From patchwork Mon Feb 24 22:52:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989029 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FC92208992 for ; Mon, 24 Feb 2025 22:52:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437570; cv=none; b=dkJqE6eaTGfMwFCfTHkM9tgb7z+di9hpz8VZSfBGIqoSWROC9Bkg+p1KwfsJiq8AL4EDCGTwscnC5lOE1ChUgVOohnM20rUpN0FbRiEsOOOkwiP49Jd8hj/5N1k1j9qthrm2yubyA2r+B6Ne1N8/dy6QGN1pboE9rIZdZf0N+oM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437570; c=relaxed/simple; bh=EHkej4atJd0rKCJJMNxCG0jUmkBMWzE6gnyd/AI989c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RuvgRPwr+MZDgz8tXAf0qumVQLmZU/0Nlnh843N1zy4Z8qkliaSgznuPSMFXc8f9xcqoNxMv2UusTmxs4iEwvxMLP4/MQ5WQIzsx6dtUVZ3W0vUIOvID2pXG9qH4QmFVGB/Y0fj7CAUD5jDgnNf9zDQCGo2QrOJ5m9JV1LpWIZY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Ib0q1WoB; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Ib0q1WoB" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2210f7cb393so9909175ad.2 for ; Mon, 24 Feb 2025 14:52:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437568; x=1741042368; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Gr43TU7OB3/UBZWZ8a0+AJgECDu1pAru/awGEv3HrHg=; b=Ib0q1WoBriV+lqB4vcR+l2nhJmV9w83ObklUlhFf0RfJx99HDE8x10HQXtKqV9AA80 tn9c1LvIE1LIAsV2dItDv2mGp6c340aEIj86xL1Vkgv73Ww+o1QIc6o580clViSwgc+P /+ln1pP/WfakTtoiVPnuUtxfeJ+iF06pTgIOY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437568; x=1741042368; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gr43TU7OB3/UBZWZ8a0+AJgECDu1pAru/awGEv3HrHg=; b=YqRH8dt69H6fdBy2seLk4Zbx6/dLbBGmqgqTXvQfuSaEFn757YTEkTMt+glcUVxmL4 doYsW+2VlTdQ/b8vv/nZLdA6yQrc5BrNx24EB4aOfsh7Mg2bITMSXnmwjIi7te0X4pQz /gNzQ52DsZmPLLc8d5sIhT2x5VBy/EAmCaVnlI4iYRRYxdctx74PbTEDUouu5OT0+lBE 88fUpKxN2E1LsioInWIFW8wh6cfVUI2Rj5ckmPcjid7y9/TIln/oNy2SN+nG/1uoCy+M d5K70B0BeMQlvba5FJnoG9AnWwVq2gdD5DOFpvWt5Swq1GWOSDlLq5bqEomvod7So/Jt 7NtA== X-Forwarded-Encrypted: i=1; AJvYcCWHIHSyMqggeB8NeuZKHqMcbEoYyJH39tp1qM0UtA61Lnqjgc1ULWaLMRC175oJqllbKkaUnEmfPaVw9mhzM80=@vger.kernel.org X-Gm-Message-State: AOJu0YzUaFZo/vleigrMQ0YX9X8aEs+U5H1I+mlnWK2vT0nuj/I80vrJ 3bOANNwqvcOMKQg84ZrU4B30DaXnHrM77UHFd3JsDmHVZtF0cOk432B/+HfYGA== X-Gm-Gg: ASbGncvc1Dp/EueIKLHnVz9EIsdYbYcFFmRTBxavyjABNZpvClahYQueMLC3fdoIe3Z OqV1/M0H57q3hKZM0RBdGgAC/6MKBTUBf5phBNUwWZzPQshbjqySV/n/+zE1NgKdI4amefhsX8d XiU3Fnzh5jd+OqlnI3Po8DE6iEvoWHXNwUygnKksLEyT9gFOHVjArtP8o5Xh6Z09I8yeZmF0bjF goiIpLDmXoXh4WGYU6A0L46cPWNj9s/hWvwlgF8LJSsX7soNtYAGy+XfCmyLq8ST0SFpm9Fc2b+ K2HwZPuqGxpjol4yFCEOTq2DhIU3HJ+YNHRlFJ19o3gSbu3JErcacYNX+9Dj X-Google-Smtp-Source: AGHT+IESaZ58UChl4iGsoSvsujhtUwwJr3CbpWnJiWfiHt9MzqGV0YmPpuc1uUFRRY7FoYU65Kkk1w== X-Received: by 2002:a17:902:da92:b0:220:dae5:34b5 with SMTP id d9443c01a7336-2219ff5f4b9mr92927075ad.7.1740437568464; Mon, 24 Feb 2025 14:52:48 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a000a73sm1412625ad.42.2025.02.24.14.52.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:47 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 1/7] mseal, system mappings: kernel config and header change Date: Mon, 24 Feb 2025 22:52:40 +0000 Message-ID: <20250224225246.3712295-2-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide infrastructure to mseal system mappings. Establish two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS, ARCH_HAS_MSEAL_SYSTEM_MAPPINGS) and VM_SEALED_SYSMAP macro for future patches. Signed-off-by: Jeff Xu --- include/linux/mm.h | 10 ++++++++++ init/Kconfig | 18 ++++++++++++++++++ security/Kconfig | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 7b1068ddcbb7..8b800941678d 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4155,4 +4155,14 @@ int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *st int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + +/* + * mseal of userspace process's system mappings. + */ +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS +#define VM_SEALED_SYSMAP VM_SEALED +#else +#define VM_SEALED_SYSMAP VM_NONE +#endif + #endif /* _LINUX_MM_H */ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..07435e33f965 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS config ARCH_HAS_MEMBARRIER_SYNC_CORE bool +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS + bool + help + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + To enable this feature, the architecture needs to update their + special mappings calls to include the sealing flag and confirm + that it doesn't unmap/remap system mappings during the life + time of the process. After the architecture enables this, a + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access + to the feature. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config HAVE_PERF_EVENTS bool help diff --git a/security/Kconfig b/security/Kconfig index f10dbf15c294..15a86a952910 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -51,6 +51,24 @@ config PROC_MEM_NO_FORCE endchoice +config MSEAL_SYSTEM_MAPPINGS + bool "mseal system mappings" + depends on 64BIT + depends on ARCH_HAS_MSEAL_SYSTEM_MAPPINGS + depends on !CHECKPOINT_RESTORE + help + Seal system mappings such as vdso, vvar, sigpage, uprobes, etc. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + Note: CHECKPOINT_RESTORE, UML, gVisor, rr are known to relocate or + unmap system mapping, therefore this config can't be enabled + universally. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config SECURITY bool "Enable different security models" depends on SYSFS From patchwork Mon Feb 24 22:52:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989030 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 329CD20A5D1 for ; Mon, 24 Feb 2025 22:52:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437571; cv=none; b=pUi5EzSkamOzFg8gOogLj4CKEFX1qgFkEs0rB/4Sii/SiWpFtWJErjOik+9Tb6OHiw/6h9ox6w74FV2PJE9GxIT9wUR4up6Fe3Ku3lg+A7DAtA1rpXANd/LkXveOxzgIKzcHWHYANnrn7jXHwm0iTkc23//x0cna1qUjl+sH0xo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437571; c=relaxed/simple; bh=vx6vB9UgcnLZOWNDu7hZerIV11aErIGRCAi4dguYZw4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XUQLWfDC79PiknzwraM0d0zCcJcUJk1OUlCiv1beLIxY1YIJ3XpnKM+OtiVU2F+1dnbTNRX/bJUlZcIOKAcj74icw3yIeYRk+jzsOmLFcAQDtGm6owMFplihgBOR//EQg5Wx7qYXnNXexLVU09EF76m/neIIgL4rZ30rG7CQwAk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=iJlAgvdg; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="iJlAgvdg" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-22134a64d8cso12091025ad.3 for ; Mon, 24 Feb 2025 14:52:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437569; x=1741042369; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uLPC0aGcYNb1lvLik1r4PuSirlrOiN9ljuV/brKB6K4=; b=iJlAgvdgtTCfaG6hOyucqOw1zthzJhXyoPf3t6Hjzd8UNgQKw1ZL4OxgbmboUsgn8S RjI8F9+PArJQgNj45YkaZZN7U+yP9Mum/+ccQQNLJZfDhPx8YQhhwhlTMvHlY14ywlYX 62oT0Hf2zlrA7P78A8JBXzWhWqLDbVEnQXiY8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437569; x=1741042369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uLPC0aGcYNb1lvLik1r4PuSirlrOiN9ljuV/brKB6K4=; b=rBv2Cae1OwE2WlxCE2iYDc6VzYTJJ96QkN3k1TX6ST4rUyRZKr18Skjk67AvrNU5IN r6C6X06o846axxpZ6d+Twz3oaWJBP9x94Lif7/pglv3aT7iEs70OFrVQWgnAKW2dF+Eu X2gvgEL8Gv6+Mgk2LHLLgJUw5KmWocZVeJIz0FFw22aY9KVgDH8ffeFHq+s60PKGjulR 02R8wHabGlyRP7I7Qu76eHH9x8QNsKX+5qX9fIEDOwmXjP+P2ACAanu3IVhEwjWISLbq sq6x8G1e6FRRJFcl+381Uk/LZmG8axUbBQN6+ciwwKTyu8Lbf0uAh4T30yB6eepnxMFU WGtA== X-Forwarded-Encrypted: i=1; AJvYcCUUvhVuSiHVXPhxtH1XN2gOM44B9SG79im6FrmpohGMYmTeHVyqrD18VW/CqAKgitKqDQxinm5YcNGCVqHGb+0=@vger.kernel.org X-Gm-Message-State: AOJu0YwRRrjbtBvUmlpMhQLeClZ4lHE103sFwmlyS3Qq0gcQtrVF6si1 q+G4yv7OaBZNie8hlxofqtl9NQa9vc1xY2BVqTkKjCIADGrnGWu2SGvVUQbjiQ== X-Gm-Gg: ASbGncvjMnRA1ExPUMJxzUXEtnzIn+MyKCsJXzXOWkF1r3OYOtJCSDiqbFK/D39bKc6 gF4S4h5O/p6XbkR2RgaM3j2WL3RVyhJjmcyv0y1fEVfvW+x9YGF3PA6TEAMh6c/HMvO/y5Kedei m9GK8G8MR9sl8FuWT9PUoNRGC9e+q2I15zmS3tz0Aj+vGcbOaIzFZ6T1aB+46Z/0jsI0BJyzubw HKSIc/Vt31XRDkQwg8pFppj+O2mvsIfhKghH7sgjJmcL1/tyIluTpYL3HoPzROZS9BadKjbApP1 BwQFbwLB75Rb0s/f+oglnLiLXL5hhrO8xb3SyVSIlmjgSoWHo0gFsc62Qa3y X-Google-Smtp-Source: AGHT+IHCp48/6UHF/fa/HDiAGSPZBXV+VJjrvt3aHCsldayQ5uHsZNAe0/b2WwYSN5ozi8oGHlQeSA== X-Received: by 2002:a17:902:fc8d:b0:220:f708:b7a2 with SMTP id d9443c01a7336-2219ffdfe62mr95535885ad.11.1740437569437; Mon, 24 Feb 2025 14:52:49 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a092fe4sm1292045ad.147.2025.02.24.14.52.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:48 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v7 2/7] selftests: x86: test_mremap_vdso: skip if vdso is msealed Date: Mon, 24 Feb 2025 22:52:41 +0000 Message-ID: <20250224225246.3712295-3-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Add code to detect if the vdso is memory sealed, skip the test if it is. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes --- .../testing/selftests/x86/test_mremap_vdso.c | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tools/testing/selftests/x86/test_mremap_vdso.c b/tools/testing/selftests/x86/test_mremap_vdso.c index d53959e03593..94bee6e0c813 100644 --- a/tools/testing/selftests/x86/test_mremap_vdso.c +++ b/tools/testing/selftests/x86/test_mremap_vdso.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -55,13 +56,55 @@ static int try_to_remap(void *vdso_addr, unsigned long size) } +#define VDSO_NAME "[vdso]" +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool vdso_sealed(FILE *maps) +{ + char line[MAX_LINE_LEN]; + bool has_vdso = false; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, VDSO_NAME)) + has_vdso = true; + + if (has_vdso && !strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + int main(int argc, char **argv, char **envp) { pid_t child; + FILE *maps; ksft_print_header(); ksft_set_plan(1); + maps = fopen("/proc/self/smaps", "r"); + if (!maps) { + ksft_test_result_skip( + "Could not open /proc/self/smaps, errno=%d\n", + errno); + + return 0; + } + + if (vdso_sealed(maps)) { + ksft_test_result_skip("vdso is sealed\n"); + return 0; + } + + fclose(maps); + child = fork(); if (child == -1) ksft_exit_fail_msg("failed to fork (%d): %m\n", errno); From patchwork Mon Feb 24 22:52:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989032 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3244920AF88 for ; Mon, 24 Feb 2025 22:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437572; cv=none; b=iYv3N6+BZGU2z+tCxbbyp7DR9aESdrBgYJ1pTp+YbG6QHGhNh4t1Ql4T4cato1hDsZMjVv1vDCTk4HAa8PDogoNoZXkOPef8Xx34qtOc6E0+9rXTxa4t+pmG0XCptljkjFdPsmkzhH3W3i5ntgEQLQ933sL/lw+5IuiT3JUefAE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437572; c=relaxed/simple; bh=+Jr8v23L6iLuA3vKByURp4sY8Lw7JmuAhQkX6WPaKi0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CbwI2B0gJzD8uf2MRDQ/bIGWNhQrl2F5uFUtacf3JnluRVUGbwIcB5ZyzAuLX/AyqnhNQTrZX5om2ZJC98jWJGaBbhRDMQjbxAEI0HABUPkbgIcQ0OHxTdmaoadXATm2YDrs4VOut8tvWENNgIFQnwChcTzlmmy84Iw8qiPneaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=CTTnKtLX; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="CTTnKtLX" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-220d47b035fso11398515ad.1 for ; Mon, 24 Feb 2025 14:52:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437570; x=1741042370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HehPKH2HS0HzCH0hQSNM2QcWWpZkmDJGAEgO0vW2y+g=; b=CTTnKtLXmoh3kaOxgzwg3JZWtzFl/idk1bBoNuAQ6NXCggCqH4HVe3KLwZJKcb12AS MQOE+M1daTl0e7yVoP9i/yIL1spM6i4Z6/dPkNziFMlCCFmWyDJhmz5RAxJomewLQHEA eI6IMsVoP9yZT3ljT15ZY8BVKjo7TvTpEjDaE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437570; x=1741042370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HehPKH2HS0HzCH0hQSNM2QcWWpZkmDJGAEgO0vW2y+g=; b=aLauYGRBON1FntXg0FmrdnskKdFfGBXIdRta+5nhc/0B7yCQ/XoETdMppHLmBuiZ5k 9tNAB76vde7YenK9H8ZMpyDXAY5JH3inyIZATKZhmtAm0WycLP4Nzh9JUoOg6Wdafhp9 88zRGBKDR1AP3vORcCWehx8LGMXQxZF7AWRYEnIZBjs22vZExPB9AzdSaA2NOhcdsYRS sh+JbJkPS9jG+/+PIJUZ7wQTnCk9J+ob8eq1+WT2EQUIOm4LiSkgTdOw0Kxj56zaGk2u pJFIZxfGzbSnVXRaDk5fScc7I2ciEU/BCxv6i/oe4l+19fEI8/xvB09CMfZ9v2sFvSwF uuQA== X-Forwarded-Encrypted: i=1; AJvYcCU7eo89L8gU0FGCPqihKTQiwI/yn/gnFsvADKLGXU9ZGtECdSK2q6mcebvc8s7Om6WSnBk2TsMBm9CJjBqhhM0=@vger.kernel.org X-Gm-Message-State: AOJu0Yy7CxvCEMsQmjDNXK+x9YowV1i2h2t5VleAGOFCZPL8X4Oo8//r kdz+9xiPNrI0QGin4YWZznRYYCtMZdQz7qEh4/y1BhLqDrjl3IV683OVqJhJ6w== X-Gm-Gg: ASbGnctkKqS8vW/9fLkZIdlYqA1MLg2jCag94zwZA4jyHq0NQ+R/BteBaBTUHgoGrUy iKiX+bGv2xo+gzt7NWmvEwMO7l2FLqHI3We9/VaVXgfAyoNYK//O4QLt4RjdFWazQCSQH7ANRqv ESRHOGliFvcpwcYAVXXHsKiv4QOmMxFfamCElTkZOoFSGZyspTjMz9Gw5J2QKndgnqc1ZnSRO5I E+YXMtULlMPCP96m4DVuO+SttH6G5g/HiyCcdFrQHCst8n/exdt/5Ah5+O7/IRS90HrawpXLGDv iW9MKIoJLsXM7Z3hcMW1etcr7WILB4BobeBvWx5uLu9cmktofzx3qsUGRyHO X-Google-Smtp-Source: AGHT+IHvxyCpkXXkYjTLWWPzvLXpjBHCjYNwj83VFoOFzg3xddNwivdcqHIMBcGsWOCoYPcqKcpgHA== X-Received: by 2002:a17:902:e5d0:b0:215:9a73:6c4f with SMTP id d9443c01a7336-2219ff50d56mr94813075ad.6.1740437570374; Mon, 24 Feb 2025 14:52:50 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a0ae9acsm1300615ad.225.2025.02.24.14.52.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:49 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 3/7] mseal, system mappings: enable x86-64 Date: Mon, 24 Feb 2025 22:52:42 +0000 Message-ID: <20250224225246.3712295-4-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, covering the vdso, vvar, vvar_vclock. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu --- arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vma.c | 16 ++++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..8fa17032ca46 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -26,6 +26,7 @@ config X86_64 depends on 64BIT # Options that are inherently 64-bit kernel only: select ARCH_HAS_GIGANTIC_PAGE + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 select ARCH_SUPPORTS_PER_VMA_LOCK select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 39e6efc1a9ca..1b1c009f20a8 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -247,6 +247,7 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) struct mm_struct *mm = current->mm; struct vm_area_struct *vma; unsigned long text_start; + unsigned long vm_flags; int ret = 0; if (mmap_write_lock_killable(mm)) @@ -264,11 +265,12 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) /* * MAYWRITE to allow gdb to COW and set breakpoints */ + vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |= VM_SEALED_SYSMAP; vma = _install_special_mapping(mm, text_start, image->size, - VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, &vdso_mapping); if (IS_ERR(vma)) { @@ -276,11 +278,12 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) goto up_fail; } + vm_flags = VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; + vm_flags |= VM_SEALED_SYSMAP; vma = _install_special_mapping(mm, addr, (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + vm_flags, &vvar_mapping); if (IS_ERR(vma)) { @@ -289,11 +292,12 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) goto up_fail; } + vm_flags = VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP; + vm_flags |= VM_SEALED_SYSMAP; vma = _install_special_mapping(mm, addr + (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VDSO_NR_VCLOCK_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + vm_flags, &vvar_vclock_mapping); if (IS_ERR(vma)) { From patchwork Mon Feb 24 22:52:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989033 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53FCA20A5E7 for ; Mon, 24 Feb 2025 22:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437573; cv=none; b=ZZ20VbcHyOAd9dYtLa+xjW1ZKVUzaSCuKNkm6QQwjXbhDGZuWkEE5XsAleGiPwp/t079Mbi0Csb1Ey42wNkckqRup5TtnIwbhKgl8gNXaWbSqGKUiQ0oc4tHWZEBhWJ10xnpZxVRoW7rJDg4153puBsk3aaMtEkklp2nX94OHrk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437573; c=relaxed/simple; bh=2yuHBoSnd2wsgNcC3esf33ETF3rGpThxv2gH4bJQmiU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AKwh/JR5nB1RX2JVwbvSa2qjUo16uKLiukxUz0MbBNvw5DjnTY1cv63h1yquguSyBsl6twL6V8xn0s/D5h8VQCY1Ev9s4O7pIZeD0oZjkXFnrT6QYPYYQsma2WMyxZJxIkOvDBXy1VjrhGvXNqNhuWjDFUFI/MhxcnjYy94v040= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=IDPl1vdA; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="IDPl1vdA" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-21f8f3bd828so10884155ad.2 for ; Mon, 24 Feb 2025 14:52:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437571; x=1741042371; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mnbYZdR9Dsd6yNbIvKX9KQDi82tgjieU0sfh+fobVnA=; b=IDPl1vdAmpECLAazI2fkrXYit69k3Jve3/sfCNR00wk10ijuWTNZ+5ft07t/oxQ8Qd 868Ki7udGM22zjbMdgliMUrhxUZXLpsqpoxMEKwAxTV2kPOslCLB5+GTNwbqQRCe8awA HRoyMARA3SWVB2rxF5Nib3dL3zo+/3U6aYuEk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437571; x=1741042371; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mnbYZdR9Dsd6yNbIvKX9KQDi82tgjieU0sfh+fobVnA=; b=CJFobP0mjyaya1VOQ3MsHkx6r9okmu/aE53lvLfxvU/WXj7rsdwSIvRpU+Ae0HJpK7 EQK7hIB7LRaOdpv8VhfEyNELbsz5rLVzyKKo/B01FvDqXo8myrKrhzHmvhyJzziYJSyA 6dtkKVYStnQklhy9LmtTH0iK3aYhpv3OHGHbM5FQqL+GvyBnZbIaSwNdMSOENjvPysyg SC2FXToz0EUe7cxYRCpCq1vgZlj8YdHBPXKPIvXWz+hun15I4sPPj8HFXdsQKMit/zXR gy+HHvY7GPmHANnz7DxIT5F37pIoELHhonRTztaHTmLNFTFN+FGc/fRNmk64dkSUp8m4 Z2AA== X-Forwarded-Encrypted: i=1; AJvYcCWct4F1SYcc/So6q8Jhs+Cj+8sxXR4/ybKnnQ/wElMFkdc28Fw3hzdkp7amiY1Ypz35PUXKddg3/KfyGHLprss=@vger.kernel.org X-Gm-Message-State: AOJu0YzI2j94bsTtAVE64IAq20ifEJEFWuLLZPE0jSxIjnPFQdG1CFV7 1YL6GVNrGRBG1B57POCZrYzmpCiyMaWlXQABUFr95KKGYUNem8GvqqnizcbYgw== X-Gm-Gg: ASbGncubTm96QzJt4IN0zD6EXEg+3TfaiOevAHVolNrP7ZFlmFy+Wg025urRfOcfcAX wu5bQC3ijYuxlGxEzeRm4609a3kjLSZVeyK+KmgxBN4mU1/s8D2Am+az1Nncl9dwny3SMSbN4Zk zUd9zIyX3KB/mUj46QPwnLOwGJjjR3EVW4MoqfOOT6AKAUg9zzFZIGTYCImU73xlQyuibnGqhfU P1CPhDIl2tqNLa3iu/JgQGpSW+S5O3NPI1f4ZJqAKlcRmzgdSGGYI3LKFszWgAK+8aPTUTpdIlk KueO7yl5yFFxQ9KHjmiE+fa/vrneukM4RDqr1bbw/137gABpBWxr2SwaXOWh X-Google-Smtp-Source: AGHT+IEhSKFRCZXsG2Zy3hOdxapBXQNVpwEKFfeiuGKe7NPaKl+bBQmXHsBtgSBl5DplToMs80po9g== X-Received: by 2002:a17:902:cec6:b0:215:aa88:e142 with SMTP id d9443c01a7336-2219ff6e82amr92327965ad.7.1740437571460; Mon, 24 Feb 2025 14:52:51 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a000536sm1358685ad.45.2025.02.24.14.52.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:50 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 4/7] mseal, system mappings: enable arm64 Date: Mon, 24 Feb 2025 22:52:43 +0000 Message-ID: <20250224225246.3712295-5-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on arm64, covering the vdso, vvar, and compat-mode vectors and sigpage mappings. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/vdso.c | 22 +++++++++++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index fcdd0ed3eca8..39202aa9a5af 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -38,6 +38,7 @@ config ARM64 select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE select ARCH_HAS_MEM_ENCRYPT + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_NONLEAF_PMD_YOUNG if ARM64_HAFT diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index e8ed8e5b713b..12e6ab396018 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -183,6 +183,7 @@ static int __setup_additional_pages(enum vdso_abi abi, { unsigned long vdso_base, vdso_text_len, vdso_mapping_len; unsigned long gp_flags = 0; + unsigned long vm_flags; void *ret; BUILD_BUG_ON(VVAR_NR_PAGES != __VVAR_PAGES); @@ -197,8 +198,10 @@ static int __setup_additional_pages(enum vdso_abi abi, goto up_fail; } + vm_flags = VM_READ|VM_MAYREAD|VM_PFNMAP; + vm_flags |= VM_SEALED_SYSMAP; ret = _install_special_mapping(mm, vdso_base, VVAR_NR_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_PFNMAP, + vm_flags, &vvar_map); if (IS_ERR(ret)) goto up_fail; @@ -208,9 +211,10 @@ static int __setup_additional_pages(enum vdso_abi abi, vdso_base += VVAR_NR_PAGES * PAGE_SIZE; mm->context.vdso = (void *)vdso_base; + vm_flags = VM_READ|VM_EXEC|gp_flags|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |= VM_SEALED_SYSMAP; ret = _install_special_mapping(mm, vdso_base, vdso_text_len, - VM_READ|VM_EXEC|gp_flags| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, vdso_info[abi].cm); if (IS_ERR(ret)) goto up_fail; @@ -326,6 +330,7 @@ arch_initcall(aarch32_alloc_vdso_pages); static int aarch32_kuser_helpers_setup(struct mm_struct *mm) { void *ret; + unsigned long vm_flags; if (!IS_ENABLED(CONFIG_KUSER_HELPERS)) return 0; @@ -334,9 +339,10 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) * Avoid VM_MAYWRITE for compatibility with arch/arm/, where it's * not safe to CoW the page containing the CPU exception vectors. */ + vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC; + vm_flags |= VM_SEALED_SYSMAP; ret = _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE, - VM_READ | VM_EXEC | - VM_MAYREAD | VM_MAYEXEC, + vm_flags, &aarch32_vdso_maps[AA32_MAP_VECTORS]); return PTR_ERR_OR_ZERO(ret); @@ -345,6 +351,7 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) static int aarch32_sigreturn_setup(struct mm_struct *mm) { unsigned long addr; + unsigned long vm_flags; void *ret; addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); @@ -357,9 +364,10 @@ static int aarch32_sigreturn_setup(struct mm_struct *mm) * VM_MAYWRITE is required to allow gdb to Copy-on-Write and * set breakpoints. */ + vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |= VM_SEALED_SYSMAP; ret = _install_special_mapping(mm, addr, PAGE_SIZE, - VM_READ | VM_EXEC | VM_MAYREAD | - VM_MAYWRITE | VM_MAYEXEC, + vm_flags, &aarch32_vdso_maps[AA32_MAP_SIGPAGE]); if (IS_ERR(ret)) goto out; From patchwork Mon Feb 24 22:52:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989034 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3148020C009 for ; Mon, 24 Feb 2025 22:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437574; cv=none; b=Yj76H/+xHswlYaI+o3ISquDFCAXRWvL/gHTo+l8RXsWNMMfoJlZw3yH7bDQ2EZRKeRQueNm3HQls9fKw1n6ETQ0rr9EPG73l5bj5+f5xQx8WoswEYuRlU/DbB34qAtuL9fxpiVqrjTbzCCfnCvs0DxdRU3CdXT/7hOKlZEaVMIY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437574; c=relaxed/simple; bh=3yyGx1/qbWOwaz7n1P3h6mE9HnHTR0hKpDC/6427r/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gUDouMl4PQLor3uua0rJHrLOa7dqnfjFVPeSUF4mqSL9H9Oe7uzwpzF+j7xiGtTGN85bBO/5tiWR5NCpp/KMu+nssAjHq/ETXDG4NILgIwc8KetMe7WdAx04xZHNLgntItZ/nZqjWKhaNKMlDAirWgG+zu+Jbm3sywn23v9WWs8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=eK1raW8J; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="eK1raW8J" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-220cd9959f6so12644935ad.1 for ; Mon, 24 Feb 2025 14:52:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437572; x=1741042372; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9JxfqC34JK5pAuQi2kIh7I1xgd0YTjcXZqYM95ZHnLw=; b=eK1raW8JNsYOQOtcpNo0y2Imk49/hd//ZKeYo0qEeTEbAoLvYeBopRePA2dTkIR+th bHV7fzfm2WKbKqKsCAK3NX1PnIraL9MVvSA4Vy4XPDNNK+jo0Vbau4vI/Kz43QvB5FKN AUMG9ppnJIUKX1gvDi5yKNHGQzIHT36+9LnJc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437572; x=1741042372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9JxfqC34JK5pAuQi2kIh7I1xgd0YTjcXZqYM95ZHnLw=; b=UVzTheUAtfJNQZoQrLhrRyc9LQxNA+XMrqvYw2i5QLRQJIcWxAec6F3kKXXVDSyi8+ iGAQ0y+EPwRLRAdyz+g6oYiSDtN1vOoEQDBZcOyoDO9EybeZK8QT1qlVNu7xQm5v0tYq 8ytjs8nB6EnIjPMvoOpK/zLoIv9E0UJ49Ed3NjT6xPqwf8uUncZnEswdZiwfdvlDW8yZ D4HKgscyGZiNNlYzeR1kTs4sBJMTapB9dsuXcEZut4IWE8XfHh8cM56VSoRj1H3H/3lE 22g9De8DrRZCERukH20HNasA8e1OmLpHNQuAgbCzpyA4l80Mr0SQmOigQxuHbjp9PKrt K7nQ== X-Forwarded-Encrypted: i=1; AJvYcCV5jFKtyKO+NzkECjKjGkt+R5mp2gnJjNGyAXvxJ82Pp8ZXr6/m42ZYovvTiqsqr0zXn39GKxsnqwXZSU54xJA=@vger.kernel.org X-Gm-Message-State: AOJu0YynH4jYQir+4p45ePROVSsfCYV7q6gsj+1TUkbsdWwBvvyKsJhC UfqsZh3sYl6AqxqZunckLKjikxGxw+pnBNEaoG7bTfgWa6tvfYJlvWDTVH0yKQ== X-Gm-Gg: ASbGncsyefV18qPJa5uCID2z4/bGD0kxXPDpr/Xe5zaMvfXthbPfktorgAkL+l8OQel tKjpDXvq2LEV2KJBI9jSGk/rcf2p13AUatBtJM3bemcgjD3EC1Y45gHxfEhraxHtaVam0uFSrO7 VdI7nCBuj787xAxmqdGfIgnRB/lv8xqKYgm6CZdJD2qipkRoKH8OXu0vDZya4rQJ0HDH9WeE2HU yAYFSt4G/TbV2hNnbJ/Z78YHbknpSVPBsBA4ADSfkaXpJ8/q3ZC4pd4LBevXdBLM05muVqfMgrt sTphPdpqDj9UES6fjAZ8+7R4/I5lQ1gt4ZMEzlo0WMw3kXVG4E+G+nWt2DoY X-Google-Smtp-Source: AGHT+IF5qFqZ2XMAkd11tZhw0TNlD5KvpPShH7QiyA0ymh3azQkuml1yZnRKVOO/3ENETx0NVF9uNw== X-Received: by 2002:a17:903:18d:b0:220:f181:4e70 with SMTP id d9443c01a7336-2219ffdfa48mr97695445ad.10.1740437572458; Mon, 24 Feb 2025 14:52:52 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-2230a095f02sm1313475ad.152.2025.02.24.14.52.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:51 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Benjamin Berg Subject: [PATCH v7 5/7] mseal, system mappings: enable uml architecture Date: Mon, 24 Feb 2025 22:52:44 +0000 Message-ID: <20250224225246.3712295-6-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on UML, covering the vdso. Testing passes on UML. Signed-off-by: Jeff Xu Tested-by: Benjamin Berg Reviewed-by: Lorenzo Stoakes --- arch/um/Kconfig | 1 + arch/x86/um/vdso/vma.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 18051b1cfce0..eb2d439a5334 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -10,6 +10,7 @@ config UML select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_HAS_KCOV + select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_STRNCPY_FROM_USER select ARCH_HAS_STRNLEN_USER select HAVE_ARCH_AUDITSYSCALL diff --git a/arch/x86/um/vdso/vma.c b/arch/x86/um/vdso/vma.c index f238f7b33cdd..fdfba858ffc9 100644 --- a/arch/x86/um/vdso/vma.c +++ b/arch/x86/um/vdso/vma.c @@ -54,6 +54,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; + unsigned long vm_flags; static struct vm_special_mapping vdso_mapping = { .name = "[vdso]", }; @@ -65,9 +66,10 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) return -EINTR; vdso_mapping.pages = vdsop; + vm_flags = VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC; + vm_flags |= VM_SEALED_SYSMAP; vma = _install_special_mapping(mm, um_vdso_addr, PAGE_SIZE, - VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + vm_flags, &vdso_mapping); mmap_write_unlock(mm); From patchwork Mon Feb 24 22:52:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989035 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4323720A5E7 for ; Mon, 24 Feb 2025 22:52:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437575; cv=none; b=iYyU/jra7oFqqLH+8+6qhjKju3K5CKcknfWwyMSXgZFh9eXIsdGki4c9tNyOmiDv0kum9aUyzakneeOBF2xrHDtzZe70dJkrI3ofPHubRwaO9veDBraJdYH04NxqHJ6F15wYwoeHd8dq+X/sY0tkM8IQQ1dMflSEsZr4tKK+ei8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437575; c=relaxed/simple; bh=Ahb37i8tu8vEzrUDVo47OFw93L7v5pGugTT95nDEeAM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QThvR6ZLUd0BUgomIDKdK7IIGU/DawCczNkEf3wW+scc7sOJhdrRICY/kbNZH0c7Co00gkAI2qpaU5enZNSKVYzJXah6EVjQ/RpLGExRhq5Hk9cD3qgYfbOlWfGSpFD+08+Vcvi3xLQdW2QLvFaddXQ09XhwpHzs48nom/d0J48= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=lFKRnTU2; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="lFKRnTU2" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-21f8f3bd828so10884405ad.2 for ; Mon, 24 Feb 2025 14:52:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437573; x=1741042373; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1iZa0J3oai+8Welu6Zi/1CRi8cf0vv3kefTwVSjChmA=; b=lFKRnTU2VEXw8ze8n7zxtER7TYsFf4YXSgxUkEN+WdHmqBHUXjBX+hArhvqkM9zN/C pVS18QyJJBeVw/cGnVrZecni44Uai/VvIqOX+viJJLU4MoqPWAcY9U11OgaX/V6guPtT horDiJetuuVa7hb3bh03czXSe2svzc3WsLUZY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437573; x=1741042373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1iZa0J3oai+8Welu6Zi/1CRi8cf0vv3kefTwVSjChmA=; b=DsHuVt4dHOxkS9KQIWccoy0te7liWuk7fkTWsCUDt7rG27jpNm77bg/D92wDBcUZkj oc8K0ca+kwbubTEuOVOq2BW127sUPKJ7t33UWwb3ja2Tn4GMn4nIBaX56MGSsZd9kpcs vmYcASwORqgz+KEmtQrRDra57A+l/ZcEZr5wACR+llMP2BDuE0QUFKgXo/Z41S+c8lmK W/4osN5XSGaQLZ1fyAe278ks4DWZQQbXGLK3+7tJFW5mj1C9sI/gXyOvW2QTRt6BxOms liBzpVJ826PPFFPNpK/J9uYqT/GlWdLpf2uWkv0gK2ZVvmfiSsti5BHAcpui723R/l2f 3HGw== X-Forwarded-Encrypted: i=1; AJvYcCUPTbpazlv6OVPyGiW/I4O80+AfZA+1oBaUjIyc+SgbC5mBC4CWCN4CtVGr3FEwWoGtrD2ufx9o4S4SZUVj7/I=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+U93rHNC3wifuLVRvkJkFLbo+tNNIY5eaJ3HH6n6AKiAH+LT/ YGxVKJZg36+1HPZdEd9YINBvGEBMp8HxGLkr4vsMBrB+whUX5kvpm91uExEKjg== X-Gm-Gg: ASbGnctsGqULQdyEeg5wR/m0NvxRXm/oco9cOveHpu2nt5zuyUf+SOarycFMaRX5TA4 wlTCZt8Eh0JlfmwKtG39v8+Ii2bMv2PVhp+jDS3d3fL2HVDDF+YhNzeFe+syLNAk2etm6QgJ844 HKPBGasoYrK0e3v5ubnsEg+cqSw6EUCL3GpOR2PJZCyXd8OZJkTQuewj88uFvw2psrSQAj5PXO/ gZ8cIbQdz6nsvhfJ7iWor/7bgwbKxnXI3HKOQvO7d6XuYQ9yoEZQJDXvjbXWpNqFB8CErO8HVQI 6XO2N14RYlZp2QYZnkaX986pqQFURuGYB+RD022hEZre4l0dyak0vt94gICH X-Google-Smtp-Source: AGHT+IFg6PbCJykgEIaP4RauSlaTrid3Wz+OgE4C+L+jwZ9u9/LvDrktm5eCC+LrKCajBp0j3msv1g== X-Received: by 2002:a05:6a00:3cd4:b0:730:96fa:bdb5 with SMTP id d2e1a72fcca58-73426d9b38dmr8599645b3a.6.1740437573573; Mon, 24 Feb 2025 14:52:53 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id d2e1a72fcca58-7347a839dffsm173674b3a.172.2025.02.24.14.52.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:52 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v7 6/7] mseal, system mappings: uprobe mapping Date: Mon, 24 Feb 2025 22:52:45 +0000 Message-ID: <20250224225246.3712295-7-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support to mseal the uprobe mapping. Unlike other system mappings, the uprobe mapping is not established during program startup. However, its lifetime is the same as the process's lifetime. It could be sealed from creation. Signed-off-by: Jeff Xu --- kernel/events/uprobes.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index 2ca797cbe465..8dcdfa0d306b 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1662,6 +1662,7 @@ static const struct vm_special_mapping xol_mapping = { static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) { struct vm_area_struct *vma; + unsigned long vm_flags; int ret; if (mmap_write_lock_killable(mm)) @@ -1682,8 +1683,10 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) } } + vm_flags = VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO; + vm_flags |= VM_SEALED_SYSMAP; vma = _install_special_mapping(mm, area->vaddr, PAGE_SIZE, - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, + vm_flags, &xol_mapping); if (IS_ERR(vma)) { ret = PTR_ERR(vma); From patchwork Mon Feb 24 22:52:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13989036 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FD6620D4FC for ; Mon, 24 Feb 2025 22:52:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437577; cv=none; b=LkXUSD8GsjWJH09iHaaIstZxKQRqsd+vhiF39GfUUi8T9ZgOyd8EqI3lL0yb4wbd/h6dZ4QUdC2LB7hQt0omE0/EC08Q3X0jxeYlCWKxKK/muQelWq0E6cfb0P/RDqUMX0x9xisD63p4oohcASAInOgHqFnqjw9q9Qbsq1e4XcQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740437577; c=relaxed/simple; bh=wCBUro8X74PEVZGjy8/v6ioiKNk+ksES9zc6oIeICgg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=t9ORhqDeY/O8X4t4VFWksqlPbMgdOQOHsQFyBMM/f4FvT9EjpjDl1kAU6SauehYPofYBAx6FScTYZtJywMuabmECjKxLwHBcY9j3/GnwP3e/W/SWgjDE1YOLUWk5K8ixPURJWaDL14jTswsO+UylWqrNVTWOA5qAx9K71pQ+hVE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Gdfh3RDM; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Gdfh3RDM" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2217875d103so11454425ad.3 for ; Mon, 24 Feb 2025 14:52:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740437574; x=1741042374; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JC+iCaenVWT1qC+wv1WYjnvGE2KwlNSxR7B2FLEJRHA=; b=Gdfh3RDMuL/f58E3rRMPSXDE481hOe7+hkV6sRSuAeK3oTMFbI5ngWeB0Co7L4y5mZ aimwR4seqrWPPgUf64FJDsh0aRci5+XZd6w4m1Htz3tCk2PTmH3OXypx/+QMcIaOEoJx Xk7S0m+RnbXMHNpt5NjlWW9lvB5bk7VbAa9jE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740437574; x=1741042374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JC+iCaenVWT1qC+wv1WYjnvGE2KwlNSxR7B2FLEJRHA=; b=aOq+y9WeK38J98PfK6TP218VjHW371zjUCiHInqLBprkeCQoCuhlF9ws0bbBJj6vY3 ASVVfUVtI3WhnuQ9v3l74uR9Vvb+IXOKX5Xuz3dAezNzcGG8yRf9OcVd2A2FiMnkgCl+ /XAPFk8RmF1P/jpSMOKiLWlPwPyvRaHVZsGNyfAB+cX7CshBdyM4QC3sCNu5lUec0XFb vNzlKhAnJojR/gNCQs0lq/o9j/oX0jju4ChY7aCt4CAiKP9zFPn1c7WpEAotcRtrk/TJ Q4f0mHIaNTwJYasdUIk6PHLURrI9/0GjnZwTVK8LduYDXhpkRCJ2PeY9emB0zN0EKr5o pi+Q== X-Forwarded-Encrypted: i=1; AJvYcCVWvjIJq0cPQdp6Umz+KtXpwa/ZgUV95dBvOl/wPkY6t4FRAiq1Wd2FAqhKxdV5wfPjTLxWGa5EYN+uqQpA78k=@vger.kernel.org X-Gm-Message-State: AOJu0Ywmn7BhfTtl73Dfe7hdpjRP5SYq6Iq5jR6A1LaaWucvkEFufkue 6rNo6D21cGaRulnk9v38B66xGZIHRG2lZRcYYxJls7JLtYlp+mffIp6MEercTA== X-Gm-Gg: ASbGnctgB2lEGLPfZbjMoH04bQCI3dBmllLQy2KLXpAAPzHuX/C2Jwrw9WQXksej6lD y34GEjQboLqK7rufw1m2bPdWOegonhF6oUIqe1+qyrdLpfhpOA7oYJ0FfjRr1sXUJk0I0GiNGOA mXjh5vBqLTajUUJenp/lqPY5yb8dK10o3gFk73IzGyb31mXSzOrnbc9ZQukfzxZs38JFvNaYwVI uMUqk+jT3TO2ALGP7JX5CWHG4Jj/z5xyYZULAFYoCRo2WP9hQKyTh9kcWO2GuaPcBmyQlSki1ex pSxzT8x3t/yzBP7SlnVLTJsyx+3DCYq3LwHM0ziKGQpDnPlNs3jN+ds8709b X-Google-Smtp-Source: AGHT+IFWvMJ1DifgHpp00NgiU+l7P2X3hIfGn/N0QZgxCBlNaoLWIru7jUXTs0mtOdXL84lprXpfPg== X-Received: by 2002:a05:6a20:3d89:b0:1ee:d621:3c3f with SMTP id adf61e73a8af0-1eef3b1fcddmr10299435637.0.1740437574612; Mon, 24 Feb 2025 14:52:54 -0800 (PST) Received: from localhost (201.59.83.34.bc.googleusercontent.com. [34.83.59.201]) by smtp.gmail.com with UTF8SMTPSA id 41be03b00d2f7-aedaa6475dasm110603a12.54.2025.02.24.14.52.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Feb 2025 14:52:54 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v7 7/7] mseal, system mappings: update mseal.rst Date: Mon, 24 Feb 2025 22:52:46 +0000 Message-ID: <20250224225246.3712295-8-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.658.g4767266eb4-goog In-Reply-To: <20250224225246.3712295-1-jeffxu@google.com> References: <20250224225246.3712295-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Update memory sealing documentation to include details about system mappings. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook --- Documentation/userspace-api/mseal.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst index 41102f74c5e2..10147281bf2d 100644 --- a/Documentation/userspace-api/mseal.rst +++ b/Documentation/userspace-api/mseal.rst @@ -130,6 +130,13 @@ Use cases - Chrome browser: protect some security sensitive data structures. +- System mappings: + If supported by an architecture (via CONFIG_ARCH_HAS_MSEAL_SYSTEM_MAPPINGS), + the CONFIG_MSEAL_SYSTEM_MAPPINGS seals system mappings, e.g. vdso, vvar, + uprobes, sigpage, vectors, etc. CHECKPOINT_RESTORE, UML, gVisor, rr are + known to relocate or unmap system mapping, therefore this config can't be + enabled universally. + When not to use mseal ===================== Applications can apply sealing to any virtual memory region from userspace,