From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
To: jeffxu@chromium.org
Cc: akpm@linux-foundation.org, keescook@chromium.org,
jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz,
Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org,
oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com,
hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de,
adobriyan@gmail.com, johannes@sipsolutions.net,
pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org,
anna-maria@linutronix.de, mark.rutland@arm.com,
linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de,
rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com,
f.fainelli@gmail.com, gerg@kernel.org,
dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org,
mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org,
ardb@google.com, enh@google.com, rientjes@google.com,
groeck@chromium.org, mpe@ellerman.id.au,
aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com
Subject: Re: [RFC PATCH v5 0/7] mseal system mappings
Date: Wed, 12 Feb 2025 11:24:35 +0000 [thread overview]
Message-ID: <b114f48a-a485-4ebd-9278-6c62a1f33d9c@lucifer.local> (raw)
In-Reply-To: <20250212032155.1276806-1-jeffxu@google.com>
On Wed, Feb 12, 2025 at 03:21:48AM +0000, jeffxu@chromium.org wrote:
> From: Jeff Xu <jeffxu@chromium.org>
>
> The commit message in the first patch contains the full description of
> this series.
Sorry to nit, but it'd be useful to reproduce in the cover letter too! But
this obviously isn't urgent, just be nice when we un-RFC.
Thanks for sending as RFC, appreciated, keen to figure out a way forward
with this series and this gives us space to discuss.
One thing that came up recently with the LWN article (...!) was that rr is
also impacted by this [0].
I think with this behind a config flag we're fine (this refers to my
'opt-in' comment in the reply on LWN) as my concerns about this being
enabled in a broken way without an explicit kernel configuration are
addressed, and actually we do expose a means by which a user can detect if
the VDSO for instance is sealed via /proc/$pid/[s]maps.
So tools like rr and such can be updated to check for this. I wonder if we
ought to try to liaise with the known problematic ones?
It'd be nice to update the documentation to have a list of 'known
problematic userland software with sealed VDSO' so we make people aware.
Hopefully we are acheiving the opt-in nature of the thing here, but it
makes me wonder whether we need a prctl() interface to optionally disable
even if the system has it enabled as a whole.
That way, rr for instance can just turn it off for debugging purposes. To
be clear I am not trying to add additional extranous tasks here - my one
and only motive is to ensure that the feature works and we address concerns
about any possible breakage.
And I _want the series to land_ :>) I suspect we're close now.
I am tied up with a number of other tasks at the moment so apologies if I
take a second to get back to this series, but just wanted to say thanks for
addressing my various points, and that I will definitely provide review
(it's on the whiteboard, the only true guarantee I will do something :P).
I will also come back to your testing series which I owe you review on,
which is equally on the same whiteboard...
Thanks, Lorenzo
[0]:https://lwn.net/Articles/1007984/
>
> ------------------
> History:
>
> V5
> - Remove kernel cmd line (Lorenzo Stoakes)
> - Add test info (Lorenzo Stoakes)
> - Add threat model info (Lorenzo Stoakes)
> - Fix x86 selftest: test_mremap_vdso
> - Restrict code change to ARM64/x86-64/UM arch only.
> - Add userprocess.h to include seal_system_mapping().
> - Remove sealing vsyscall.
> - Split the patch.
>
> V4:
> https://lore.kernel.org/all/20241125202021.3684919-1-jeffxu@google.com/
>
> V3:
> https://lore.kernel.org/all/20241113191602.3541870-1-jeffxu@google.com/
>
> V2:
> https://lore.kernel.org/all/20241014215022.68530-1-jeffxu@google.com/
>
> V1:
> https://lore.kernel.org/all/20241004163155.3493183-1-jeffxu@google.com/
>
> Jeff Xu (7):
> mseal, system mappings: kernel config and header change
> selftests: x86: test_mremap_vdso: skip if vdso is msealed
> mseal, system mappings: enable x86-64
> mseal, system mappings: enable arm64
> mseal, system mappings: enable uml architecture
> mseal, system mappings: uprobe mapping
> mseal, system mappings: update mseal.rst
>
> Documentation/userspace-api/mseal.rst | 5 +++
> arch/arm64/Kconfig | 1 +
> arch/arm64/kernel/vdso.c | 23 +++++++----
> arch/um/Kconfig | 1 +
> arch/x86/Kconfig | 1 +
> arch/x86/entry/vdso/vma.c | 17 ++++++---
> arch/x86/um/vdso/vma.c | 7 +++-
> include/linux/userprocess.h | 18 +++++++++
> init/Kconfig | 18 +++++++++
> kernel/events/uprobes.c | 6 ++-
> security/Kconfig | 18 +++++++++
> .../testing/selftests/x86/test_mremap_vdso.c | 38 +++++++++++++++++++
> 12 files changed, 137 insertions(+), 16 deletions(-)
> create mode 100644 include/linux/userprocess.h
>
> --
> 2.48.1.502.g6dc24dfdaf-goog
>
next prev parent reply other threads:[~2025-02-12 11:26 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-12 3:21 jeffxu
2025-02-12 3:21 ` [RFC PATCH v5 1/7] mseal, system mappings: kernel config and header change jeffxu
2025-02-12 3:31 ` Randy Dunlap
2025-02-12 3:40 ` Jeff Xu
2025-02-12 15:05 ` Liam R. Howlett
2025-02-13 17:15 ` Jeff Xu
2025-02-13 18:29 ` Liam R. Howlett
2025-02-13 20:11 ` Kees Cook
2025-02-13 20:54 ` Liam R. Howlett
2025-02-13 22:00 ` Jeff Xu
2025-02-14 0:14 ` Liam R. Howlett
2025-02-14 1:10 ` Liam R. Howlett
2025-02-14 14:39 ` Jeff Xu
2025-02-14 14:59 ` Lorenzo Stoakes
2025-02-14 15:18 ` Jeff Xu
2025-02-12 3:21 ` [RFC PATCH v5 2/7] selftests: x86: test_mremap_vdso: skip if vdso is msealed jeffxu
2025-02-12 13:03 ` Thomas Weißschuh
2025-02-13 14:14 ` Jeff Xu
2025-02-13 19:28 ` Kees Cook
2025-02-13 22:20 ` Jeff Xu
2025-02-14 2:52 ` Kees Cook
2025-02-14 14:15 ` Jeff Xu
2025-02-12 3:21 ` [RFC PATCH v5 3/7] mseal, system mappings: enable x86-64 jeffxu
2025-02-12 3:21 ` [RFC PATCH v5 4/7] mseal, system mappings: enable arm64 jeffxu
2025-02-12 3:21 ` [RFC PATCH v5 5/7] mseal, system mappings: enable uml architecture jeffxu
2025-02-12 3:21 ` [RFC PATCH v5 6/7] mseal, system mappings: uprobe mapping jeffxu
2025-02-12 3:21 ` [RFC PATCH v5 7/7] mseal, system mappings: update mseal.rst jeffxu
2025-02-12 11:24 ` Lorenzo Stoakes [this message]
2025-02-12 12:37 ` [RFC PATCH v5 0/7] mseal system mappings Pedro Falcato
2025-02-12 14:01 ` Lorenzo Stoakes
2025-02-12 14:08 ` Johannes Berg
2025-02-13 19:59 ` Pedro Falcato
2025-02-13 20:47 ` Kees Cook
2025-02-18 23:18 ` Pedro Falcato
2025-02-19 13:46 ` Adhemerval Zanella Netto
2025-02-19 17:17 ` enh
2025-02-23 2:05 ` Jeff Xu
2025-02-12 22:05 ` Kees Cook
2025-02-13 14:20 ` Jeff Xu
2025-02-13 18:35 ` Liam R. Howlett
2025-02-13 19:34 ` Kees Cook
2025-02-13 20:10 ` Liam R. Howlett
2025-02-13 14:19 ` Jeff Xu
2025-02-12 3:32 jeffxu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b114f48a-a485-4ebd-9278-6c62a1f33d9c@lucifer.local \
--to=lorenzo.stoakes@oracle.com \
--cc=42.hyeyoo@gmail.com \
--cc=Jason@zx2c4.com \
--cc=Liam.Howlett@oracle.com \
--cc=adhemerval.zanella@linaro.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=aleksandr.mikhalitsyn@canonical.com \
--cc=anna-maria@linutronix.de \
--cc=ardb@google.com \
--cc=ardb@kernel.org \
--cc=avagin@gmail.com \
--cc=benjamin@sipsolutions.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=enh@google.com \
--cc=f.fainelli@gmail.com \
--cc=gerg@kernel.org \
--cc=groeck@chromium.org \
--cc=hca@linux.ibm.com \
--cc=hch@lst.de \
--cc=jannh@google.com \
--cc=jeffxu@chromium.org \
--cc=johannes@sipsolutions.net \
--cc=jorgelo@chromium.org \
--cc=keescook@chromium.org \
--cc=linus.walleij@linaro.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=mhocko@suse.com \
--cc=mike.rapoport@gmail.com \
--cc=mingo@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=ojeda@kernel.org \
--cc=oleg@redhat.com \
--cc=pedro.falcato@gmail.com \
--cc=peterx@redhat.com \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=rientjes@google.com \
--cc=sroettger@google.com \
--cc=thomas.weissschuh@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox