From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4BB9FC282DE
	for <linux-mm@archiver.kernel.org>; Wed,  5 Mar 2025 19:09:05 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 6AA9628000A; Wed,  5 Mar 2025 14:09:02 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 634A6280004; Wed,  5 Mar 2025 14:09:02 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4D7A428000A; Wed,  5 Mar 2025 14:09:02 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 28918280004
	for <linux-mm@kvack.org>; Wed,  5 Mar 2025 14:09:02 -0500 (EST)
Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 485C51207C3
	for <linux-mm@kvack.org>; Wed,  5 Mar 2025 15:32:58 +0000 (UTC)
X-FDA: 83187890436.24.05DB232
Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182])
	by imf10.hostedemail.com (Postfix) with ESMTP id 66A46C000D
	for <linux-mm@kvack.org>; Wed,  5 Mar 2025 15:32:56 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=RTiV+4TM;
	spf=pass (imf10.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.182 as permitted sender) smtp.mailfrom=jeffxu@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1741188776;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=SS6BzhqiixXwpgZ1lOCUu0lGg37nPCW8otcVBfAF/jU=;
	b=jjC1qdLKptWhzsY8vGwyyxQ+LyTkJBxAdEqZ/2NZ3B0KBKBI8+N9ecAevEm+xy53P9x7+m
	ldLN9nwUxwoHJEijfKjYfJpO7rgiS8UzaJZDeG+e65v1vAlnTxldhw37TysR2FUpAwazk4
	Au+6eZuN6dY0iS9x+d6DUzz5sDLOXyc=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=RTiV+4TM;
	spf=pass (imf10.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.182 as permitted sender) smtp.mailfrom=jeffxu@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741188776; a=rsa-sha256;
	cv=none;
	b=s00m1EjQF8ypxtY0HQBRclyigXcgQ0s2pqPhtCO/Y8pW3FZvryg2wl6WgaEm+UAvjJ8quv
	nWi6ZhrPZ5wxOgDJCwIabnJLzaYg9qa2fUjBNfL1wqlKUtZLZTpxT6oDSKTm6w6gu+TQcU
	zS1DWV71pcwKFUUEIvw/P3VB6dFzbuA=
Received: by mail-oi1-f182.google.com with SMTP id 5614622812f47-3f67f37ec0bso37656b6e.3
        for <linux-mm@kvack.org>; Wed, 05 Mar 2025 07:32:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1741188775; x=1741793575; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=SS6BzhqiixXwpgZ1lOCUu0lGg37nPCW8otcVBfAF/jU=;
        b=RTiV+4TMQYrLeXJRes0qYbWBh9tapYTd23ZE0Ceg+A1aMb/uMZC2F94TdOUU6aHmLD
         9sfI/xF6pN9P2pi+iOlhkcvxakc63O6LzNhEpKOKxI6CbuaxqXEumUNmrbQwzT6lrywY
         nHOaUHzvoiwRR+kWUx8OgLdhLOLcx4F0NVnF8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741188775; x=1741793575;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SS6BzhqiixXwpgZ1lOCUu0lGg37nPCW8otcVBfAF/jU=;
        b=l9UZaInPhyG66if+3HB8RCGB6EOuLBogGJhkybXWWfkMpIrHnv3y6p3K+xE4E7CCeQ
         UXFW2HGpwVm2uTqr53Ckf69djCc4K1HJ1gePRq5EOItc1mZOR/mq/yqv7pcEx62DrUX8
         nylARATXobN8sbIbgrVpOxyTX8PRUpdYDuES3NnvsTwShgtSJVB46usQoNRQtw+tG/b5
         x8dZjLCNHIm0mubcxqeab0nky+ktqUeG3yCF0gDTFPG34Nl3p1EIcUAZPko03nOz5JGE
         ZdW76KHm4uQp3D4hbWZ16mYARHTq8jpvS4GtcCjLT8mf5+MqqeE8gtfZEd7QA/6Sp+Xf
         yfFQ==
X-Forwarded-Encrypted: i=1; AJvYcCUXrTKrZssoISCfVqTC4Q8CNvHbdUorIpf+2lNQKcO5MH471GdQAE9TyLhCWqbzsjsu7N2OBtP3Ug==@kvack.org
X-Gm-Message-State: AOJu0YxFTCcCEnzviAIvxqzjoTK1jAM7zozmoKZG9n69zXVgJo7r513z
	OxljhiZwIj/r69VmJkzEoXmsAECQn5lTE6Y4Zsl62guMXNGOECYGzGVUafgt1vx/Rk2kpV1splL
	TlsrQOLluj7xIBg4c/XlVDHMz+ymDaSHih5h+
X-Gm-Gg: ASbGncuBnFg3e6LqFWfEOGhjJtWu6vI9B/WieFLmDAOnI5dYgne9hJC8s1/aL15fc1o
	/2njxza2RiT45SLFJVEYIYlA7eOMg6bn4ZTRF2lZpzpQph4YzN9/vGx98hvtL9sYJi3c85yW+dE
	Ujx2ALiCTdV6gKVqJrgo2OSl9CmAOY05OmGteDBu7ULOpCdZ5F/glAD9qvBkM=
X-Google-Smtp-Source: AGHT+IFmgQ/jsM4ekshudszqyy/BHab2n0718o5/RoujAOysfXPRGiP2FfWjW9zuj0BCFQvhc76kV7MrdK1QvZDlJA0=
X-Received: by 2002:a05:6830:4490:b0:727:2f27:2a5d with SMTP id
 46e09a7af769-72a1fcbf088mr630865a34.3.1741188775377; Wed, 05 Mar 2025
 07:32:55 -0800 (PST)
MIME-Version: 1.0
References: <20250305021711.3867874-1-jeffxu@google.com> <20250305021711.3867874-2-jeffxu@google.com>
 <2a42ac63-d7a2-48ae-ae86-568d0fc59d51@lucifer.local> <544138c0-5668-4a6b-9160-59da95b990f6@lucifer.local>
In-Reply-To: <544138c0-5668-4a6b-9160-59da95b990f6@lucifer.local>
From: Jeff Xu <jeffxu@chromium.org>
Date: Wed, 5 Mar 2025 07:32:43 -0800
X-Gm-Features: AQ5f1JotN2ty1jvx9pG2bDT15L1-P_rvXknb6-3kPtBF4GqlDgBfa9YcB410LUQ
Message-ID: <CABi2SkXoRWQ7_xaYZECWWRZOMcVhzwJK_y8guhdCMYMV9Of=yw@mail.gmail.com>
Subject: Re: [PATCH v9 1/7] mseal sysmap: kernel config and header change
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, 
	torvalds@linux-foundation.org, vbabka@suse.cz, Liam.Howlett@oracle.com, 
	adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, 
	benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, 
	linux-hardening@vger.kernel.org, linux-mm@kvack.org, 
	linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, 
	hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, 
	adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, 
	hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, 
	mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, 
	deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, 
	f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, 
	mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, 
	peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, 
	groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, 
	mike.rapoport@gmail.com, Kees Cook <kees@kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Stat-Signature: oq3aamr4nq56k8ybxykbys65uhggzp9u
X-Rspamd-Server: rspam11
X-Rspamd-Queue-Id: 66A46C000D
X-Rspam-User: 
X-HE-Tag: 1741188776-197626
X-HE-Meta: U2FsdGVkX1+3UzWXxwioUukBj77rjG9jyDhg1hX3ZkTFnArD0cavw9GGAyEMG6CxF93NkaYi/T5a5RlgyKVuSmmj7oDMFeJVJADEIxgxYjCuy7TV8OCos/2K6B/uosgsw+GnUlAgYV75Npf4tZV2p/WyJYbUkXT+/Am4CeWsGr5zu0paE79pNgTOFjmJA34taNZQK6dQPmhMkGTwhdantjGhw1l3JNYvhXueofBf+uPKKi9qfTixf+Vhg5iPByLBI9+85GLkXZUfBaHGXgqx0KNU5HyfebH1nMPL00y5vfyacI5iSyV2/7Nk2zqe9MDyi//zt7lNaV+VPU35guBme9cik3Xf05KhIHlYnUXpTX0UHcLR4afFCGFayjPhlspoDQyTbfpTgDuytmggj9VHUct24fuOLMHmqyrEUoY4yt0ivQbliHFX9Y3X/IZfP8h3o5QXlccnnCLMcXUqMofRMmJp2H7NE0CxsKeMiSm7KkBdp55RL/ZS+3o//Qgxic76Vf4pgRTftDbRbMoJxJsTNFbADIU2o1645k/GwESaa6rk5SHIbgSNnm5La0wqdK102MrahQ1xG/NAPfo4HhiPeMJO1OUb3Ql4FrUov/3LQz+fkG/mvOcS953/cD1etVIAeIxVbc0FIeZL2id4dk/tbPitOyk/YsWMOQ5Q7zhfMmcBHjQcOdMEiZi5STQKweMjufFxVNb10Ztc+5Zub1zDQ/o5jnBkbJF4jjdYhiHaEzxG6Tr2iPehoJAmF9g0TMY6HJ8WyTqx6gh0iJHZDpzNIuoFkf0UrNWHKTIWxnlG+xaqWz8ZAQfB3jjzJjt/LatFcn4L/jmS4PiU5iykClK68u9us9W1oByLzjK0MToSK2CxtPV1uwoEGZ2N5EX5cb+XiQkHV+6TH8V2/1/OF1NBZIJh/GfdABOpnxaAYAStozI9KGs8mUkPly2fReDhpi+rVTAxhVNLndW/a9jWxgc
 Kwb/01zO
 pPNeYmWtsJpMnKUKgxLmfPz2f29wVHpTuafLqusqQ7sI0G9/EVNuaOZBloaZisFnm3w3Q710A0R4psKgtteOzhZqn3h+q1r0B3kgd9xYX5JO1TZzv9aitcclte7v+x411qLFUfRrgMZa27NkKwbXrZa5N9DPuWinY20AKAFF1rM1TkLcOiIH16hLXrsPk+Zfr0WaqT2BjUDHiJweoocVv5tCZLn8Vl7HbNroAZMVZmBNRVV4I0KhU4fGKWNtDZaevjaL0BefDb48fb4okFaPPyXzlZI3Q0NuxS10IAYsXG98vcD281oIDxFSUaJH83Fs5RWUnHQkkRQrjjNXG6bhdfebl8Q==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000044, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Tue, Mar 4, 2025 at 9:57=E2=80=AFPM Lorenzo Stoakes
<lorenzo.stoakes@oracle.com> wrote:
>
> On Wed, Mar 05, 2025 at 05:54:24AM +0000, Lorenzo Stoakes wrote:
> > On Wed, Mar 05, 2025 at 02:17:05AM +0000, jeffxu@chromium.org wrote:
> > > From: Jeff Xu <jeffxu@chromium.org>
> > >
> > > Provide infrastructure to mseal system mappings. Establish
> > > two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS,
> > > ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS) and VM_SEALED_SYSMAP
> > > macro for future patches.
> > >
> > > Signed-off-by: Jeff Xu <jeffxu@chromium.org>
> > > Reviewed-by: Kees Cook <kees@kernel.org>
> >
> > Umm... I reviewed this too? :) unless you made substantial changes here
> > (doesn't appear so), please do propagate tags for each revision :>)
> >
> > Anyway, FWIW:
> >
> > Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> >
>
> (you also forgot to propagate Liam's tag here)
>
Sorry about that, I missed  "Reviewed-by" from you and Liam's from V8 [1] [=
2]
[1] https://lore.kernel.org/all/maamck3gjqjikefwlubtzg4ymaa6vh47hlxqqn4v23g=
qwl2tli@t372meccgycq/
[2] https://lore.kernel.org/all/0ea20f84-bd66-4180-aa04-0f66ce91bdf6@lucife=
r.local/

Thanks


> > > ---
> > >  include/linux/mm.h | 10 ++++++++++
> > >  init/Kconfig       | 22 ++++++++++++++++++++++
> > >  security/Kconfig   | 21 +++++++++++++++++++++
> > >  3 files changed, 53 insertions(+)
> > >
> > > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > > index 7b1068ddcbb7..8b800941678d 100644
> > > --- a/include/linux/mm.h
> > > +++ b/include/linux/mm.h
> > > @@ -4155,4 +4155,14 @@ int arch_get_shadow_stack_status(struct task_s=
truct *t, unsigned long __user *st
> > >  int arch_set_shadow_stack_status(struct task_struct *t, unsigned lon=
g status);
> > >  int arch_lock_shadow_stack_status(struct task_struct *t, unsigned lo=
ng status);
> > >
> > > +
> > > +/*
> > > + * mseal of userspace process's system mappings.
> > > + */
> > > +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS
> > > +#define VM_SEALED_SYSMAP   VM_SEALED
> > > +#else
> > > +#define VM_SEALED_SYSMAP   VM_NONE
> > > +#endif
> > > +
> > >  #endif /* _LINUX_MM_H */
> > > diff --git a/init/Kconfig b/init/Kconfig
> > > index d0d021b3fa3b..7f67d8942a09 100644
> > > --- a/init/Kconfig
> > > +++ b/init/Kconfig
> > > @@ -1882,6 +1882,28 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS
> > >  config ARCH_HAS_MEMBARRIER_SYNC_CORE
> > >     bool
> > >
> > > +config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
> > > +   bool
> > > +   help
> > > +     Control MSEAL_SYSTEM_MAPPINGS access based on architecture.
> > > +
> > > +     A 64-bit kernel is required for the memory sealing feature.
> > > +     No specific hardware features from the CPU are needed.
> > > +
> > > +     To enable this feature, the architecture needs to update their
> > > +     special mappings calls to include the sealing flag and confirm
> > > +     that it doesn't unmap/remap system mappings during the life
> > > +     time of the process. The existence of this flag for an architec=
ture
> > > +     implies that it does not require the remapping of the system
> > > +     mappings during process lifetime, so sealing these mappings is =
safe
> > > +     from a kernel perspective.
> > > +
> > > +     After the architecture enables this, a distribution can set
> > > +     CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature.
> > > +
> > > +     For complete descriptions of memory sealing, please see
> > > +     Documentation/userspace-api/mseal.rst
> > > +
> > >  config HAVE_PERF_EVENTS
> > >     bool
> > >     help
> > > diff --git a/security/Kconfig b/security/Kconfig
> > > index f10dbf15c294..a914a02df27e 100644
> > > --- a/security/Kconfig
> > > +++ b/security/Kconfig
> > > @@ -51,6 +51,27 @@ config PROC_MEM_NO_FORCE
> > >
> > >  endchoice
> > >
> > > +config MSEAL_SYSTEM_MAPPINGS
> > > +   bool "mseal system mappings"
> > > +   depends on 64BIT
> > > +   depends on ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
> > > +   depends on !CHECKPOINT_RESTORE
> > > +   help
> > > +     Apply mseal on system mappings.
> > > +     The system mappings includes vdso, vvar, vvar_vclock,
> > > +     vectors (arm compat-mode), sigpage (arm compat-mode), uprobes.
> > > +
> > > +     A 64-bit kernel is required for the memory sealing feature.
> > > +     No specific hardware features from the CPU are needed.
> > > +
> > > +     WARNING: This feature breaks programs which rely on relocating
> > > +     or unmapping system mappings. Known broken software at the time
> > > +     of writing includes CHECKPOINT_RESTORE, UML, gVisor, rr. Theref=
ore
> > > +     this config can't be enabled universally.
> > > +
> > > +     For complete descriptions of memory sealing, please see
> > > +     Documentation/userspace-api/mseal.rst
> > > +
> > >  config SECURITY
> > >     bool "Enable different security models"
> > >     depends on SYSFS
> > > --
> > > 2.48.1.711.g2feabab25a-goog
> > >