From patchwork Mon Mar 3 05:09:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998197 Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2DB21DCB24 for ; Mon, 3 Mar 2025 05:09:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978573; cv=none; b=ZjwBlYZb18rsyFAVhpwxsvv7GLMYdEYHGy0v/Z+kYfzwAtvaTHjdUB/ad5Ohi+tw/MXLbEzSutVYKT01JmxSm0PRakyzo3/JkQ7CPwK0qo6FjJ1XbJvKa/wWL546gRfoY3mWX9K/0CKfM8g9eyvh3R4W2OwAwVRdhxdIQccvjjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978573; c=relaxed/simple; bh=KH+raYnE3o90gaSK0BW7YxNK3IE/rt3ovv0WSnGCp6U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ReVXQrC7535v/OpesszSRJbGsOn00+1da/1g8Qk2vK5oI9IGY8RFa5jhuI1gS/XICezd5DvrwYfPo+PCQh6l4gPiEgCDrkRDAK9GU4LmJnrn4ix8L47eFOBcyOcf4LrOLRf5GEpREKqXZ+A3XpnTWYLOflanD9Zlyh1Qthln/sY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=jxyG9Nu+; arc=none smtp.client-ip=209.85.208.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="jxyG9Nu+" Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5e4e8032942so309412a12.1 for ; Sun, 02 Mar 2025 21:09:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978570; x=1741583370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=l7VSfLjBmGBKkv3gMTnCC363Z9s/33avq58JVEwv99I=; b=jxyG9Nu+1sCCNJNmk8J8JO9YTRmxFoePeJh8y+zme3vsVwGHPRxbzFjSfzzBB6REkD zq1m/fcdW+mhM9iDlj36y55N1IiaXhhBdVXb2XHvpYYdYDG6IipckpIGrOK1carr1TE3 YwEavhX8LfF7wWxeaos6SrhWeFBWp7kHvZlMI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978570; x=1741583370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l7VSfLjBmGBKkv3gMTnCC363Z9s/33avq58JVEwv99I=; b=Dar1TxDDTDZFPON7f6wp7pJTQwuCbdj5MP2cAvbbz8kDvEbdmT/AS2z1Ucd3NykOTW gcbIWusuEXuTPgie4rX5xOtydpDr04W77P9aJxBBPXBH3nCo6WekrceDycnpImXf76FH TBFZULkJO+JbvfdYY78zpGbXQN2AAsybfSjhPdaesIi6VO6/2+d/St3UZ3iAYedklfFG Imew7AZHYSsX69J6TjwyCM3P1PMwXMm5h5McC7nmUSpsvCoZUh0YE29LDZ03bfYj20Ke 0e6/khmAQrO7MhH+sorJ9EQeUJ5Z1tk9istHT97aMKAXFqOs671zdTW4YwtV8OLNpBnd Mj6w== X-Forwarded-Encrypted: i=1; AJvYcCVRO13AzdPwS7u4ybjTvVRwDyKAL6gMV25oYMGR4kUla5HW3MELTpXnUEJnZFTqpvoAmEjBY/8mJrH6nyYI8pA=@vger.kernel.org X-Gm-Message-State: AOJu0YyD25o4XF5QZZ1kfcbW4mix5wimF51RGygRg4X1jYntz0kkKh9z GbLQb+EUW5PdWyae8YIGoCu6srzG5oqIMgHmNLTwnLuTiY+bmufInCmwCYKrPA== X-Gm-Gg: ASbGncvugYO1PRxkbwbg3CVMmv0GrI2r2zkEYoiLmoPg5EHwak5ckwPbB2NEZjUoZNQ 1NZqh4s8er1enV0cRxCZvSj48nbz9Bk51260yOhPYQrqWMpIy3sjI6hKTR+gmJTNR05Ryn4KZbr //ugMOCQxb96Sm6qSiCICAbr35+ZNmTbHpf/ckBaoBLgKYiUGkUZZkKv4XLuY8FoakkSRJrBwTv P9WtbnleHsjP8Xfwzzm/I8TvAoAfYlzAMfSNxmiQkqD6TZQZjkaeqJNbE2g5hJqlKwBSEZLXzLz zbVNrrCzKtedL980XcKxB3hZjOJUoBViDYa1FviCuH++x3GKqPM0+X8xCXTzxa0qTG/pugbgj1r V X-Google-Smtp-Source: AGHT+IFxN3AMTZ+ZZSJlMVlRP2V4CZGjJgXRJF+0MIbx8rSkks+tYU3Lsh69tJGLjjaubvCJaozFog== X-Received: by 2002:a05:6402:2790:b0:5e4:b3da:6838 with SMTP id 4fb4d7f45d1cf-5e4d6b85b0amr4672505a12.7.1740978570067; Sun, 02 Mar 2025 21:09:30 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:28 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v8 1/7] mseal sysmap: kernel config and header change Date: Mon, 3 Mar 2025 05:09:15 +0000 Message-ID: <20250303050921.3033083-2-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide infrastructure to mseal system mappings. Establish two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS, ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS) and VM_SEALED_SYSMAP macro for future patches. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- include/linux/mm.h | 10 ++++++++++ init/Kconfig | 22 ++++++++++++++++++++++ security/Kconfig | 21 +++++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 7b1068ddcbb7..8b800941678d 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4155,4 +4155,14 @@ int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *st int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + +/* + * mseal of userspace process's system mappings. + */ +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS +#define VM_SEALED_SYSMAP VM_SEALED +#else +#define VM_SEALED_SYSMAP VM_NONE +#endif + #endif /* _LINUX_MM_H */ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..c90dd8778993 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1882,6 +1882,28 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS config ARCH_HAS_MEMBARRIER_SYNC_CORE bool +config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS + bool + help + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + To enable this feature, the architecture needs to update their + special mappings calls to include the sealing flag and confirm + that it doesn't unmap/remap system mappings during the life + time of the process. The existence of this flag for an architecture + implies that it does not require the remapping of thest system + mappings during process lifetime, so sealing these mappings is safe + from a kernel perspective. + + After the architecture enables this, a distribution can set + CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config HAVE_PERF_EVENTS bool help diff --git a/security/Kconfig b/security/Kconfig index f10dbf15c294..5311f4a6786c 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -51,6 +51,27 @@ config PROC_MEM_NO_FORCE endchoice +config MSEAL_SYSTEM_MAPPINGS + bool "mseal system mappings" + depends on 64BIT + depends on ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS + depends on !CHECKPOINT_RESTORE + help + Apply mseal on system mappings. + The system mappings includes vdso, vvar, vvar_vclock, + vectors (arm compact-mode), sigpage (arm compact-mode), uprobes. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + WARNING: This feature breaks programs which rely on relocating + or unmapping system mappings. Known broken software at the time + of writing includes CHECKPOINT_RESTORE, UML, gVisor, rr. Therefore + this config can't be enabled universally. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config SECURITY bool "Enable different security models" depends on SYSFS From patchwork Mon Mar 3 05:09:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998198 Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 118AF1DE4E5 for ; Mon, 3 Mar 2025 05:09:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978575; cv=none; b=ThD0izGCrmKGBYh27kCXDmnnupiqMksHfmH42qK2XNyEPSYNMbCpZVLNujwVWql/ZLO0vrdDbLhdBZzWhWI/FIk5Bicp+0rq7CubeXWz0NRl1DBI8lYLKF0Ji8hFA1WVvKAA1cKGbM7AsqYhBI3ImVdtyMBG+Hf6AlqhIUeDHX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978575; c=relaxed/simple; bh=mHyZGW3XXV2IETBinOXCmJuoOv/UZZoQ+5BGbFRYUkw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Zr4ZNMpmHr/PndcV+fssjQdDQDv7sRCv1lZtHWsdEO6UUavK0+iZ0F8HFqBbAY9aN0Ql9kd/2UhYZXa2h6z7/5spsAjJMRByHObDi8QEKzpbDXue+KdfE2ryNPMmFXsjnH0vZd6EZ/oXtA/iOOKnSwJwsUi/3UmnXvBHzCJ8ESA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=VWkCs3pE; arc=none smtp.client-ip=209.85.208.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="VWkCs3pE" Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5e4d18a2c51so386992a12.0 for ; Sun, 02 Mar 2025 21:09:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978572; x=1741583372; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VPZJ0CcsH5TjJPWWmbSBZjzCQW+f7CPLi5bx9zgqPMQ=; b=VWkCs3pEY0L5JRr0BFQHWMsyRLEqm1LalT27OCxHAHgduk3t8qoxoz8Sk7Fp5NMFxJ 8xOadFdwpIoDHsv0fY/Uu364N3s909dfFW5h00lf+YLHl/Yu7wXNuRLPUzPbO0vWzGgL djjrdJbG0Wfni9yIKWnGwSqjmFIpHQQanA1Mc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978572; x=1741583372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VPZJ0CcsH5TjJPWWmbSBZjzCQW+f7CPLi5bx9zgqPMQ=; b=kg1gnrkaJQQKEmVtM+cngF1S0EdY5GP9UIyN0agSwrh3cvNlS6FaWb9F4QEDUx8/X1 vzNf60U6YCy55fTa4qHFElrH3am2d/yHRaX7DZDIZS2elRZpNYTqIEDqEVcS8rCYW+KR 85YRiDbpa4lnwrozAGOVBCm9cEDplzuo20Y/w0idYPDl6X4uVxBgJGSbuROIgpEXawh0 EniVaZ+scOyJEkf2cG1Jb7EErIhYzdHTyMA0u8rQ/xY3THoFXB29CZOPfUPQZPEzlUX5 P9JXwPXzEy6PYIIVNOwJ3g5rIdeepHsWBp5gfr0Fd97aiYyN+enjJ3VvwcXMJT/zW2TD Op8A== X-Forwarded-Encrypted: i=1; AJvYcCUODg6B8yehI12LPqsEa8CvEAt9GWmgkfQmSPya7UxzLfd66p8Sk0asm4p8EJn1Rs2CzG+fnn8Ce+mZIjR0wYM=@vger.kernel.org X-Gm-Message-State: AOJu0YwACB8RfBLGtSG24E6Xn7BPZROsFhAhpPOxfSpr+itYEXfqEuzK smcR22TcyKNxDQz9NgJEnvhy7KAq0sceuzoKfQ9g13wJMyAtFtk9pX1ALBWBDQ== X-Gm-Gg: ASbGncvGsg9Rl93HKWEbzq8sDS7qMuuMfaomjLLgD7/Hzls7on4xDTSHnNqolVCtsGq bEhKsErjMmwOARvulELJg6nFnrP9tfcDRyy0IYUAdQe9Ckf0BGEqOfifQM7p8sBAI5knaN9zG7i 84EmIfrzJWFeQ8snjuqF8XECfJQujjEVbTNT78FJSO+Z/EM/zUM52Fd1+KeizgD+i6iQxpeXul/ rFzfJF7Saxz5QW6cX6XOfzB6CdJJMYDHxSD3I9uhz4jWmUxcb/DPml3+A9dvSfCuYFlgCRTZeiW Kkiri8TDOw3N4WXwNeksUJVUtLmPW55NhRVdkgp5+v0nH4zCAvLb1rB2blRNB5l06wRJDoBBqYB l X-Google-Smtp-Source: AGHT+IGAeqZ+McRryeGgqFOzw3HwO3Fs4NU8ex0NeuYH4wiS7VhFyW50n3jYgD9tGP1fasJPyc6AuQ== X-Received: by 2002:a05:6402:2113:b0:5e0:803c:243d with SMTP id 4fb4d7f45d1cf-5e4d6b70387mr3929949a12.7.1740978572389; Sun, 02 Mar 2025 21:09:32 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:31 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v8 2/7] selftests: x86: test_mremap_vdso: skip if vdso is msealed Date: Mon, 3 Mar 2025 05:09:16 +0000 Message-ID: <20250303050921.3033083-3-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Add code to detect if the vdso is memory sealed, skip the test if it is. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- .../testing/selftests/x86/test_mremap_vdso.c | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tools/testing/selftests/x86/test_mremap_vdso.c b/tools/testing/selftests/x86/test_mremap_vdso.c index d53959e03593..94bee6e0c813 100644 --- a/tools/testing/selftests/x86/test_mremap_vdso.c +++ b/tools/testing/selftests/x86/test_mremap_vdso.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -55,13 +56,55 @@ static int try_to_remap(void *vdso_addr, unsigned long size) } +#define VDSO_NAME "[vdso]" +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool vdso_sealed(FILE *maps) +{ + char line[MAX_LINE_LEN]; + bool has_vdso = false; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, VDSO_NAME)) + has_vdso = true; + + if (has_vdso && !strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + int main(int argc, char **argv, char **envp) { pid_t child; + FILE *maps; ksft_print_header(); ksft_set_plan(1); + maps = fopen("/proc/self/smaps", "r"); + if (!maps) { + ksft_test_result_skip( + "Could not open /proc/self/smaps, errno=%d\n", + errno); + + return 0; + } + + if (vdso_sealed(maps)) { + ksft_test_result_skip("vdso is sealed\n"); + return 0; + } + + fclose(maps); + child = fork(); if (child == -1) ksft_exit_fail_msg("failed to fork (%d): %m\n", errno); From patchwork Mon Mar 3 05:09:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998199 Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46EF71E47BA for ; Mon, 3 Mar 2025 05:09:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978578; cv=none; b=MLKaPYX/lmRlexzOcBAmKN7QyQzT2jMeViR6dm/nvUGjexGi+6bJlketXPFnVpA/XkF36iJdTaqoFFZAm4SGqFehm+kODwB2VgcqMcwFqipPSLsZdh1CV/0iTqsImOH9wHQnR9LBRMGR49EET9rEZQYptcGptisbJd0kCRYw7dI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978578; c=relaxed/simple; bh=3DY82vtRT01tGrSMnZkHPiBV5qVqgpL5OZWNC8igoDI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=AKoze4f8v9H90+jnSqpV1tV5P9iQx3gh8aLyn4x2UTS6RWTSgQZD2GLRisZK77h2Wzujny5dpXMp08lQkXk5iiiNaipI1+48qFQrhqCtdJJqDNNgNvU+l7yQJc8uEUDFFnjoUBKEZnVszp69yYjNzriQKfK0gsTe0nJziHIALq4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=Sig38sj1; arc=none smtp.client-ip=209.85.208.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Sig38sj1" Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5e4d18a2c51so387002a12.0 for ; Sun, 02 Mar 2025 21:09:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978575; x=1741583375; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0NM3JxIxfGoSiAwP/bRvuWu/M48PsDVjGGpFsNsimuo=; b=Sig38sj1JgcII/AVERM4VHaLiLql0AJKfaUvV7PQOmH3kgTi/trRwk8Wql+/5PjobZ bbSClXA/bzNWgJb5tMgv4sWV5vNmPlDQzjYPMYHj7lzL29N3FFtmDqEPbbexUBaSUq8d gk/4DALJ2d7B1pYNO6NeUYm9/+dDPahGUuWLA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978575; x=1741583375; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0NM3JxIxfGoSiAwP/bRvuWu/M48PsDVjGGpFsNsimuo=; b=C8iZMKvNhm5cIF56oUP/XsDKU6ehE+xA5tnu2DxgZhbzlQqeOD22hdFos+EiivSkI3 jAZoLqw03rk5EVrnc6+ma2nivx0UH+h5kawd+/alTvulAhNBgR8he6sBm2DFQyyHs2gy /TCMxgKRdlL1Qq17Z+lxW4Z9CGZLW7IPtN8YcrZlItfnOSAF9w+KGyNxjJf1UGzPPI2z 0GUm+49GSKyxRD9d8TieEsb6wasGBnjrt/OZdtIbCCRniFRO0cPH/0heADdyX+REyBVA ECqWZ2yId+p2+t5MVOIrbMLmSkv1o9FGAR7aIpdPBu+LEkr/2KiW5G2P5tBavmWvNuAf 6brw== X-Forwarded-Encrypted: i=1; AJvYcCX96k5gHyJK8F1NClBV6uQXKZxCREBmUAjcw+EBeZ9jDeGMi1S3G6rH9RapmzJpBm5HS2Bk+zEoBhqTVcATnB8=@vger.kernel.org X-Gm-Message-State: AOJu0YwGBZUF5jlbDDR6MoDduBlefOCaeVZCfuBt6Ze8NI8PeurM9mve nRqUb872K2tKwl1V+yKKS+lFCXU95bZ8WUhYhDM8rFf6si2Ps5jIEWYfyM0Lzw== X-Gm-Gg: ASbGnctRhDeymMsLeVo74FfaictpSlNeQTPfdaMn6fnQArfjyfXQbAB9wBAG4BhJYHa K7cQTekTBNr4iS41McM70W/lEvdBlVjorrnBRwuESWaSCQaA+e7jg7GvhlKDq8ZjIryOXbFSOYA yrRwf6yUEpeaZ0XpDunpaOptH7gxA+rsZ/O7u9mO42GI1LAh4heBxtrNcHZdnOphTOhTlbaOeDB Yhl8trDqJ26sXgx82WFJc+DvBovNvTUvI+TPfPomt6qf4+M+ERDN+BsIkd+bSqBCJ5Do0fZq3wD jOVc9j5cqxU0Bphw9j/m3pJ5o5duonE0H8G3mRS+K9CIc5UMYpQ3NWcTxI96wQdvTpBD4W75CuL Q X-Google-Smtp-Source: AGHT+IEIzK5DVcy7xN31p85/klW2sNO6ixXa92Wud+ZOTOl0uHG/MytYEvsvME3kstnNOTe7tQRsOQ== X-Received: by 2002:a05:6402:4406:b0:5e0:e845:c825 with SMTP id 4fb4d7f45d1cf-5e4d6b98391mr4616303a12.10.1740978574644; Sun, 02 Mar 2025 21:09:34 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:33 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v8 3/7] mseal sysmap: enable x86-64 Date: Mon, 3 Mar 2025 05:09:17 +0000 Message-ID: <20250303050921.3033083-4-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, covering the vdso, vvar, vvar_vclock. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vma.c | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index be2c311f5118..c6f9ebcbe009 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -26,6 +26,7 @@ config X86_64 depends on 64BIT # Options that are inherently 64-bit kernel only: select ARCH_HAS_GIGANTIC_PAGE + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 select ARCH_SUPPORTS_PER_VMA_LOCK select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 39e6efc1a9ca..a4f312495de1 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -268,7 +268,8 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) text_start, image->size, VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC| + VM_SEALED_SYSMAP, &vdso_mapping); if (IS_ERR(vma)) { @@ -280,7 +281,7 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) addr, (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + VM_PFNMAP|VM_SEALED_SYSMAP, &vvar_mapping); if (IS_ERR(vma)) { @@ -293,7 +294,7 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) addr + (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VDSO_NR_VCLOCK_PAGES * PAGE_SIZE, VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + VM_PFNMAP|VM_SEALED_SYSMAP, &vvar_vclock_mapping); if (IS_ERR(vma)) { From patchwork Mon Mar 3 05:09:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998200 Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAC1D1E7C16 for ; Mon, 3 Mar 2025 05:09:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978580; cv=none; b=DdZbIgqhmkBCIR6kXag9AjRH/2hhBt31YJ/b5D8OQ8DF8N38UDg7SxYA7MXKchqev3F6onYnOp379+54j/eqGxvE9bwsxt+7hbc4Z1Yag2huj0qWKc0LUcij7XdCSfgo9FQ3staqq+VHVz59hWFiAUjGWmOdfLeBx4w5ve5Xz2g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978580; c=relaxed/simple; bh=7zDlhtsN6IWTCHgfTa5SxUNOg/lpgS1kgV2r6nWpBoc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tOxTuWwKVAogO/7arV9M0QJBk+v4gG9rdumRgEKkAfLI/dxS9Q2V8tSByExy9zvqVNCsziANoAZI4gOalPMTitzlJCQMe4NMvyLuNKIW2b1nf5fVuZIFOVqmvZrbmxnUhiwx+Bq2QzYlxu/hVa77BpMn4fuDVnY2q3TShUUlRqQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=dV79NVOz; arc=none smtp.client-ip=209.85.208.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="dV79NVOz" Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5dc191ca8baso774635a12.1 for ; Sun, 02 Mar 2025 21:09:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978577; x=1741583377; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RAoQrXrn6YJEh9Pobcge+uaEegOFqqBxGl0PnC+cOhU=; b=dV79NVOzTKjE5tvz08UdV11IDOtFZLcWwi5/rkKV6JB8ZxXdklyWHyDyfMSls1XuhU Q88K8700NktNr2kU7aQCeVqu73Fa04I3WT8SM0J+p5MIHutkw1jqbA12Ry7EGNMaubmn 01ATJs+zmJh4M5w+RizP0roKiW7IUKF0g9H7E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978577; x=1741583377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RAoQrXrn6YJEh9Pobcge+uaEegOFqqBxGl0PnC+cOhU=; b=Aqh+iFO3ErOGYss8+5tOE8ft80qyUUuxQF59gggOLCLG1AsjiNHsG3huAJ7s1PrNZt 424dFEUOV474fhJ6DTkneafjMnG6UkTdxoDxx37CvRaXMDUqYj2ovUFQhIe3Kma4hPdS P375HZhaHtIq/X5IfkIwhryBHM3ZL0tnejj0VRLeahge42kV76rUhtzv1kU98bPbn0yZ 1YwWUyhtgecMlcHiRv0KZEdJQVgsANO8SaTpy+KCYbmmAQq3FEgxtjU5dEe6Sh7GvJEs ri+Uh3xHwbqMoEWqfufsUYZzm9x2HYbVwTbxE/B8ZH/y+mJlZvbCzXIUf2lpEuL2qbQK Y+iA== X-Forwarded-Encrypted: i=1; AJvYcCXZyxYw4VCGK7+pxdxUslzijzwwV9GhkOL+OH3FKz4TA40pqj7hshI0lRQt8kGjzbYjLceqkJ5zJ5pf6xAGpXs=@vger.kernel.org X-Gm-Message-State: AOJu0Yy+LvNWXNmrGTGahGXHizLYLw6M88p5S5iFGZCPU+8ZsMalAs6C y6rpsjMHtKk6eqFnxqdoabixY/wfqqMQ4m35yE9iOnHMBq//qbkGBUZ7GitRKg== X-Gm-Gg: ASbGncucFypfD/n7ARmmFHqhA9Yq1zKyw0KBJEildgf0RRrypYM8r28Gi/+PGNg3CFV LTtxNO6wZlOrodDp2UMHivf8IbLoNbiCfTnNSbBK6EO8Qo2RZtdZQsqWkoqbzKhrXMmmPxE0UWl E5YF5cbe65Lky6zT980PJBpdF+2DIp9NEeLpN3uWMZGjGv17+ycWxAi3c4yd7oKQnRu/1j3xOru qPgoLYyFIOsUehivw5oYyhZG40xKgzpHcaiN7GqPHtzt6UWBdiErhfkWOOLdCmhTe9MqcuYDrxJ Ctqu7HDbdtKFPYPkn1Jh3rd68lDct3T0YoNk0Tzkxhr5C2m59fQq/hhloSPxW7dSegwfs7u05EH F X-Google-Smtp-Source: AGHT+IFFf+CduNG846GcfkCLdAht/QDxEug4xx+ZimxDfLRqsASOv0BOjbMGqDHYYZSfdkiJ8c/g8Q== X-Received: by 2002:a05:6402:35d2:b0:5e0:7ffd:a6ef with SMTP id 4fb4d7f45d1cf-5e4d6b42c58mr5147613a12.5.1740978577006; Sun, 02 Mar 2025 21:09:37 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:35 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v8 4/7] mseal sysmap: enable arm64 Date: Mon, 3 Mar 2025 05:09:18 +0000 Message-ID: <20250303050921.3033083-5-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on arm64, covering the vdso, vvar, and compat-mode vectors and sigpage mappings. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/vdso.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 940343beb3d4..282d6cb13cfb 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -38,6 +38,7 @@ config ARM64 select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE select ARCH_HAS_MEM_ENCRYPT + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_NONLEAF_PMD_YOUNG if ARM64_HAFT diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index e8ed8e5b713b..69d2b5ceb092 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -198,7 +198,8 @@ static int __setup_additional_pages(enum vdso_abi abi, } ret = _install_special_mapping(mm, vdso_base, VVAR_NR_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_PFNMAP, + VM_READ|VM_MAYREAD|VM_PFNMAP| + VM_SEALED_SYSMAP, &vvar_map); if (IS_ERR(ret)) goto up_fail; @@ -210,7 +211,8 @@ static int __setup_additional_pages(enum vdso_abi abi, mm->context.vdso = (void *)vdso_base; ret = _install_special_mapping(mm, vdso_base, vdso_text_len, VM_READ|VM_EXEC|gp_flags| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC| + VM_SEALED_SYSMAP, vdso_info[abi].cm); if (IS_ERR(ret)) goto up_fail; @@ -336,7 +338,8 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) */ ret = _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE, VM_READ | VM_EXEC | - VM_MAYREAD | VM_MAYEXEC, + VM_MAYREAD | VM_MAYEXEC | + VM_SEALED_SYSMAP, &aarch32_vdso_maps[AA32_MAP_VECTORS]); return PTR_ERR_OR_ZERO(ret); @@ -359,7 +362,8 @@ static int aarch32_sigreturn_setup(struct mm_struct *mm) */ ret = _install_special_mapping(mm, addr, PAGE_SIZE, VM_READ | VM_EXEC | VM_MAYREAD | - VM_MAYWRITE | VM_MAYEXEC, + VM_MAYWRITE | VM_MAYEXEC | + VM_SEALED_SYSMAP, &aarch32_vdso_maps[AA32_MAP_SIGPAGE]); if (IS_ERR(ret)) goto out; From patchwork Mon Mar 3 05:09:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998201 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C01D71E835C for ; Mon, 3 Mar 2025 05:09:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978582; cv=none; b=AGwJKJkuDOGWFHp2MLb0NVqD0Af2y5OBMMvPn//m1UoMXg9ZeRf0s/DLgQ0Jym2i6Xt4iKyNCJmsWzZdyRmJG+bVs9Q7EvS5rOCp648UuFWncYIjvAr4+vzYN69jwtkwnvRfrxUYrIYg6I7PmK6c4A8SO20TwY+r9pWEDHKD+1Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978582; c=relaxed/simple; bh=WLzo15XZCOUhn48p1nU5oCESt5AY/XAN1+82zsPI/4E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EssG16JPztam5bXTMgGvvcKo7OpXyp7f5Jag2M7F75+X9+Uc8RfR9PtTiiGOjwotbpjxUP9xup5f2yXdSJyjSaW1kV/2+5DV7pXVIp1TUQSJY92lGY9W7YpyzH5TnxC7Zc/mc+L0oZ9mMVjoOB3gWGn4q+SS47wmfFWcX7VCwPs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=liCFx+bP; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="liCFx+bP" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5de8e26f69fso914088a12.0 for ; Sun, 02 Mar 2025 21:09:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978579; x=1741583379; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vYjwm8dHrLXGz6gb7qV5M3QfXuZDejaPJfbAmodOPNU=; b=liCFx+bPN8LLL5lhssS5CRtivEw4TPdaaCXsWoGTxBu43/B29kAaBateO593VCtUtQ d+idFLivxLJqGtcQFj2gjgwpF9L0KmZa5FNp9m1ySOLicnTz0i3GJNQ4kCE3sQeXa5jp 1seC5xXl27XTCNdX9/z0V+/qHvEUCL/5M5ySI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978579; x=1741583379; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vYjwm8dHrLXGz6gb7qV5M3QfXuZDejaPJfbAmodOPNU=; b=nlBYKUYwj7oWIFW7xmjVSBfRoirlLdxqbXqpNI31SGuV7VKtSP6R0gJwNiOft1bvr3 aDf/oHAUT/BvicJzg69wdaUiS+3GDl8eyMO5+gJmLsbl0g75/8YDnejwo7K9ViimF99J im/wD/HIyjRSlIwqGnxYUNn8mo7EPeZW/Hi9bAy3QvSyvmISUAcUSoqlm0T7/wsRBeU9 fhd1utMM+pk8P1myDtgt4+BfMeyq397TsLV3jN54HtHRT0m+ivN9wXshjaEL0xe0RQzw DiGBjFdNvG5bKdF9aQVTioWDYd2BLxzygG9E+XDlyE7la9J6IutzPoYqh8lk4kVhL/6C gjPQ== X-Forwarded-Encrypted: i=1; AJvYcCWhaFDonhQzcJoZ3OQcjTnIAnMCWvpa1uPqtttIspwygoU5pxrnBKx+laXOWzSImmxGXwBwOSn0JOrI1Mm5AmQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yx4hkaK5aQMqUtpWTwAr0tspfRXA9Ngs63LQ5P9CW7k0H9UYp5t uLf4fA5XSeU0oKRKMaMAlV9+sXQftakaMQw1dr5kPcZtPpeQ0yZK5ntY3hYtdw== X-Gm-Gg: ASbGncstb8riUV5pXaNqnp/4RJvYU9PaP5aZjbL2mm1EOkxLvToA99YDaKzUDORUl8R lbuFO/q3pRP6XGbVrwnp0h1HcpfrfZUHXllOZFnKGnMhtOZZpIsahrrrXDWpz0U46ZCkIzV+696 LZKhVZey8JrXjwoKi+1Nv5Ni7nV9TTgvAMfNnmEqP6p+vSU4X2W8JR6G0hKRLzj+9Q0ZAzB7m0P 4xqpGzr9C691TBKzkiCuwWXivDFQvxgfbYOjhdrpUM2w9nkk1C5l/v+Z2HHf9bmfNaEiPy4ujgp CCGuB/Oqk6QH318JxnN1BZwarE0u+v+twOMqye1po1P/0dBjvh36wdFyBSqlNvpLQOwSK9YvAlZ d X-Google-Smtp-Source: AGHT+IHtOuKA+9OaPh5jrHwcaVGv4sg/p5d2FB/xdLoG2RY8640XMMB99IsWJcicRocUIUi11DwD4w== X-Received: by 2002:a05:6402:518b:b0:5e4:d192:86c5 with SMTP id 4fb4d7f45d1cf-5e4d6b85dd2mr4581736a12.9.1740978578724; Sun, 02 Mar 2025 21:09:38 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:37 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v8 5/7] mseal sysmap: uprobe mapping Date: Mon, 3 Mar 2025 05:09:19 +0000 Message-ID: <20250303050921.3033083-6-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support to mseal the uprobe mapping. Unlike other system mappings, the uprobe mapping is not established during program startup. However, its lifetime is the same as the process's lifetime. It could be sealed from creation. Test was done with perf tool, and observe the uprobe mapping is sealed. Signed-off-by: Jeff Xu Reviewed-by: Oleg Nesterov Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- kernel/events/uprobes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index bf2a87a0a378..98632bc47216 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1683,7 +1683,8 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) } vma = _install_special_mapping(mm, area->vaddr, PAGE_SIZE, - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, + VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO| + VM_SEALED_SYSMAP, &xol_mapping); if (IS_ERR(vma)) { ret = PTR_ERR(vma); From patchwork Mon Mar 3 05:09:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998202 Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 50EAD1E9B19 for ; Mon, 3 Mar 2025 05:09:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978584; cv=none; b=gcilT1aTAHekDVUHX35rDPPumVtpffh+h+YA5u//7aJK+dZ449kFWnAANwQ89aMtnifRj3JasaVZVmDxbFGhe5OSpagsVPkQu7ZBNAXfKdHWcw+xyQp3bvFML09vEz9Xll7gP1eyj2NWuU7zXYtb3rd7IF8ohDIqCqzP2MF19E4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978584; c=relaxed/simple; bh=6u+r0ovtm0jW5YjCvNxc1YcxBTXJYiyjcM76RIX7sIE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qpsJB8Y71Ny/vuNUQtkiDjdLoSdLetIo+27obmtR2F/d+5l+lc9Ns6uiZZFZcQbEFTAV8Bw58KMre31+r4XNZup/8Z8Cj36lqLy5MTUwoqYUlU8zFMb+IcHrsfzeTVg2ssxXt7e8vbi3GRMSjxB0YyjzhQCdKIXKC5SGgQQaxmw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=lowmE10z; arc=none smtp.client-ip=209.85.208.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="lowmE10z" Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-5e4cbbb37ccso386184a12.1 for ; Sun, 02 Mar 2025 21:09:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978581; x=1741583381; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tnEHm8Q2R+qf55+zK9cHcOTX+1u/tw9AcohnyzHuWzM=; b=lowmE10zZjRfpjgY3yGz7s+cYg8TFDsROAvSHdr4FSL0TMnxo+7fLlN7LfOg3KTeHp uDaqA7GYdtJ7Dru+DB+S44hOsYpD3uDzur1TrWH55Jw+bJgOYuUAIFFz2nksHr9vqSZC w6obBXbSKu0yqELGxxSV3UCz6MU6ndk3/EO8k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978581; x=1741583381; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tnEHm8Q2R+qf55+zK9cHcOTX+1u/tw9AcohnyzHuWzM=; b=Z4bLtYQWBFEBWMJfPNmgLJdWJ3cTFlUsVXSl6VBOOEYY6T9oQKlmaABkEsVvsaQlD9 pidOwqcQB3N/pmR5d+CX5yTxdU9XGD/GBCt0CjrAytRpzKt4xtIqVgUDbOCP9kN7wT4U 5uxvrmr/VFhYZ6uDCHvzvPdGWhVmGISw3ipL1W73+KofT0DNxhjeZFoIe/46tOpHRq30 HPDeU6WJbyiDCwDsgua0kPAmTAPmcpEBXLhcR82uVqNXzYtUaPrsdbItf++NX37JrmYZ P8f3OJcCQdu9p2gwDWO9iXrvuq33pPtLEWuFvDmJtK+mb3d9Xq3iu9wWmik8kXoa4dui KjCg== X-Forwarded-Encrypted: i=1; AJvYcCWL9vZksswGoysjrI4scfyg/AhjDbhUs2YgVcjbSzYbaqdBQh6TGp2wsSGQqlbXR5kJdYn1gYyS5ucDgTxUllw=@vger.kernel.org X-Gm-Message-State: AOJu0YzY3g59lYpPBe4zM5/2/Oq6NtVakvixYrSS5+PrupEOwREvEX5P N2oQSdCqivSVe0LMGSFE9wZ+aBpcoaww6kdoIBo4ZnoU5qC7PwpcK7im6oZ/1A== X-Gm-Gg: ASbGncv9mW6gl0hTAmxjmHqMGup4OSJM8qThd2uIj+BP9LyD32OKleYiMHa0tiCRAvw tY9Xp1GLbAstcTrxQkSD5VRxtgTu+fOadCcXp3iLylp8JPAPPbeH9fbCtLDC49zV094pvS/sIFj nStPWL5Qq7I/+MqeB95OssgJZi637yeqn3g6h0npV8Y8Go7mfVmJ0Iev0hgttMtOs3d97coBbbQ TRRDf6OVUJ1ylbQayN7RLPwEwvxutPHI2gHgwa8LPjb7NULsNJlFn8I4gEMrQGq3JtD4P18eP2R 6rxOuGyMv6lNfd5pperRamCEZoxet8wDjPvF2DpyKzahQaePARPh9WN6ju1YlUpirq8flp3+ape w X-Google-Smtp-Source: AGHT+IGr7aLO58G4GmFia0KH79zY4iYQWcKqxIsMg7qlBQCpzajCy2mPKds0czrD1eMZhOSnlodKgg== X-Received: by 2002:a05:6402:2550:b0:5e0:82a0:50b6 with SMTP id 4fb4d7f45d1cf-5e4d6b57020mr4945161a12.6.1740978580628; Sun, 02 Mar 2025 21:09:40 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:39 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v8 6/7] mseal sysmap: update mseal.rst Date: Mon, 3 Mar 2025 05:09:20 +0000 Message-ID: <20250303050921.3033083-7-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Update memory sealing documentation to include details about system mappings. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- Documentation/userspace-api/mseal.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst index 41102f74c5e2..76e10938302a 100644 --- a/Documentation/userspace-api/mseal.rst +++ b/Documentation/userspace-api/mseal.rst @@ -130,6 +130,26 @@ Use cases - Chrome browser: protect some security sensitive data structures. +- System mappings: + The system mappings are created by the kernel and includes vdso, vvar, + vvar_vclock, vectors (arm compact-mode), sigpage (arm compact-mode), uprobes. + + Those system mappings are readonly only or execute only, memory sealing can + protect them from ever changing to writable or unmmap/remapped as different + attributes. This is useful to mitigate memory corruption issues where a + corrupted pointer is passed to a memory management system. + + If supported by an architecture (CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS), + the CONFIG_MSEAL_SYSTEM_MAPPINGS seals all system mappings of this + architecture. + + The following architectures currently support this feature: x86-64 and arm64. + + WARNING: This feature breaks programs which rely on relocating + or unmapping system mappings. Known broken software at the time + of writing includes CHECKPOINT_RESTORE, UML, gVisor, rr. Therefore + this config can't be enabled universally. + When not to use mseal ===================== Applications can apply sealing to any virtual memory region from userspace, From patchwork Mon Mar 3 05:09:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13998203 Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1B391EB190 for ; Mon, 3 Mar 2025 05:09:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978586; cv=none; b=TteFbvPndfd9tt3BCyZWFobL8GycIJtKtZfkD/CSzlNmGnZfncz7VANQVTP4JN8Oepq5YdDkq5Qkb4lNoGzP7N3gTjWnCX/831bMwfjpojuMbFcMJOzmCD6iO886FfeKSn18ULLzGDXvH1hAYezrmdMZ0r6lnRGfWll3/JQjzsA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740978586; c=relaxed/simple; bh=INS9DlGcwtOWdHzzaCwgHMRJeqld1ZamApqFE5VhtYQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BX0dxo1DOafL2KHgIFSTNBNz9DOCnLFL5olSjpxJ1yyI9eXQCWwSFMEJ9ok7AQZYH1hUxIHi9WlsVM8hytolncVS3YTNF8mkq9+xOz5eeeNPaDG1A8Rf/gsIVoxlaM6nFhMT5kgUferfBW6ubZWFSphvwZFoTJMnaaC9MQ72iuk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=BAEYc5OC; arc=none smtp.client-ip=209.85.208.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="BAEYc5OC" Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5e4cbbb37ccso386194a12.1 for ; Sun, 02 Mar 2025 21:09:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740978583; x=1741583383; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=d5fgysdw0hYp2QViiRgS1DaKy3XnISgvx98xYEVPXVE=; b=BAEYc5OCYLDtJLwGdNBFLuD0adXaXVGRgNodKEV/3Mf3YRnu3RgVWELUIcrwygBKb+ LIyLTgiP5h2hNh3FEw6LTKGyC/hvmrYNtumoxLpma2Lbna4ygle3HGkZZxYKBkT0odkt /+xwC4LyiHmpvzysJ+/40RjfDR2Gv5BUDa+Wc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740978583; x=1741583383; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=d5fgysdw0hYp2QViiRgS1DaKy3XnISgvx98xYEVPXVE=; b=Oz+1cNUzgkPPoA/hRyDNzcDzBPkbX3mas7pOAr6Ul32iSeXl4VFvvvnauXvjkGD7Pv aVE0/V8+yfU7MpDO82xgoWfnomj8tKG5fG9YWFZNK8r8LMmVkONAXpe8+OFbi+yjgOFS pr2Yqe4+LKbm0+dT+ij1eqyxtf4ArUahDYVB1hWb5Fzd06DTCyvjGVdv/K3LD1zT353B 41tnVLkK46LD/J5a3As1bNB/XgyScGKvPlMGuRf18iJ2oMIBXqjs4RqBJD6mnXWzGoXf I9AcyN5/9Jy+9Cu7yN7NxPP/q1kapBUonJqrCfxR++QmT49zUG6vExlG+twf5dRmDWwK Yrpw== X-Forwarded-Encrypted: i=1; AJvYcCU6rM8IuHsgtrd+UGuoTIJya/A28dFjN6Iu8WIV1Qvm8I7oyKBF2giqy+exZNhKqJVWhidDI6ewJCs9oamdvkg=@vger.kernel.org X-Gm-Message-State: AOJu0Yw/NyCWukPlXsP3EkMaA/MOB+bc8IUdvpHGFjocf1F4pzMlZ6ft iliefAJ/cedACg+hE/fs8KLBoJbsC6KDFWSY89zVxbKFsd+YnMA8YsbA6cEY4w== X-Gm-Gg: ASbGnct6aVgjJyyg4wx/b0fCgiEqe9T5tqPX7CVZP8HxKe8Dkxrm7uJxvNLOsqthFB5 G5zeI1H8QswfHTBnnZj9vFVgiZX43NsdG1bVg+z11JQ2y/rEweAg4xKY1z/LvbU7PkM1Lssq8Pw 8Ac0xZL6DstiYX2/GyKoVhTCevQG1V1JIHnu/BFhSFIxD6HekDrZmZI0+eGK/FQ/68FTzowGkDV PFX5oDP4+zj8JEqRS/iryIXFIR8boE0lzB2lNQ0cYi8xddmcB9mmgImLcPY4QhBlP9kUOkRRY3m 6bP99OWZGx1go0QFg5XcAyiCJpcRhlJXouaQyRxOebw99/X2/6Zlquk5dMCjC3xOti+kgTP4pQ3 7 X-Google-Smtp-Source: AGHT+IHTdlg4uwUS2DR1NxqiIsQtmp7SzqfKi1TOhCGqRUS9eLAof+QK26Tfrj2rVc6wBqo4vEC8Zg== X-Received: by 2002:a05:6402:35cb:b0:5de:d6c3:1119 with SMTP id 4fb4d7f45d1cf-5e4d6ac3cccmr4772163a12.1.1740978583010; Sun, 02 Mar 2025 21:09:43 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c3fb6067sm6248635a12.50.2025.03.02.21.09.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 02 Mar 2025 21:09:41 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v8 7/7] selftest: test system mappings are sealed. Date: Mon, 3 Mar 2025 05:09:21 +0000 Message-ID: <20250303050921.3033083-8-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250303050921.3033083-1-jeffxu@google.com> References: <20250303050921.3033083-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Add sysmap_is_sealed.c to test system mappings are sealed. Note: CONFIG_MSEAL_SYSTEM_MAPPINGS must be set, as indicated in config file. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes --- .../mseal_system_mappings/.gitignore | 2 + .../selftests/mseal_system_mappings/Makefile | 6 + .../selftests/mseal_system_mappings/config | 1 + .../mseal_system_mappings/sysmap_is_sealed.c | 113 ++++++++++++++++++ 4 files changed, 122 insertions(+) create mode 100644 tools/testing/selftests/mseal_system_mappings/.gitignore create mode 100644 tools/testing/selftests/mseal_system_mappings/Makefile create mode 100644 tools/testing/selftests/mseal_system_mappings/config create mode 100644 tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c diff --git a/tools/testing/selftests/mseal_system_mappings/.gitignore b/tools/testing/selftests/mseal_system_mappings/.gitignore new file mode 100644 index 000000000000..319c497a595e --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +sysmap_is_sealed diff --git a/tools/testing/selftests/mseal_system_mappings/Makefile b/tools/testing/selftests/mseal_system_mappings/Makefile new file mode 100644 index 000000000000..2b4504e2f52f --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/Makefile @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only +CFLAGS += -std=c99 -pthread -Wall $(KHDR_INCLUDES) + +TEST_GEN_PROGS := sysmap_is_sealed + +include ../lib.mk diff --git a/tools/testing/selftests/mseal_system_mappings/config b/tools/testing/selftests/mseal_system_mappings/config new file mode 100644 index 000000000000..675cb9f37b86 --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/config @@ -0,0 +1 @@ +CONFIG_MSEAL_SYSTEM_MAPPINGS=y diff --git a/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c new file mode 100644 index 000000000000..c1e93794a58b --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * test system mappings are sealed when + * KCONFIG_MSEAL_SYSTEM_MAPPINGS=y + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include + +#include "../kselftest.h" +#include "../kselftest_harness.h" + +#define VDSO_NAME "[vdso]" +#define VVAR_NAME "[vvar]" +#define VVAR_VCLOCK_NAME "[vvar_vclock]" +#define UPROBES_NAME "[uprobes]" +#define SIGPAGE_NAME "[sigpage]" +#define VECTORS_NAME "[vectors]" + +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool has_mapping(char *name, FILE *maps) +{ + char line[MAX_LINE_LEN]; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, name)) + return true; + } + + return false; +} + +bool mapping_is_sealed(char *name, FILE *maps) +{ + char line[MAX_LINE_LEN]; + + while (fgets(line, sizeof(line), maps)) { + if (!strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + +FIXTURE(basic) { + FILE *maps; +}; + +FIXTURE_SETUP(basic) +{ + self->maps = fopen("/proc/self/smaps", "r"); + if (!self->maps) + SKIP(return, "Could not open /proc/self/smap, errno=%d", + errno); +}; + +FIXTURE_TEARDOWN(basic) +{ + if (self->maps) + fclose(self->maps); +}; + +FIXTURE_VARIANT(basic) +{ + char *name; +}; + +FIXTURE_VARIANT_ADD(basic, vdso) { + .name = VDSO_NAME, +}; + +FIXTURE_VARIANT_ADD(basic, vvar) { + .name = VVAR_NAME, +}; + +FIXTURE_VARIANT_ADD(basic, vvar_vclock) { + .name = VVAR_VCLOCK_NAME, +}; + +FIXTURE_VARIANT_ADD(basic, sigpage) { + .name = SIGPAGE_NAME, +}; + +FIXTURE_VARIANT_ADD(basic, vectors) { + .name = VECTORS_NAME, +}; + +FIXTURE_VARIANT_ADD(basic, uprobes) { + .name = UPROBES_NAME, +}; + +TEST_F(basic, is_sealed) +{ + if (!has_mapping(variant->name, self->maps)) { + SKIP(return, "could not found the mapping, %s", + variant->name); + } + + EXPECT_TRUE(mapping_is_sealed(variant->name, self->maps)); +}; + +TEST_HARNESS_MAIN