From patchwork Wed Feb 12 03:21:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13971018 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3F19C0219E for ; Wed, 12 Feb 2025 03:22:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 45E036B0082; Tue, 11 Feb 2025 22:22:00 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 40DEC6B0083; Tue, 11 Feb 2025 22:22:00 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2AE936B0085; Tue, 11 Feb 2025 22:22:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 0C6646B0082 for ; Tue, 11 Feb 2025 22:22:00 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id B8FC3815EB for ; Wed, 12 Feb 2025 03:21:59 +0000 (UTC) X-FDA: 83109843558.01.DEBC5F8 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by imf26.hostedemail.com (Postfix) with ESMTP id D865F140003 for ; Wed, 12 Feb 2025 03:21:57 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=L92Su4Kh; spf=pass (imf26.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.216.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739330518; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=VhDIo/pgY9uUkXE2IY3OHzZfG1I5TLyMDQUSWmrc3tE=; b=R0Q7YPpd9wYfV8CGP+CYunA50Y0BMEXAhr+Osk2W63GgfDE92FkrG3qg3/TPnMK0I3y3aL JDf3ZimeU1INAw4t1dS/H4IBYSuZk0nwqLeGRJB3Jj/R1l8YjdA+dFZGGYz53zA1dKCwKN 7Lpwdq5NMquTivH3o0ilKdbseYytJT4= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=L92Su4Kh; spf=pass (imf26.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.216.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739330518; a=rsa-sha256; cv=none; b=xX1IPkrtZ6LUZ5rqgQRz6W58Rf1bmbOUNDpIAttk59W2GR2Trp+UdZgTs/KWwf3qcx/+HT i5zQAaXiOzEqUs3ihrGGYJYu4i8lvW/sSfg+LbetgTDoLK/YG/aQl4k03XBrPtRrXc5XhP 2/u+lJHbRW2rEhoRhSbTgeMUGfIQQec= Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-2fbfa7100b0so48404a91.0 for ; Tue, 11 Feb 2025 19:21:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1739330517; x=1739935317; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=VhDIo/pgY9uUkXE2IY3OHzZfG1I5TLyMDQUSWmrc3tE=; b=L92Su4KhU5Bd9YnOhJ2iCfr6U9zQQy1nPWYoGX1xyIz+2kxqTWzWeyKtR63gkn0X3L l+Gbt7K8wxmcbmPYAAvGid8Dvhi4wYqkTDmvypLMbogbEgasgWkXfRNnqwGBRljzUoqW idyMFu8w3hdbroyePMWZyO8055Ulf+P5yuZHE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739330517; x=1739935317; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VhDIo/pgY9uUkXE2IY3OHzZfG1I5TLyMDQUSWmrc3tE=; b=UBUyPDA83eGSFKFtHivEH50pEMFilDKXfSslkKs6+X435L3kOE4J9MFxC/Tp9vumbH mWBVP244wnUcIVMiiq+M5bdG1Xj13erxMn2WJ0srkgvrIhse1wuyU7Yt7UW21NIKx6qy i8IpNdkMTxR0uBdJsjmkNIAXg6BGJRmrQR//g/nhmpU1xtnFs5uwy53phmcaWcNvR1Pl mOM1Sy9f47m6ub8M2Bw2mgzsI03bjpZ6jNJhm1HF5Xl1fMt97OqNPnga3TggRmjLJ79A miQ9Jzsp8fE1cdabWvcnNADcjxLde4khVMcVKtiZpOHcIhHK8o9hbKTYAM/runan++u+ gE2A== X-Forwarded-Encrypted: i=1; AJvYcCUyKhUWrmpo/9p+JqSn2jOmsPlzpul8ZpsvR90mFima+2teFxOZoF7MDFeLOR9W5c7iJqNfUCYyVA==@kvack.org X-Gm-Message-State: AOJu0YyDWqfPZmy9rVPM2J+MKljre0Kw7x3q/JLEN8X3woBmvP52sT4Y F1JrNWIPALsHSTGLGWoyHbQ6nHUACDerIjW/kj8lu8zsuC8tLnPptzZ2CuPhyg== X-Gm-Gg: ASbGncsBzisUMLHC9UnEAA3nkdLkZgEPNTjuI1MgX/GBLPEN9WgNgKmoa8owzhbgMTr QAnXI3PZVJHK8GuTYVzKM5psPZcfkCmCYMtc5vHkq9xmNi6sSwxOZMltTBjg2djuTKsGMllE6j9 CRaRWs1g1beAggjJkDspR0Ergb3aiXW+I9WOpUVbUDF71IHCZBV8S6zIFzKjNAKsTUnO4eQfVZv aCzy8X46rzQtYoXQIapwjAwzlsHFF4HcJYLkDUUD4G+IMftKQ0IpabiVtnOkCuVVdx5MDBiYnZc bm75eGkjqcL6cz/FzFaUx0ia4JIHvc269HGmVa2HlR9VqMcV8Q== X-Google-Smtp-Source: AGHT+IGj5JrfUFtJivT0L1NZIctVTEv6fxRQRRuajrSnp6hBeSeQ4P2FV57Y3QZUw60ZeV22PTo0Gw== X-Received: by 2002:a05:6a21:6d97:b0:1ea:ddd1:2fe4 with SMTP id adf61e73a8af0-1ee5c8e9c84mr1016097637.0.1739330516623; Tue, 11 Feb 2025 19:21:56 -0800 (PST) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id d2e1a72fcca58-7308ac1a373sm4777776b3a.41.2025.02.11.19.21.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 11 Feb 2025 19:21:56 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [RFC PATCH v5 0/7] mseal system mappings Date: Wed, 12 Feb 2025 03:21:48 +0000 Message-ID: <20250212032155.1276806-1-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: D865F140003 X-Stat-Signature: 6ycjw41frj6njcxb9fzdpacf5bdjyfh1 X-HE-Tag: 1739330517-57809 X-HE-Meta: U2FsdGVkX18XJpDwjITGg8STlZHpGEmMtVpkeGNii8Y5yri8A/+wATHcOJ+5XHTLWerqzu8jrHtz5qxvG7n1Gk5BJvZFg4xd+hK3SukXCMQXUm/Og3DKji4xdYpb0mw70B3sBUx4ZUqdWRrjHLOiGTFXgDAK5y0zKu3d/l4Cbc+4bBIyq4Cj4WrGMFA4xEW3jTchB2gQdWvZH5x5m6rN+scsp8vudxyjvKhys921nBZU5+5RiPYe5DRTSebUrQKc4dsxNlMilJl+0/ZXnbzHFDdfu82HNyP3fqh4AX6OG0pXjfMhEYZBj/twBrMkBI+1fxzXxPnDLGUf6XndYQRJ5rSnobZvDwvb6SkitlpA4CcP9yax4t+jDFwH08s/xQ1seFpcb7VG08hBCeFCinU03jDwkb7U1FPpnjtm+KF5Qe6gC5XeNwou54hvoCF/RVAQBNXdRjNW4Gv0R+ByD0lprL6td1HfEPDpoecI0W9avAhIbinUVvQCPCOocbkIqsoBb3buUgbTDOHWdv35JTuqn5zgq/gEbuN3+UDpqvO1HFn/sYSqJObjRX3ivvcWyGVT7ERnuGq2Rr9x9MUdp/kJZ6li5bU7078bLiRXXr9YKmzw3Cy/DIrfFVaZqJb5vYVF3zOM73Q+nUpVIJEzK2DI9qRGCvss99VHSBU1Ql4LLUAF2lsdt/Fi85xDNvY4+qYDdVVnoViMGwm6S9T66+dx9ICcd1ZD/Yj+RuFwTKXCFyAh9hHn9lF1jnWmkAyb/5CqCWAy41ryuh8M8Shdgns3cVFCTORTNXW1v+/CuJReWh9eB2r6pfO03hBj+fkkP+0A+orQOmJwzRzgGT1a83dga27Oiu5bVQQUfgcRR2Z5ndFCWT0wJFVzP6mE8OtK8+AG5+AlKRYEPVFc6uMRC7aZbupcXBrYAmmVTar/6wfFNIvEkdwOZ9gy2fiqrGVJDZrw2C+QDRCPvE9YZlspp89 vAyuUubc mS3i6SrGXuiltLU3TqZ6jMYdgNGRLJXof4UBLTBF3yt4uh2e/QqfZ46j8dQ7wlE3O3ANulpvMT0jGd7Zs4VnvdeC5CS7HuQ9+KFAAQw2E8g3ngLmvzAqMXtrvnpzOBqqicFYnM2if/pr93YjZ9pAtU+OKm+BlGUlqx+PjS6dub4m+nD8ok6kihpTXFuksK+288Ts68fVcGxJjSi+r9xuvfLW3ckmdqFYIAlmgktiMuNWcWoozR8QGAccd6cb1OVqmAAC9b5jvWyTZB0ef9XthWKQtDUcs4Z6YRNeflvDh7aCjkjdS2AfNPfWEmXj82DsIaaoQ4EWtVUou7By2YiVNqMiwMAqh1PiLMsuhOQle9gKzKgDZsXr095pkbzCqbrelPaeC X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jeff Xu The commit message in the first patch contains the full description of this series. ------------------ History: V5 - Remove kernel cmd line (Lorenzo Stoakes) - Add test info (Lorenzo Stoakes) - Add threat model info (Lorenzo Stoakes) - Fix x86 selftest: test_mremap_vdso - Restrict code change to ARM64/x86-64/UM arch only. - Add userprocess.h to include seal_system_mapping(). - Remove sealing vsyscall. - Split the patch. V4: https://lore.kernel.org/all/20241125202021.3684919-1-jeffxu@google.com/ V3: https://lore.kernel.org/all/20241113191602.3541870-1-jeffxu@google.com/ V2: https://lore.kernel.org/all/20241014215022.68530-1-jeffxu@google.com/ V1: https://lore.kernel.org/all/20241004163155.3493183-1-jeffxu@google.com/ Jeff Xu (7): mseal, system mappings: kernel config and header change selftests: x86: test_mremap_vdso: skip if vdso is msealed mseal, system mappings: enable x86-64 mseal, system mappings: enable arm64 mseal, system mappings: enable uml architecture mseal, system mappings: uprobe mapping mseal, system mappings: update mseal.rst Documentation/userspace-api/mseal.rst | 5 +++ arch/arm64/Kconfig | 1 + arch/arm64/kernel/vdso.c | 23 +++++++---- arch/um/Kconfig | 1 + arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vma.c | 17 ++++++--- arch/x86/um/vdso/vma.c | 7 +++- include/linux/userprocess.h | 18 +++++++++ init/Kconfig | 18 +++++++++ kernel/events/uprobes.c | 6 ++- security/Kconfig | 18 +++++++++ .../testing/selftests/x86/test_mremap_vdso.c | 38 +++++++++++++++++++ 12 files changed, 137 insertions(+), 16 deletions(-) create mode 100644 include/linux/userprocess.h