjiJttiezkxlKrN17E4VEw8t wRqwvPGC3y6VGmcBE1b+ZXWI5MNLrXYSYUw0sheOwlJUwQ4v6u7pQUtaea7Ss1PHNoLe mm2iSkLcCCLfKIpVFdoRPiJtKmGmAIUXhaRBZMoU8qD8WOZu0t4SodYfGDiavjfiyX7M ZnhLef75tvabFIYDB8TU1VMIRn1flrZGxPgG71AqaIOV548j77pxmhzHVS795H16Hma1 jZeg== X-Forwarded-Encrypted: i=1; AJvYcCVbZL2xzwfz4DVNVaXYZ5o1jumPewVUgO36N2yE9CtIcUIVTNWJYEqjNFDljtlzsqZ49/uw07kVag==@kvack.org X-Gm-Message-State: AOJu0YzPUlZI1ApjtLlMpLoG0EP9UxrpkfsXyCvNV1+FZQqJ2z/SH2GO rNrRrivqlFhaztKEXcFZcZkfQZOpWVlaPXHRwLFvRM1jZG5kzytAXgq9tQf/N232VSUdwuKlQ0R 8VhIC/+6gtXaskOFmDXXis/R1s3/1GTnJ8IUH X-Gm-Gg: ASbGncsyrDYsx6fIt4MFzaqUZ7AIa3JIQsP/q5mQATcq27F3UvBhIFgD2ytlJolY3dq Ai2ScUAxtYuCSymGBxDr7c+hZ3jCrxyRvSgNAkdtw85i7z+8h24t74I+GoBPpVL5LxUxx8NZGwU FNt1tkA741vak3sfb8db1nS/baxntePIB6K4UDinBV8QvS7dKBE6k= X-Google-Smtp-Source: AGHT+IG06GO6NGnzHXdYuy9FYMZzPpX9XA6RRfNjedz05neS+lqG6xqVuI1NQA+Rq9jjZ9XV1xQ99xAxsvZLr21m4So= X-Received: by 2002:a05:6870:891b:b0:2d5:d5f:3b0f with SMTP id 586e51a60fabf-2db5c110bc3mr836147fac.12.1746634723111; Wed, 07 May 2025 09:18:43 -0700 (PDT) MIME-Version: 1.0 References: <20250426135954.5614-1-jszhang@kernel.org> In-Reply-To: <20250426135954.5614-1-jszhang@kernel.org> From: Jeff Xu Date: Wed, 7 May 2025 09:18:31 -0700 X-Gm-Features: ATxdqUEg19PZX8xAL4phcTTjEkVkJGWGNXEx6VSuIyaRIyEHgGAoYnTs8-k6z_o Message-ID: Subject: Re: [PATCH] riscv: enable mseal sysmap for RV64 To: Jisheng Zhang , Andrew Morton , Lorenzo Stoakes , "Liam R. Howlett" , Kees Cook Cc: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 2B4E94000E X-Rspam-User: X-Stat-Signature: umqo6s9ihckpm7aoxwwrbwyxaea1mefs X-HE-Tag: 1746634723-216979 X-HE-Meta: U2FsdGVkX19rT4CGukSfMjMhynfszzAbCEO+PFBBMZo3tA6mdXSJyQQctvcQ09ynlQTm6m8LMAVi9vhp4AYQyL8nP1DGqYzY49OX96HvaKg0hUt58tKpI4mhQa1hUE/K6FrPwaHde7EDqz3Vp20CskmKZ6gwtmZXm8llYpAridNi5CuPU0Y+FWyocrH3nJo+rWecodrr2chfkQti/PF/IwQxzK9ErQOND+zhnaNgY3TKQ4lM4A8L/1ZuF4UZEHAENnBFDxFNRSWUg2Wcm4H8Ef2RW+osbfe6+Fuo2lKRY6mNqMDNQqLDL47o3eIif2ySO5J0mZjSrWN3uv6gdR9Mfiq4yZRbFsHi6LG0VcYwIfkZwt4AFA/fAR80Sl+x53lqLk8Q4XVqJidiiyPpLBmZZ287VsRQAcSxyZsVYUu3e5SxSMc2MVXXxO5/qYtgfgJlTbLcpJfDRRPBN+4gPOVxwubVcyquI8DBztOdfS1XJtJna4hm7D5v256X9YrZ440ke3GbKa4l0GgJkGR8C1q86t5RmtsP2Y7oziBixyUpNfrj1heie5jtG34cTZOQL01KTP80d+6TCiNsNhTbXXkp0FgV1px5OtaX2Vm0j30wq/eFo3gnQlveI9M3EozVsFZ2Yb9J4MSymbj2W5xZloWQjp2fEIsiC370Faa3RAqeWWJyso/8zqroRXqq08xaGbykh/j50AIlCsSA3PWZnfjREXOM/PRFyTNL56ruki0/GO4MmSiw6PGfcUuEUj2xdkT41YZKSiQ64uRd8flKAX2kugtIKpsSxhPHQf1vgd3spIrf/Ft5jY/jNmqCgqNgRBa2Muukha8s2yaesSglOqewIlyiLjYIK1MlVkl2KPU/ecDGsOyQpmZvmJUsUbWlG8WW65+GBxJY/93HyBgDaELuKLI8bf7R/ZtQJlJyvTLP5iNZbU5z9pZacKsoqs91fU5ZCGLmUkKoI4IyXfvrZ9I M0MOp2jk QytjB3SgosOpepwnEQ7C5I6MsGxnk1s+j55BvvdsnTK42cIFvaGv/2bnVM7YXy63JC0ooULgOvCFA7mYKttd72uaE1tdfc9ODSte0AI60wMDMUvwFMluKrpNmU1hiba8JJ5Tl8tgv2LqMSe4i7dKQ2KuZV6E6Nc5QoFdF9dx4nGJzJZZj3bNLAvKw36boQcc3WHyf129pGpGD0Ht5RR1x6SezAu2CqT2IUJEjHrK5MGYhgI/jPYZFRHTTZgb9Ll7Jubk2u4fW/csPrd82UtP8eDP5ZhgHdfT4F2sSPotk932E6ksO0HrB6Z/S/8zWg8d1uAL1Mv8YaBbllXg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Jisheng It seems mm maintainers might prefer arch change reviewed by arch maintainer and goes to arch tree, according to discussion in [1], I don't have an opinion on this, adding mm maintainers as FYI. On Sat, Apr 26, 2025 at 7:16=E2=80=AFAM Jisheng Zhang = wrote: > > Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS for RV64, covering the > vdso, vvar. > > Passed sysmap_is_sealed and mseal_test self tests. > Passed booting a buildroot rootfs image and a cli debian rootfs image. > mm maintainers like to get confirmation that the arch doesn't rely on remapping the VDSO, VVAR, or any other special mappings, see discussion in [2] > Signed-off-by: Jisheng Zhang > Cc: Jeff Xu > --- > arch/riscv/Kconfig | 1 + > arch/riscv/kernel/vdso.c | 2 +- > 2 files changed, 2 insertions(+), 1 deletion(-) Please consider updating document as part of your patch: features/core/mseal_sys_mappings/arch-support.txt Documentation/userspace-api/mseal.rst Sample change in [3] > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index bbec87b79309..3cb0b05eef62 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -70,6 +70,7 @@ config RISCV > # LLD >=3D 14: https://github.com/llvm/llvm-project/issues/50505 > select ARCH_SUPPORTS_LTO_CLANG if LLD_VERSION >=3D 140000 > select ARCH_SUPPORTS_LTO_CLANG_THIN if LLD_VERSION >=3D 140000 > + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS if 64BIT && MMU The "if 64BIT && MMU" are not needed here. MMU is not checked by MSEAL_SYSTEM_MAPPINGS, which we should, this can go to security/Kconfig separately. If you'd like, please submit a fix to mm tree directly. [1] https://lore.kernel.org/all/7EB087B72C4FBDD3+20250417132410.404043-1-wa= ngyuli@uniontech.com/, [2] https://lore.kernel.org/all/3de559d6-be19-44bc-ba8f-4c52d4bca684@lucife= r.local/ [3] https://lore.kernel.org/all/648AB3031B5618C0+20250415153903.570662-1-wa= ngyuli@uniontech.com/ Thanks -Jeff > select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU > select ARCH_SUPPORTS_PER_VMA_LOCK if MMU > select ARCH_SUPPORTS_RT > diff --git a/arch/riscv/kernel/vdso.c b/arch/riscv/kernel/vdso.c > index cc2895d1fbc2..3a8e038b10a2 100644 > --- a/arch/riscv/kernel/vdso.c > +++ b/arch/riscv/kernel/vdso.c > @@ -136,7 +136,7 @@ static int __setup_additional_pages(struct mm_struct = *mm, > > ret =3D > _install_special_mapping(mm, vdso_base, vdso_text_len, > - (VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXE= C), > + (VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXE= C | VM_SEALED_SYSMAP), > vdso_info->cm); > > if (IS_ERR(ret)) > -- > 2.47.2 >