From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC939C3ABC0 for ; Thu, 8 May 2025 17:39:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CAB1F6B009F; Thu, 8 May 2025 13:39:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C58C76B00A0; Thu, 8 May 2025 13:39:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B20086B00A1; Thu, 8 May 2025 13:39:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 8F97C6B009F for ; Thu, 8 May 2025 13:39:39 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5E07B140CEB for ; Thu, 8 May 2025 17:39:39 +0000 (UTC) X-FDA: 83420452878.16.CEDF631 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by imf08.hostedemail.com (Postfix) with ESMTP id 5A845160004 for ; Thu, 8 May 2025 17:39:37 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=dabbelt-com.20230601.gappssmtp.com header.s=20230601 header.b=06EXF3tP; spf=pass (imf08.hostedemail.com: domain of palmer@dabbelt.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=palmer@dabbelt.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746725977; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:dkim-signature; bh=4Q2vg1BTSM42eTHo3pl1hZh9V4Pj/emdMlH/CKlkCHs=; b=peOos2APViAhC93+2qE7raT/Gn2TzbQK3XAWXo72TkzIvllHpjNfo1SoIuPBKnp4fi2i55 m3F9TIcpoECxNeFpWhjBeneBssIjxT1KhOj76SL2iShkw9aITw+2Dj5PvqBLZhgh7cbi9f 1oq6ZwhWkPXF7jL0yQRyM7TzgJBGUGg= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=dabbelt-com.20230601.gappssmtp.com header.s=20230601 header.b=06EXF3tP; spf=pass (imf08.hostedemail.com: domain of palmer@dabbelt.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=palmer@dabbelt.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746725977; a=rsa-sha256; cv=none; b=cO8/ZyD9T7e6FshvA1zSZF5C/odN2agzn1f9LuC1CAEQM6TxiiOR0dAV4SSi2KIa5LLWge kOFUm3020WnOHCRupb3MqCOyPJR8MpB448/8k6IM49RKHmwpR70Ty/32GVPrYQBi5mj2JN mt09MCUSCWmPgWdD1Le3RFzb3CVvyDo= Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-22e70a9c6bdso21838775ad.3 for ; Thu, 08 May 2025 10:39:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dabbelt-com.20230601.gappssmtp.com; s=20230601; t=1746725976; x=1747330776; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:to:from:cc :in-reply-to:subject:date:from:to:cc:subject:date:message-id :reply-to; bh=4Q2vg1BTSM42eTHo3pl1hZh9V4Pj/emdMlH/CKlkCHs=; b=06EXF3tPos1BVIvAcRcpGsc6CZ9gUcrWa7cT3N9nBGWMI2rukvCfaZDYWM20u+FHKI FatPltGVRKqg1BWuLOKB0V+srlOt5jSpKjSZaXWqRxZ+vQjQw3CP21Jg2XnqHVrPbi77 l7aV72p0IGcpXQiJa6xs5n5MGLLM8ehod+/BWbZhPyw6t6n0iVUeGVL0AmC7Dl0CKSjw TowLpBTbZNgMLaSAx8PdkPSvzEjQn0xcEJ3+SzTxS45DN148eJLaMMJyzVDrtZpu8Lwz zANjEItn51u9vr+Z8JXVl44FUwUbvGxwK5HtgvHRNQKJscNeaMY7AaXUSFaL3W6owA+W oyfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746725976; x=1747330776; h=content-transfer-encoding:mime-version:message-id:to:from:cc :in-reply-to:subject:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=4Q2vg1BTSM42eTHo3pl1hZh9V4Pj/emdMlH/CKlkCHs=; b=oIt9I5e0H9pHERk49eresqm++5OsLzK4nJY3YrdnS6SyvAUCu1PAQnUoAYZEmnPIk/ hjRhx1f9HdRyhj/ZPcviSnv+OGKsGtwgqirj3X+bzAisTwBhy0ZsxNDQTVzDYUe9vXqJ EMOaOKbISk+KKJPDtPsm+4bxq7xH17KInpjH2O2ou/YZ6Fut9QK6cXJMtVd2ZiypSVro 7aTElQpEhm7IhEMIjUCd5aUhYwRqPx4U3LozmGLEGidhatoveimGyrS3HVyj0cLEAwfm Elw6fa+vGWv/RPnY6JWjLIrdRa4Z+CPNm7+v9YyN4UjNHJHlAZ7Tb4xf97bw06bTMahb DRzg== X-Forwarded-Encrypted: i=1; AJvYcCXcYbkgAe9EgCcDTFY2TLaYHzn47MyNiW/MI0IU7yACRP0smrqeGT+fU+Gk1aGR6mOwQBxNkg3xMQ==@kvack.org X-Gm-Message-State: AOJu0YwvAm9iYzB/UmzjunmIKvrtDui+oY2rbLsVWCV+PYqLyRbSSMzB ok7Q+Zu8nIjV3dbrAvqqEuGnQQAo5fq3SPPYkiOUd4mdpZGB+m4TZM4YUDMhygM= X-Gm-Gg: ASbGncufDVdjyNgG1xd96norBg7gF8e9jo/TMVaBogxRzO4I60Y5mSZ3GVVtSma6pSJ i6Abb8w6z5FKpsFLjEiixf1bx5wBWbVMA0dn5wUyw3O0hMkRlVAGxolP+zqdiFmfjUVZNuLqzIL Zd92gzi72kXhsUha/WQ2LCThWDZ8S62GNwII/hjQxFWmed9Tqs/E+vBjJ23KxWCiXxeOLQCCLY3 mt7Rd7y72XUTy1InymljRaHoNJ42nUcHB21A85y8lCNZNIe1mwXbrPBFcflJ2LvQAikBDPRhsc5 bcWXTQbws/gfQ8n3kFZCnQxp0vlgiu49Mg== X-Google-Smtp-Source: AGHT+IEmGJ9YfFR3Eyhf15Bqfj3jceFTb5e0DgSI0Pb7USDVv/AkviW/WYTgDJ7svFwBHzKizS+WBw== X-Received: by 2002:a17:902:e949:b0:215:94eb:adb6 with SMTP id d9443c01a7336-22fc8e99d25mr3358715ad.40.1746725976096; Thu, 08 May 2025 10:39:36 -0700 (PDT) Received: from localhost ([50.145.13.30]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22fc82745efsm1971375ad.134.2025.05.08.10.39.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 May 2025 10:39:35 -0700 (PDT) Date: Thu, 08 May 2025 10:39:35 -0700 (PDT) X-Google-Original-Date: Thu, 08 May 2025 10:39:33 PDT (-0700) Subject: Re: [PATCH] riscv: enable mseal sysmap for RV64 In-Reply-To: <5e7f2acd-2eef-4e69-9c11-ba8d1ec0bbc5@lucifer.local> CC: jeffxu@chromium.org, jszhang@kernel.org, akpm@linux-foundation.org, Liam.Howlett@oracle.com, kees@kernel.org, Paul Walmsley , aou@eecs.berkeley.edu, alex@ghiti.fr, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org From: Palmer Dabbelt To: lorenzo.stoakes@oracle.com Message-ID: Mime-Version: 1.0 (MHng) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Stat-Signature: yfmh1mxitx7wgk7dtj5eko5d1cbbynpp X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 5A845160004 X-Rspam-User: X-HE-Tag: 1746725977-516568 X-HE-Meta: U2FsdGVkX1/NKFjCcEKbtrFORdvLb/pA3ijPZcVGdHvl4gE+X1lzpSrPP/w2e7twlG8HTGxnnk5MhzlgzZD8wFUarOdP8CfFVF0Uh2gJU9hrByCOjkJEvNzG0+2ha9OdW2ELLYCJoccnDclD/59Xi/XOTQL/1UHLvRXcpEeTYA7HVfeQFkZpmzyLe14/fhQpt4du8UNC0sSu7Rfhz4M4pEs64rHQ1IlW8tyuq/lAa3xCdn7TQcC37i3WZ9zYwp+OdZtZ0l5ZxXFDd2Fno+cRoEdzfO61vK1zQEtOHt5uqyh7Uh2pvC+eBh1yMoWHXqK97t/Byev8VFRU/dyOhKl6mkJu1D2Zu5zfjfo/GONJiPeZESoGson8R8s3HM2FD6dKEAsWZGhsnCqfzn4QL/8BCxS0xtCe/h7Q6oaQn7mdMuBf7ulLHN0nGobfTbgAIY7D+ipkz4V6bqpuSldhGx4oZNiqxpHEGTNA2DiA3GjVOb4zwsHdhWlVsrNbYzbOCiuWYGOb/kzOCMoAuqs3eiV3pF/LS8VZ+YtnOBa99HXQqc+9/1ngAimGQ1smkApIUgUV5lRS//z54NPX+JvI6P7w1CoRp2Z02oYuFbIerJzv6HeYQbo1EvxPmBdb9/O+g1KbmNG2ami+4vzTd0Wyo40hiEFvvTjv+p3hgchnt6dz4xatuX9iYFrsuHbgYJz+6zDKF5Xpit5yLDFYHYUzbtRxoFr9UjsSWYbxvBEEPMcNc/Vue4gdpmuyekJYQwJ5/S3l2nbpvQnqknnWFxRaVfdzwE6d3FCW2IpB5HdOt4BtNeOY1REtMND3ccD/FnRaPO4RpjB08QP1AoykMIOTODzWXli84vLDzYx+87FzLn2nbLQyL2sF97NXHq/ZkGIdUcxORqFVMiFj+91UknLzskOjLCAxwsohhDSQy3p92lEmq7mVTKJ2ngqSDA1x+DBkfuzmL+7GAwrlZBCcDQ1BBL/ GOVz4/AE 59fO1AYGEJ3bxm5IplbLCCj44TmWdIXFkyTG5v6RqpFD1A8TUzup4TZI7C18tF6PzUkMoTqHW9jjmHA8QnHV9uK5A+X/TZv7zISinydYIcGRtzNPtO2mLpy4PE9FYTztnY3P4v5L9r+mPbsOC4txkcV5K4tlDD7dT03mqngks5AXym5C0XNAOUlgsdNktxlMyqKJj3H07evpx4VLnHeKz9yv2p3zu8nlInD7g/kp4MjmYi9PdnjmcLcLYjp+/ucHpLwI1qoeLnvq/fiRw+/4Bv2S6E6SM5wHM84dRBWtHNfK3xJssKASVFrjRd1nnEFXpPyuXxTB/wE+qz3429eu4imT05HWjQB8tZKHtm+MSdJ8T980mp9vcV48cOm7cydN5tq4ZuXwXpARkgLXHz+qNfSpcQzW4ZDDT4OkIKOVCznjwSnyf0wjDEiZsVq2L7WUW/cdcFjNrf448t/SzRqrqDH8gqiorkCD5ifPzG3INWj2WD54CThRzzp1+cCZyMVYKniOJxEotOnhPgH8Q/2tVDpTVqwq2ktxfhdEHUdPP4/aW3iPJJMG6gRxjNWhHmGOn8L68aF/Meld3j4Vdxes5kpUVhtKVMIEO3CSM X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 07 May 2025 09:22:09 PDT (-0700), lorenzo.stoakes@oracle.com wrote: > On Wed, May 07, 2025 at 09:18:31AM -0700, Jeff Xu wrote: >> Hi Jisheng >> >> It seems mm maintainers might prefer arch change reviewed by arch >> maintainer and goes to arch tree, according to discussion in [1], I >> don't have an opinion on this, adding mm maintainers as FYI. > > Thanks Jeff, appreciate the ping! > > Jisheng - the main point here is to ensure that the arch doesn't rely in any way > on, within the arch code itself, relocating any of these mappings. It's pretty > easy to eyeball it and get a sense. > > Because if this is the case, the arch will be broken by this change should a > user enable it, and obviously we'd rather avoid that! :) > > It's really likely that you're fine, as it'd be unusual for an arch to do this, > but I strongly suggest you do so. > > And yes, I think these should really go through arch trees as explicitly arch > code. > > Thanks, Lorenzo > >> >> On Sat, Apr 26, 2025 at 7:16 AM Jisheng Zhang wrote: >> > >> > Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS for RV64, covering the >> > vdso, vvar. >> > >> > Passed sysmap_is_sealed and mseal_test self tests. >> > Passed booting a buildroot rootfs image and a cli debian rootfs image. >> > >> mm maintainers like to get confirmation that the arch doesn't rely on >> remapping the VDSO, VVAR, or any other special mappings, see >> discussion in [2] Do you have some description of what remapping is disallowed here? There's not a ton in that referenced thread. We play a few tricks with remapping, including some aliasing to handle different VA widths and text patching (via poke pages). IIRC those are similar in spirit to what's going on in x86/arm64 land, though sometimes the exact flavor of the trick matters. If you've got something I can look at it might save me from having to read though the mm code... and ya, we'll pick it up through the arch tree once one of us can be convinced this works ;) >> >> > Signed-off-by: Jisheng Zhang >> > Cc: Jeff Xu >> > --- >> > arch/riscv/Kconfig | 1 + >> > arch/riscv/kernel/vdso.c | 2 +- >> > 2 files changed, 2 insertions(+), 1 deletion(-) >> >> Please consider updating document as part of your patch: >> features/core/mseal_sys_mappings/arch-support.txt >> Documentation/userspace-api/mseal.rst >> >> Sample change in [3] >> >> > >> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> > index bbec87b79309..3cb0b05eef62 100644 >> > --- a/arch/riscv/Kconfig >> > +++ b/arch/riscv/Kconfig >> > @@ -70,6 +70,7 @@ config RISCV >> > # LLD >= 14: https://github.com/llvm/llvm-project/issues/50505 >> > select ARCH_SUPPORTS_LTO_CLANG if LLD_VERSION >= 140000 >> > select ARCH_SUPPORTS_LTO_CLANG_THIN if LLD_VERSION >= 140000 >> > + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS if 64BIT && MMU >> The "if 64BIT && MMU" are not needed here. >> >> MMU is not checked by MSEAL_SYSTEM_MAPPINGS, which we should, this >> can go to security/Kconfig separately. If you'd like, please submit a >> fix to mm tree directly. >> >> [1] https://lore.kernel.org/all/7EB087B72C4FBDD3+20250417132410.404043-1-wangyuli@uniontech.com/, >> [2] https://lore.kernel.org/all/3de559d6-be19-44bc-ba8f-4c52d4bca684@lucifer.local/ >> [3] https://lore.kernel.org/all/648AB3031B5618C0+20250415153903.570662-1-wangyuli@uniontech.com/ >> >> Thanks >> -Jeff >> >> > select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU >> > select ARCH_SUPPORTS_PER_VMA_LOCK if MMU >> > select ARCH_SUPPORTS_RT >> > diff --git a/arch/riscv/kernel/vdso.c b/arch/riscv/kernel/vdso.c >> > index cc2895d1fbc2..3a8e038b10a2 100644 >> > --- a/arch/riscv/kernel/vdso.c >> > +++ b/arch/riscv/kernel/vdso.c >> > @@ -136,7 +136,7 @@ static int __setup_additional_pages(struct mm_struct *mm, >> > >> > ret = >> > _install_special_mapping(mm, vdso_base, vdso_text_len, >> > - (VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC), >> > + (VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC | VM_SEALED_SYSMAP), >> > vdso_info->cm); >> > >> > if (IS_ERR(ret)) >> > -- >> > 2.47.2 >> >