From patchwork Wed Mar 5 02:17:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001871 Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com [209.85.218.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1DF5151985 for ; Wed, 5 Mar 2025 02:17:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141044; cv=none; b=pw5G4lGVEiZmJZKa2zUJ7fuzkuj6q2oTj3R/N7zGsR/YUF7Eb5qsxCcjEK8TpaIz9QpbLLkScQm/py7KkWQsA/cd6OsU/GEeGBrVXtHRGfBXjM6FaVPH+jmLZf+FCeXtzXps9K8KRcLwqaRwRcVZaL23GsQfUhERd89Rm5GDHVg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141044; c=relaxed/simple; bh=Lwirzx82Cwj4cIROcGyzk0QJ025NE1gG42EW69viQ5o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kNT8JR5uWhfL59i8vdsk5sM1pFn/8OlltanmySy9g9GU4IBuDaai9cdXQINANxFADaPzyqkDPrP1y3UO2MYsc3IZhWumrJibh7nF12c20lNUzzj+6JVdVtgdN0+m9MaQe0S9wmW5fBON+NAS2fJBG3EU+k/PAzB0odbw/uzZW6I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=PiHN9kP5; arc=none smtp.client-ip=209.85.218.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="PiHN9kP5" Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-ab7f9f57192so96668266b.3 for ; Tue, 04 Mar 2025 18:17:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141041; x=1741745841; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6rvSTlkpvpW7p+80Sjr3aDnt6o0B0yeaCG4YXkElwWc=; b=PiHN9kP5LAPdvY8W/S2XGXdoZ0jJmrTepauuM/T9EbcQz5csksWhfLMk4NjXwc0BsF sOtpQ3Rzi3Z5P+88EVT5PXbpUJM9a5B094Kim1ixzaKZjtAPqPtLdqc0gcKE4gPyuss3 BUDQpeGcXSkLBn92q0+IzfP+MOyyAb5Uh8qPk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141041; x=1741745841; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6rvSTlkpvpW7p+80Sjr3aDnt6o0B0yeaCG4YXkElwWc=; b=uXsH1V6Iog7tKJpqQbK/cNArqRbLyOD+WQ1OQzg8+dMCLvNo/+G2D2UvtfgQjO1KQk 20mT1dsoQTtF+jA1MWHR1BPnROOauBfhhaaQABMd/pdsb+BbeteJgYuU9njUqBNZhOXp Ysb8u7OAWm833hY8FMRauxljmZxnr7+KrrHNA7oIHlpcl/5h/MYZEOZV479JCvIp59Vi 29zZ5zmt1xWLWZN3zFAGzq5vaAv6YfQ13uNj0jct3fIV9JHRWW6sD7WizQXCcLWr5tuL QoXljGQ5P2Gok32lzkThmE+ZqfFYYu+YY3xn9dWinCDyGDfw1uPh6JOGkKpgUkkiJP8H nSWQ== X-Forwarded-Encrypted: i=1; AJvYcCWWVayuyPoj84SNRckR2aoq7X1vCg5y4FHBUmYDqvEl3af5zUQ5bXcacJX/A42RU68lq49pfAVguAZ+bJKuV9M=@vger.kernel.org X-Gm-Message-State: AOJu0YzwDbcNIjSVVehUUwhTSxDMrfA8xha5C+PQjZ16Y9hZE3L9GyRD MLoRSRQ6uTmxLiwnSPhnA8vg649X6EzcLTJKXe2zZyRj5HiTxJ6MvvQnXZpKQw== X-Gm-Gg: ASbGncvj83/0HRh6rTWE9755WKhXcWuFn0PzTW8Lfa1FOIqIQMJ7aNle+yQ1oD8ZA94 Uw7H1bR6NKRPdYq7CSw+Wy1PQuoBFpZ8gRCZtLzva+C+rm3SZyyLWLV70tV1wN/w50NzFR76Cas DY8MBFL+A4qjW2VrDDMnliLMT91Ym2lNGYw57gAh4y+9o9pSTtjX1imWurHtLdFev+S1NVcHtxJ H+b1yWJmjwLTU3U2cFrC++KVcvDUjl+kl7V5ZF7m2Su13L1Vd0D6ojXA1a9Y7bw5mCLnicGnGEC hkWskOCjt6XEMILrk+hx+M3LGSQWX6oQ2liEkg6vVjHTav81KtM3Y1cj/xghi+yJjr3MiXPMpQK D X-Google-Smtp-Source: AGHT+IG4LOJECTRz17K9A3USe11OyP2C9IBySPUjmXUBtjR0nV5q11MemrUEwg48VpC14wTFHsEuNQ== X-Received: by 2002:a05:6402:34d1:b0:5de:ce71:badf with SMTP id 4fb4d7f45d1cf-5e59f45048dmr459772a12.6.1741141040807; Tue, 04 Mar 2025 18:17:20 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:20 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook Subject: [PATCH v9 1/7] mseal sysmap: kernel config and header change Date: Wed, 5 Mar 2025 02:17:05 +0000 Message-ID: <20250305021711.3867874-2-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide infrastructure to mseal system mappings. Establish two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS, ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS) and VM_SEALED_SYSMAP macro for future patches. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes --- include/linux/mm.h | 10 ++++++++++ init/Kconfig | 22 ++++++++++++++++++++++ security/Kconfig | 21 +++++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 7b1068ddcbb7..8b800941678d 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4155,4 +4155,14 @@ int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *st int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + +/* + * mseal of userspace process's system mappings. + */ +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS +#define VM_SEALED_SYSMAP VM_SEALED +#else +#define VM_SEALED_SYSMAP VM_NONE +#endif + #endif /* _LINUX_MM_H */ diff --git a/init/Kconfig b/init/Kconfig index d0d021b3fa3b..7f67d8942a09 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1882,6 +1882,28 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS config ARCH_HAS_MEMBARRIER_SYNC_CORE bool +config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS + bool + help + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + To enable this feature, the architecture needs to update their + special mappings calls to include the sealing flag and confirm + that it doesn't unmap/remap system mappings during the life + time of the process. The existence of this flag for an architecture + implies that it does not require the remapping of the system + mappings during process lifetime, so sealing these mappings is safe + from a kernel perspective. + + After the architecture enables this, a distribution can set + CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config HAVE_PERF_EVENTS bool help diff --git a/security/Kconfig b/security/Kconfig index f10dbf15c294..a914a02df27e 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -51,6 +51,27 @@ config PROC_MEM_NO_FORCE endchoice +config MSEAL_SYSTEM_MAPPINGS + bool "mseal system mappings" + depends on 64BIT + depends on ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS + depends on !CHECKPOINT_RESTORE + help + Apply mseal on system mappings. + The system mappings includes vdso, vvar, vvar_vclock, + vectors (arm compat-mode), sigpage (arm compat-mode), uprobes. + + A 64-bit kernel is required for the memory sealing feature. + No specific hardware features from the CPU are needed. + + WARNING: This feature breaks programs which rely on relocating + or unmapping system mappings. Known broken software at the time + of writing includes CHECKPOINT_RESTORE, UML, gVisor, rr. Therefore + this config can't be enabled universally. + + For complete descriptions of memory sealing, please see + Documentation/userspace-api/mseal.rst + config SECURITY bool "Enable different security models" depends on SYSFS From patchwork Wed Mar 5 02:17:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001872 Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFD8715CD74 for ; Wed, 5 Mar 2025 02:17:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141047; cv=none; b=HcyYWQp3MGiePyYkQUN1OSZFRGWy76pHiB49uCraKYLhZqDrsUErH7Aj94aFBXSbZ/CmszbhGWXQKqLopmBEdyiY4LgCbrmVfa0kUD2TljMo35EDcH0qg+RA9QWkeE7+zwh0eaGlWRz1dyBgu9+1n0vK6k4QVnLB9M0wMiErKxQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141047; c=relaxed/simple; bh=WkYih5t6WQKzC8SRX+eOO5zI9Mi24DV+jfAcAFV75MQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=B1jNm/DZh/LPX4BC+MeyBtiWHjqFjsaAueCpdsj4Wlskn2dsg22UCcrCgYq/kzEmVEj/1W/MDNUIzgInx0Awkc7D84xh8FX6w2gQoS5Sde42gVU4VwsPbAWXEgWdIxGYgMWwZdSFDsFdt+KcKg7qICMKGgaj+Sl8XkrnEpDkeeI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=AfJDiRoO; arc=none smtp.client-ip=209.85.218.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="AfJDiRoO" Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-abc28af1ba4so128384966b.1 for ; Tue, 04 Mar 2025 18:17:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141043; x=1741745843; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Jha9BeMcP/SA8VECG4X9DDtpBo8dKz3YZuDo79u+NoA=; b=AfJDiRoOsd3ep55dVYZoCJpcULd7b4yLl7/lmXiIdGZFezcWwYH+EuMQxMP1OJvloP SpzCZYx7DyKiBz2C1qZlTDfC6WWGwPRVQIjkuHJhVy+NaXYj9PxisenjXbpS1VXLCyMZ IDReA9pOqG5uYwXtwULDgrhb4hwTm6hMV0C+o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141043; x=1741745843; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Jha9BeMcP/SA8VECG4X9DDtpBo8dKz3YZuDo79u+NoA=; b=WRhULXfgxkFpXkRpeQiSYmsdJrLxX+bhL9WUh2KwFdNoYYIEIQxxfyhzuqzp09tEGs 5oMGS9ov3RtZjMi7ZNNQapx8tIDDHjqce5TPgGqwkQXq67wEnO6XmSLGOzMpgh7XDXMi w+cp37PRV5Pb3zvOPKDxRHekfvKKYlK0ZMVlVBgbXdZ53vwA0PgPxGSL+7ad8EcDO8CG d7nOjC79KVtlc3EKoDOZfPzjUxG15aGufePmLzW8xBd2Rc7fauujuCVAVG2m8+hKSUvL 3e8sBUX0z1dCoz/nCKM3O+o3CqgohtGUHEjT4NOmj1AONfAHpGWtiNi7c0x7+tIFxJ3J ZkBQ== X-Forwarded-Encrypted: i=1; AJvYcCUFDTFs/X5Cix4O2Nq+xhggiQgXVn930a1cj41ZiYzo9ljNNTD3yVot3lzja0mqc/hVEqaZVYqLpwFiq9U4CZs=@vger.kernel.org X-Gm-Message-State: AOJu0YwaJWW8+x9T1E/axuX7R1tIY8ZR7gO0KjHcdb05ihpFz3hwORCl Q/mUC/nRZSxo4I3Au5yjWWL9nj7dCBMyukVAPflts8b6+Qemx59y5DJ4OQdAYg== X-Gm-Gg: ASbGncun9T67qxW1cE0Nfgh0ijRw26G710JGrc2uqyRHCBdDJ7zjUmpOaqRTEpejqhr ylMgqLFSVsPewLRXBT9aKxgLUCKvs7rDRyjgn4BIcq2PkNkGksPc2MmJKWyUFeGHDzsQNCDaWgm NGvdDXLUPQcQ1L4tTRFxwBJNtmAGdhSSlkKYg45Dtgexw8P9VPlO+fNYro6JfbZFj/oQjU4ruLI b7cw8UjlViVaI1UL2aB6HM9Rv42bl5xz5MbGdSozfhdB0oqglgRJzIUhBQd1IEFoLBZJcQPdggX 8PMgGM3gpco48nlOTor1+rOuA3bA2ibg0qHc/uILjG/QJwsvemwe9dRBDQHgFjiA9+H5gPPb1md g X-Google-Smtp-Source: AGHT+IHAY/NTcScvmVs2xXOeM1Ij1O2NDVu041npSdSjcuYalt0YFoSHHFOL4tb05WaRr9KzRw08ZQ== X-Received: by 2002:a05:6402:35d2:b0:5e0:36fa:ac1e with SMTP id 4fb4d7f45d1cf-5e59f4717ebmr416274a12.6.1741141043123; Tue, 04 Mar 2025 18:17:23 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:21 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook , "Liam R. Howlett" Subject: [PATCH v9 2/7] selftests: x86: test_mremap_vdso: skip if vdso is msealed Date: Wed, 5 Mar 2025 02:17:06 +0000 Message-ID: <20250305021711.3867874-3-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Add code to detect if the vdso is memory sealed, skip the test if it is. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- .../testing/selftests/x86/test_mremap_vdso.c | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tools/testing/selftests/x86/test_mremap_vdso.c b/tools/testing/selftests/x86/test_mremap_vdso.c index d53959e03593..94bee6e0c813 100644 --- a/tools/testing/selftests/x86/test_mremap_vdso.c +++ b/tools/testing/selftests/x86/test_mremap_vdso.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -55,13 +56,55 @@ static int try_to_remap(void *vdso_addr, unsigned long size) } +#define VDSO_NAME "[vdso]" +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool vdso_sealed(FILE *maps) +{ + char line[MAX_LINE_LEN]; + bool has_vdso = false; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, VDSO_NAME)) + has_vdso = true; + + if (has_vdso && !strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + int main(int argc, char **argv, char **envp) { pid_t child; + FILE *maps; ksft_print_header(); ksft_set_plan(1); + maps = fopen("/proc/self/smaps", "r"); + if (!maps) { + ksft_test_result_skip( + "Could not open /proc/self/smaps, errno=%d\n", + errno); + + return 0; + } + + if (vdso_sealed(maps)) { + ksft_test_result_skip("vdso is sealed\n"); + return 0; + } + + fclose(maps); + child = fork(); if (child == -1) ksft_exit_fail_msg("failed to fork (%d): %m\n", errno); From patchwork Wed Mar 5 02:17:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001873 Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADCEB16CD1D for ; Wed, 5 Mar 2025 02:17:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141048; cv=none; b=RZ/ozlpOGfeW0GwgJnSsMfog1xhrq+J0wE+XJlmxiw8KleL1nhz5wRbVAupNTBF2pkXNFlqCDZTj+4mDXEYaAgP+x//JMDbazhbZM/+Cw83PUQ3oheD+w+YhbkMSllOcCZZT3LgrGOJhTCTmGxmip92vzAzkM+r4baJvoNHVSvA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141048; c=relaxed/simple; bh=17TYpxsHR2yIAUNCly1/RHbcZ1y0Qmn1Aow5fCa+oLU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OI8FMeaBJmiDAf5LFnRzgc6jzCB8EdDt6FedrCTRgLogz1lSR4hdfHfmU53R4tBw6/5pdRSg/W7X3IhOs98y/Mvh5lCu0K4YfBYBhvmEJCe3BDh2gBhGqsz9fboLE4gmFuzNcJ47gVNtiZkjcF8oO5mMl784ISvYHj/vGksahH0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=X0uEI65v; arc=none smtp.client-ip=209.85.208.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="X0uEI65v" Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-5dbf5fb2c39so762383a12.2 for ; Tue, 04 Mar 2025 18:17:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141045; x=1741745845; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pIfu2VJ/9GSAopmZ9uLbsgWzSODFEibXXKBGhDuMgAs=; b=X0uEI65vxKi6/sN6/K1Jo/7KTgwTwiHKW02dg+LVhAlua+78z35J5a8Imf82mdutkA U38Ery4joem8RDm0zOF/KTq6zwmucLEzp5RzzdwPhkgITzCXN1EOJat+5Fi9lz4DbFJM DAuVZgHilxTCljYoO/ezA86ElLA0Vuttxgfzw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141045; x=1741745845; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pIfu2VJ/9GSAopmZ9uLbsgWzSODFEibXXKBGhDuMgAs=; b=OVE6ICevstbc/gp/SC/smZAtZieqA9+z5BsDAkAGY3DrU+3ks1CUj1vsHGHfofgNLP Ur7U1fWp662NsuE8/fjwzRjMAuhfbgwbyon6GUVuLqGTosLjWFKRmtzqsbJwKWinkWwg 6DBlB0/hER7kAzypaOPtFoe5OE8mxPTRAm/ID06i74WEM9ifuPfgcVwS/N0DB1LtKjhb NOJ+IrlsR65O9xUyctKx9S72RCtULZN0zduobGSUDc9Cl6cyk2yfCG4jfaJ1IKgwsXi4 E3VXT7ovy4Y5YpseDAaeJHXFIkgmTEmyIZLCBAuUDL2KHvDU5Tig4Qx8b+Mj1yhEQ2kx 5m3Q== X-Forwarded-Encrypted: i=1; AJvYcCW81/RsfwXMiranWBJUr/RHlhLBkwBaq6NaetdAzldzLIAbRtOgvcO6yjDsg4vSi83N07w0dx0eBZ+hs3S7sXw=@vger.kernel.org X-Gm-Message-State: AOJu0Yx/2ZR1BJxXlRioVfkFIAO0QiVJZM4vBHgumVNmgQXhlNmZJOSh DiMIFRpKfqXuS370CphIAET64dkCSaKyisUJc4hTBKczCKcOr/AXkA42sB4juA== X-Gm-Gg: ASbGncsP4ffFewcIsIAwxI34Uc6wLWQygpqO+NYNvwSg8GXSWBrXElR3/WFDwjVCZ4O YqMjKZKfHF5tQYeWAibWfBtqDLVY42rAnZCZXrp98XAcgpje50rXF/mcINQStEcwoKFRF5htHe6 qTeqDap1b4LjVaC6fWNshYJYunl7VwjxUyM1uKb5wLmyaCBtIlitnP3oasvQxzoH7vx+LwbW0ul u0NmOfInYA5fd2QTO8fYFs6zUn3qKSQn5qOCCtY1rkF++u5jsIERQMQ5DPgtpF3nmE+kE7q/2Ik YNOcJ/s9EWuedOOm/O/OLZPYel5QNB3mCJ1vbtZ/x/qTDgVEH+ZEDp6adB7BlUk50JFFePTIiIJ D X-Google-Smtp-Source: AGHT+IFHeVdtZZm39HngPtsoUTVZKgS46cdM+ArsIPjMeSkmmvxRRZxLnRcUV5g0ohNg3kMW3ta20Q== X-Received: by 2002:a05:6402:34d5:b0:5e4:c4a1:412f with SMTP id 4fb4d7f45d1cf-5e59f3a8028mr450765a12.3.1741141044679; Tue, 04 Mar 2025 18:17:24 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:24 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , "Liam R. Howlett" , Kees Cook Subject: [PATCH v9 3/7] mseal sysmap: enable x86-64 Date: Wed, 5 Mar 2025 02:17:07 +0000 Message-ID: <20250305021711.3867874-4-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64, covering the vdso, vvar, vvar_vclock. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vma.c | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index be2c311f5118..c6f9ebcbe009 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -26,6 +26,7 @@ config X86_64 depends on 64BIT # Options that are inherently 64-bit kernel only: select ARCH_HAS_GIGANTIC_PAGE + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 select ARCH_SUPPORTS_PER_VMA_LOCK select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c index 39e6efc1a9ca..a4f312495de1 100644 --- a/arch/x86/entry/vdso/vma.c +++ b/arch/x86/entry/vdso/vma.c @@ -268,7 +268,8 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) text_start, image->size, VM_READ|VM_EXEC| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC| + VM_SEALED_SYSMAP, &vdso_mapping); if (IS_ERR(vma)) { @@ -280,7 +281,7 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) addr, (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + VM_PFNMAP|VM_SEALED_SYSMAP, &vvar_mapping); if (IS_ERR(vma)) { @@ -293,7 +294,7 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr) addr + (__VVAR_PAGES - VDSO_NR_VCLOCK_PAGES) * PAGE_SIZE, VDSO_NR_VCLOCK_PAGES * PAGE_SIZE, VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP| - VM_PFNMAP, + VM_PFNMAP|VM_SEALED_SYSMAP, &vvar_vclock_mapping); if (IS_ERR(vma)) { From patchwork Wed Mar 5 02:17:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001874 Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 202BD1898ED for ; Wed, 5 Mar 2025 02:17:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141049; cv=none; b=fKvlU1TTndBVSWvZJozLRZkjEepWOtiyEvhV8T9lRtOaPeQAaXSc/Qt+LQmC9uxVNVWwG7VuSctWlKhxLoVUPkT5PrYY4KuB1DDr5DVWs9LJHjbUmDMkanWhwG5FdRaDbxbGY/65/hx+wNQ9htl2SN0YnZUUHpSZr4O5/dmjaec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141049; c=relaxed/simple; bh=ZAnJcNAE0RBecudUUh8uu90jecNEuyMqoLyI4jqjchU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZJ45xb2ajTTT7IQNHEgE9kR2R+5G5XjjQEoBd4VsKM1iFvRRMV3RNOK1x28+VcT312DoT1Ce7ju/JbH1N4IWuroj5UT/dTEYdfK1T7Rh6XEgMjEuWlqtKEY5ELFVYzoI8ASBZqHEykgpaIS0Dcqt5ulDxVLSBDc4NvOPXMHEzkA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=X1TBFy6f; arc=none smtp.client-ip=209.85.208.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="X1TBFy6f" Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5e064eff5daso941208a12.3 for ; Tue, 04 Mar 2025 18:17:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141046; x=1741745846; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yAD8cO652vqhuw2yI/B0NaFEiQTnRzt1qnI3Rgts5M4=; b=X1TBFy6fyOIykD4hhqQObvcmUdGxA77ViAdfT3UQK8Laiceh9ngOpbBE5xSJEzZ2Vj 6ScPU9eime5XGq0LeuPbm5aE01MatSd0Gr8Qup3+BX/0HhE7GyVk1NFUjKPgFJ8d6TC5 wdWxxQbEAQj3gLNFSnllWYprrFpjVN6dXRyeM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141046; x=1741745846; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yAD8cO652vqhuw2yI/B0NaFEiQTnRzt1qnI3Rgts5M4=; b=UMQmXa/tCWuicl049t4uh/fEiMpVo14SGkv2h2j4qwBfPc4AkjWeaQCLCXMXM1lXga +rJQbcmzTsMsz0eSKV8ThFt5kJ7dkdzLiyq0keJbnNm4piYQR3ddKEwdekWtrb1ExtUj VKXNSg4JikceCiDC/q7WmO4Gb2ma6IEWzSEXeRC/n36K47B/uAn5EP2C8LNJgL09q/MT loigh/KR1YAkjaTxhOe5YrfHv4Ff79FEKDxWeR+gO7MTJF4hKbmgd14nGnVnYkDs9KLU kxiBIblf+UT6gDbCOt+mDZjlvJu05gVkND1VcjwED7jb+msZRszxy5M7zvV5cqNdRnvY D0wQ== X-Forwarded-Encrypted: i=1; AJvYcCXpmHk1SsE79nFnowAYPk/WXel8963CEsB/dYNuBP9USeG/0HxaHSEx41QROmEjeg9bVb7CvOFti2c+eu47/Xw=@vger.kernel.org X-Gm-Message-State: AOJu0YxbcHrAU6LZ73XGks7NZS7qkynJhuPncsIw+QOoVBHPh/iqNY2X 3K+puxD0fzRz2H1mXqROfR1eU7qIheUQ0re9HJDZ9JsdL/fF1fU3/NmF1Num7g== X-Gm-Gg: ASbGncuuNLSZWfZNhk3nZDG4jbS8DJko3I05e8uDt6qKFoRXQlLjJLdpez8Ft4g4EZV ONB7sjxQcicjicS+mnBEzgjuf0oFO5Yhtex/Vo6upht5dxPAkXKI9IiGfB5fYZqyTaa1mrYLHGV /bwaVPp9n3unkYu/eeZ6+jNXfuFR0GlrTXD60QeCD2i4GcwOObv1S92isp8MyZ//NdgQG8RdEu/ 4k0OTjz68I+CQu8cdWm1uM4ZxrkvtTFpzdjZuXoIHdekDMseBtHErzvfiHtqT2F3+lVtYr6Frc9 4iJf2884Us+C/vm0umXj4p7Fu3eJsA+QJXUyobzxuYx/iTNmp8A6G7HDW9at9w4TAjHU24vCxYr j X-Google-Smtp-Source: AGHT+IG5pY9ZWt/x42cTmKktAWQXU77r3g1NJ93PY1cEg+ZgzNoMnGCHYfwW1EvcG+ghtIB8aggB5g== X-Received: by 2002:a05:6402:5214:b0:5e0:e335:2f08 with SMTP id 4fb4d7f45d1cf-5e59f38b512mr484401a12.2.1741141046235; Tue, 04 Mar 2025 18:17:26 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:25 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , "Liam R. Howlett" , Kees Cook Subject: [PATCH v9 4/7] mseal sysmap: enable arm64 Date: Wed, 5 Mar 2025 02:17:08 +0000 Message-ID: <20250305021711.3867874-5-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on arm64, covering the vdso, vvar, and compat-mode vectors and sigpage mappings. Production release testing passes on Android and Chrome OS. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/vdso.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 940343beb3d4..282d6cb13cfb 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -38,6 +38,7 @@ config ARM64 select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE select ARCH_HAS_MEM_ENCRYPT + select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_NONLEAF_PMD_YOUNG if ARM64_HAFT diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index e8ed8e5b713b..69d2b5ceb092 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -198,7 +198,8 @@ static int __setup_additional_pages(enum vdso_abi abi, } ret = _install_special_mapping(mm, vdso_base, VVAR_NR_PAGES * PAGE_SIZE, - VM_READ|VM_MAYREAD|VM_PFNMAP, + VM_READ|VM_MAYREAD|VM_PFNMAP| + VM_SEALED_SYSMAP, &vvar_map); if (IS_ERR(ret)) goto up_fail; @@ -210,7 +211,8 @@ static int __setup_additional_pages(enum vdso_abi abi, mm->context.vdso = (void *)vdso_base; ret = _install_special_mapping(mm, vdso_base, vdso_text_len, VM_READ|VM_EXEC|gp_flags| - VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC| + VM_SEALED_SYSMAP, vdso_info[abi].cm); if (IS_ERR(ret)) goto up_fail; @@ -336,7 +338,8 @@ static int aarch32_kuser_helpers_setup(struct mm_struct *mm) */ ret = _install_special_mapping(mm, AARCH32_VECTORS_BASE, PAGE_SIZE, VM_READ | VM_EXEC | - VM_MAYREAD | VM_MAYEXEC, + VM_MAYREAD | VM_MAYEXEC | + VM_SEALED_SYSMAP, &aarch32_vdso_maps[AA32_MAP_VECTORS]); return PTR_ERR_OR_ZERO(ret); @@ -359,7 +362,8 @@ static int aarch32_sigreturn_setup(struct mm_struct *mm) */ ret = _install_special_mapping(mm, addr, PAGE_SIZE, VM_READ | VM_EXEC | VM_MAYREAD | - VM_MAYWRITE | VM_MAYEXEC, + VM_MAYWRITE | VM_MAYEXEC | + VM_SEALED_SYSMAP, &aarch32_vdso_maps[AA32_MAP_SIGPAGE]); if (IS_ERR(ret)) goto out; From patchwork Wed Mar 5 02:17:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001875 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7658018CBE8 for ; Wed, 5 Mar 2025 02:17:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141052; cv=none; b=mMR5LTWilasF2l7UiEPn7/kIZAJcyO5EAEMBiF39V8NHH5laEAhzl8+1JcxJySyzDvU8qybTMTSEdXzeggtflUKwwcSiMpfRRBhZKwcVj2JjgkrMR06sdsOSwb2j0cRuvG5ZTAdztnoeAf/PFD0RMHDKLkmsezLkYgzdOsHXyis= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141052; c=relaxed/simple; bh=92tjd51ZxlOW6iKXAPr3x72R2NqaT4p+LyMw3QPXUtY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YWxrwbI6BVYpVRxcwRaxsSif9Sxo3CX+38XAa36r1MFcCHLCXZg9BvYqwOzuzT4wQ3V2G1LgpOClSdHEPq6qmbk7QUwFM4/Fp7qGOcw9czAnDvmy+CEtBJe2bnVw8hmr7IDhLWQmP5dX++Y/71w13PemGgCMLTChCAYXyLJc1w4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=E/Vh7wRq; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="E/Vh7wRq" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5dbf5fb2c39so762393a12.2 for ; Tue, 04 Mar 2025 18:17:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141049; x=1741745849; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2GUuWdJKxZ3/BvY94DN0LEqc9J/B6h1FHzMtAHgZb/M=; b=E/Vh7wRqVxkMZ+wUn6gWYwv21ASEkrgMxBDITGLZxksCXvscZbl1VNBLnFimoZshcy LM5947BkIiIXZ1q5QiAIQlGKZDg2Us2953USRmBhaTr72Iy71NvBaOCRrKH5sZcKK1AL j8K3mvAxXObXdl2X3dxed6jrWpmQxDj4/Vy1I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141049; x=1741745849; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2GUuWdJKxZ3/BvY94DN0LEqc9J/B6h1FHzMtAHgZb/M=; b=C1x6GnAv64PT6bfll7PBWfpOey/aefaEPRS2sk1PWg4d1OBCkwKGFgfgheQHxNEm04 aKRn5HEilggzWU4S6caFRXF8b7SBi9J38dOifYlhUSgxsNH8aMLe6Cg9qyIC7Aa/nr2m +DxvD7tV1uMsqZMrfKCjvaofu1OiqZjkQznn1eJP/BDRwHUxu1Eaj7m3j3zWeo38TTzB E3K3xQ4u78SJgdmB24PNAsRwxE+twjUDCyxY4ByhYzH5uz8b/6qA2E7K1J4nxA5vqoku UyQwl8Nf+PMvcVQIeAz3K+ZBf2vS95Kd1yQbnjgf2N5GGwEyQsdvJbqzdmnL4VeSrnkv bjEw== X-Forwarded-Encrypted: i=1; AJvYcCUd844DM2TS82vcTCxu7yORO+boriZ9hDfTabPgwHodQTTXQ8AOXiENe5l5/+EvM4mSqWoPnQt0q7slMKi/nfU=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl2JHOCbaco2ziDyTBa2tjcyEx+Mh9Iym/XAPIVNizMufZo2r3 Cbl+rxgy975gPUgJMeYmIlEKVdmZM5moC1H8p2wF6wdC7thMkeN6/6c6ycIiUg== X-Gm-Gg: ASbGncviWxzGSHB5maGZLe5FXmr5ghqThuP0Q5rJwBTUzfSpWwr729rT5iWE0KNDTS2 hxdc+GQ1H3EsB4buTFlYrsjToUOtQuO5WA7b6/jdDTOKKxjnm+fKQjk8OfZ07ncDZhCorVOmbhC 5/fWlDi91Ay4zS6zJkw8EML3xntR79oGJSAeackOcTi9HbsmmNULiMflfBQj62aboqfqPqDjB4H BONpXyr8QcXIhCcYe79V8hOL+ptRLnQaMU1BMv5wigrvOCSjUUErwbYwEh7zv99S1ODx1GHVq6v xRe0q466e+H+3ypVxhM2tG3ByoYRchjhQPr/VZt0qdJU2pvpe5g/oq3DBZOAE4DYiYEVvEq+OkQ X X-Google-Smtp-Source: AGHT+IES9/6N/5toY1Cf9aspTXKgI3/7p+xl7igipg0af9FRFEO+OX7pUZ04JGOESjzxfe8IxQnMgQ== X-Received: by 2002:a05:6402:51d4:b0:5de:cb8d:1c82 with SMTP id 4fb4d7f45d1cf-5e59f3a84f8mr383796a12.4.1741141048576; Tue, 04 Mar 2025 18:17:28 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:27 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , "Liam R. Howlett" , Kees Cook Subject: [PATCH v9 5/7] mseal sysmap: uprobe mapping Date: Wed, 5 Mar 2025 02:17:09 +0000 Message-ID: <20250305021711.3867874-6-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Provide support to mseal the uprobe mapping. Unlike other system mappings, the uprobe mapping is not established during program startup. However, its lifetime is the same as the process's lifetime. It could be sealed from creation. Test was done with perf tool, and observe the uprobe mapping is sealed. Signed-off-by: Jeff Xu Reviewed-by: Oleg Nesterov Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Reviewed-by: Kees Cook --- kernel/events/uprobes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index bf2a87a0a378..98632bc47216 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1683,7 +1683,8 @@ static int xol_add_vma(struct mm_struct *mm, struct xol_area *area) } vma = _install_special_mapping(mm, area->vaddr, PAGE_SIZE, - VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO, + VM_EXEC|VM_MAYEXEC|VM_DONTCOPY|VM_IO| + VM_SEALED_SYSMAP, &xol_mapping); if (IS_ERR(vma)) { ret = PTR_ERR(vma); From patchwork Wed Mar 5 02:17:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001876 Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0FB6190057 for ; Wed, 5 Mar 2025 02:17:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141054; cv=none; b=IhkfWaLc4v77Jc8FZE3ozE5Jbq24QH9VBi1UJ3TdD9mNwtmbPsQSludKO7FVAPpY6mSj64Xb+9ZG35SpukuV7orPakahjW9U5C1KzGKxvA6CDxW0FnHiCmC6qo2VWUrC4Rqk1T7SWThz1z4chlm3ezhBgjiUehGVz6Ikh60loeY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141054; c=relaxed/simple; bh=ML+ucgaM1zLS4gZ6mZ2KqV9AZU93TB/vBQnHE0rNQZ4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LBuTm/MJ9zlyjYW58zydlPcBJnFtAOcmXbWoy3Qdw7jM81Xi9viFfdklzJN5MdecHgK68KB3KNxMRiaikuTf5yiSnHpC+SwF3SsouL7Af6tZf4CLvSfEzui5cK/VkVHt0MoyGCnPSTBUodkYjclE2X/KS50CZ6NSv2zYvx3JlOc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=PU8dIdgL; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="PU8dIdgL" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5dbf7d45853so974376a12.1 for ; Tue, 04 Mar 2025 18:17:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141051; x=1741745851; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=n9Nf9XNBMQ1NmHLDzzCeL0iA/og6eQYJ7zp4LTTGbqQ=; b=PU8dIdgLWMy28Gr0lDRmhvShPlTfvBkQsMo9FYlZv1lZ2v2kTufPhfyKvpfmK09Dpn yWKCdji0MhcCaVeXGfp8Mk1h1k+b98NABFzzft+82W3G/yNLNYfDaxaJxLi+l+OGTAhA pG/irDIpNqeeaYxQiqvg6U4CbpQgv2ZUELX9w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141051; x=1741745851; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=n9Nf9XNBMQ1NmHLDzzCeL0iA/og6eQYJ7zp4LTTGbqQ=; b=OaUBjAOXhogsJhBpc+JOGDaH3XnxpG1c3kzwDcFh14uEc16EGFKlbfRKAicCK0z5/G 2435kMV1p2AwqMvEYDaXkIvcX/Tg/P/ccJymVFaQ1trtSgyOV+6djZK3ssrUMcsMwA2C 3AQQBpB+472iktUyiNb8ZkqirEJXSKXMuXuF58QoD0IagsRlef8eE37w9NXo5SAhsjU0 o02u9TSewbCzRpXfC2pZ3FykCOvIcbt8pm968QawGQprq8dA6okXIvbwLGuD9yvufhcR GA/gvfJ8Hi//7U4gusm8UthEerqVFoM9YnZ06MUPzj4bMdCWKxzitfqCevA9f4a0warS Q3XQ== X-Forwarded-Encrypted: i=1; AJvYcCUFIylxh5/fuy8V9e6mj0WhwWGpEOPxjirhOQKcLEowun6CTYmN3j+L3QZK2y38IvoBnlGtprUHuHS4z4+J8pQ=@vger.kernel.org X-Gm-Message-State: AOJu0YyArG5Lcta9v5VoYJ8uw7/X4m6Yk3w4hyhFh0Nb2I8RcRdBAYZH vZs/rjFp2IEib5DpGq7OUUh48ec4CHMi4vAHpxfMr3jUte/W0g/CFOap+R1bdw== X-Gm-Gg: ASbGncuBvugEe7SwcWUSISpt8JG92EiEgbf+L8uX/BUk6BV8epoaIrR1F60fBwh+62W 9ag3Hx5Qg3EcG6sXkLkypjGFp8McPqqqIRdQFxZiOeVeWCnm8C6E6cMkyGhmgSAbJMtuWpfktmn E5ZJXrgSPiBZ3JoNSffpCZIgLyCbxeseW3Gn7hk8sCDDtuLiYm4ScziedVnUEQDKEhb3NuzVLXa O4qQplKg7qq0+JhnD60ssuzf74HkhZDXDQTtTseWCmcuAQA7eG8TD/o5rKrtsD6riTj22YcYBPn Qc+y7iDfguiABVZMQXK38TgB3fa38yORtC873bIpTPZbfGE8VJ5ZoFvxUy5DtFO4NomBM8GXLUF i X-Google-Smtp-Source: AGHT+IGXOInOt+Os5+KEs9jkrygME+p8EJ7lyp4fBieT6azksEXHSkiN9x/wGTG7JxavxNz91t/jFg== X-Received: by 2002:a05:6402:34c2:b0:5de:a752:3c6a with SMTP id 4fb4d7f45d1cf-5e59f47072dmr442395a12.6.1741141050866; Tue, 04 Mar 2025 18:17:30 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:29 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu , Kees Cook , "Liam R. Howlett" Subject: [PATCH v9 6/7] mseal sysmap: update mseal.rst Date: Wed, 5 Mar 2025 02:17:10 +0000 Message-ID: <20250305021711.3867874-7-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Update memory sealing documentation to include details about system mappings. Signed-off-by: Jeff Xu Reviewed-by: Kees Cook Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett --- Documentation/userspace-api/mseal.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst index 41102f74c5e2..56aee46a9307 100644 --- a/Documentation/userspace-api/mseal.rst +++ b/Documentation/userspace-api/mseal.rst @@ -130,6 +130,26 @@ Use cases - Chrome browser: protect some security sensitive data structures. +- System mappings: + The system mappings are created by the kernel and includes vdso, vvar, + vvar_vclock, vectors (arm compat-mode), sigpage (arm compat-mode), uprobes. + + Those system mappings are readonly only or execute only, memory sealing can + protect them from ever changing to writable or unmmap/remapped as different + attributes. This is useful to mitigate memory corruption issues where a + corrupted pointer is passed to a memory management system. + + If supported by an architecture (CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS), + the CONFIG_MSEAL_SYSTEM_MAPPINGS seals all system mappings of this + architecture. + + The following architectures currently support this feature: x86-64 and arm64. + + WARNING: This feature breaks programs which rely on relocating + or unmapping system mappings. Known broken software at the time + of writing includes CHECKPOINT_RESTORE, UML, gVisor, rr. Therefore + this config can't be enabled universally. + When not to use mseal ===================== Applications can apply sealing to any virtual memory region from userspace, From patchwork Wed Mar 5 02:17:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14001877 Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2179E194137 for ; Wed, 5 Mar 2025 02:17:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141057; cv=none; b=dlS6j/DEJnxczS/its3KHvmiRN8r4d4doPPFfxkIpo/IN8fh6HN4F0S2zhBXMcDMqDAPlOp4C1/LjNOSEsuE64+16Lmruweq0UZAcMkLNFFeBut4SJD5m5X2dnkL1ItRM+REZNAExrVQtzVZW9nzu8O3aTYDOjffDBmMR9DFBOM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741141057; c=relaxed/simple; bh=UmY/ayF8HBN/ulyyItJ7lAYgnpBsHJWqhLt8h/dNxHs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y0fiFduYyi98gpFTfKzxiIYSRhpKynAsoooyzxOPT2Mr1AS81LDRIcr/EYbyO0hgnVw2y9RBFPYNYJDlXWCCBAeifsEJp24Gm705BEV+iafb2CDBvdJqufq0aQMfIdmEdVLZKuai9CL4VQYRxfsDRhwzjZk9KYT2lVZ9wwpZvSc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=C1i+UPTV; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="C1i+UPTV" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-ac08167634bso46062666b.1 for ; Tue, 04 Mar 2025 18:17:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741141053; x=1741745853; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pcCXP5+9u/FLOTwAJWuE/Eiiwb6Tr4w/nKcMIQwNMtE=; b=C1i+UPTV6AA+ewFKbZqsLZmuLRob1bl+nC1SJXQK7vRnqeejuIhwDoai008RgyRYDy cyVHJ+PSmulhyXzM1CuE4YKfXf/9FDzTJObKeo3vISeb2B7VyD75HkHC0rmSzB3sOxh6 ddFvlOydoxRRvD/aztyv/e/JEmRHMJkz/PCmg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741141053; x=1741745853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pcCXP5+9u/FLOTwAJWuE/Eiiwb6Tr4w/nKcMIQwNMtE=; b=SsO8c8HzgpzLInxOvplOO4iYhEmJTuKkLnces631miJ81E+6/loXx8fUEDJBkYMa17 h4e0LjIV8cfBBqbNEJMg47CuQjBeZ+kCIfvYVX0jRdTLGC8iwQA9vY+A829b2DS0Raab 8A7QyJ9Ai8nTH9usVCcJ0rwlPJvCiGO0ITT9Rs2XuGDbJoZAdIKU0NA4mMJnU+QKtU4R zXoF1d1dd6s0emKZuhhSghSQ0wpJ7qBmvbpab1AFOUcCmew9MM4FaD5QONd46yGG1zv4 JDnq7vrwp/5vkSKgvjBccrIYq9JwcGE+JGRTlPaVtCya7TYVkMCszXbhiDJLLn5KXY1z FGZA== X-Forwarded-Encrypted: i=1; AJvYcCWtNiSUHFHdsWFw12xGpsykUT0uXMhCz00cQkaledS1wZTGIir6rvWu4/2RQT6yZ6yVjII2quyw9PsrDyirUS0=@vger.kernel.org X-Gm-Message-State: AOJu0YziSbiIC+Msbpt+YSY4GLb7ebCzIjfCmdMsSVogLsjLYHyDfLGr pQwiSB3kmYxuVCXVGDRebVpXAORk5ZoiPNxv7SDmCQqYda4WbXnOYa/8K6jQ9w== X-Gm-Gg: ASbGncv0hu9idS8Ir5C8lpui4MypmciocjZXMdONhjbDYbLBrk0VegI3Jw9W6VejBW9 ZHOe+Mcs5WtLFoez2ZLasu1Qtw+6SPzK8dWLhElmbtp17tdTo0rrB5unP/t/10u+ot+1KG4y8Fw SGCENQB4Ol0gB73WmN+pR6vg7VD/NjC26TiPKvLEftNpq8/lJE+HQ2IUHX2afsHFBZ649GwBH7j kEY72McZqsTf8skFwQcK5q0WHJ//3kz/XLUJDNi9DFMvyn21zKBYryE+GoZdlSddHfGnA3V6jKZ /+kZ5SyUmcOsMDAQroEvgsjKJeCT0NkpVXIzZ6S5Yz7v7nSfzxscBLNSCqOodLiJOkfqOeAMDxh F X-Google-Smtp-Source: AGHT+IF66plIcsj14Sd9utRPSZXYkhyhx8Xszzbcm4MTAIg/x5pKqpJrtPh/c/C2SNaU4l/Ayi6xCg== X-Received: by 2002:a05:6402:2693:b0:5e4:d499:5e1 with SMTP id 4fb4d7f45d1cf-5e59f3747a9mr478745a12.1.1741141053293; Tue, 04 Mar 2025 18:17:33 -0800 (PST) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e4c43a55besm8891211a12.72.2025.03.04.18.17.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Mar 2025 18:17:32 -0800 (PST) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com, Jeff Xu Subject: [PATCH v9 7/7] selftest: test system mappings are sealed. Date: Wed, 5 Mar 2025 02:17:11 +0000 Message-ID: <20250305021711.3867874-8-jeffxu@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog In-Reply-To: <20250305021711.3867874-1-jeffxu@google.com> References: <20250305021711.3867874-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Jeff Xu Add sysmap_is_sealed.c to test system mappings are sealed. Note: CONFIG_MSEAL_SYSTEM_MAPPINGS must be set, as indicated in config file. Signed-off-by: Jeff Xu Reviewed-by: Lorenzo Stoakes Reviewed-by: Kees Cook --- tools/testing/selftests/Makefile | 1 + .../mseal_system_mappings/.gitignore | 2 + .../selftests/mseal_system_mappings/Makefile | 6 + .../selftests/mseal_system_mappings/config | 1 + .../mseal_system_mappings/sysmap_is_sealed.c | 119 ++++++++++++++++++ 5 files changed, 129 insertions(+) create mode 100644 tools/testing/selftests/mseal_system_mappings/.gitignore create mode 100644 tools/testing/selftests/mseal_system_mappings/Makefile create mode 100644 tools/testing/selftests/mseal_system_mappings/config create mode 100644 tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 8daac70c2f9d..be836be8f03f 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -61,6 +61,7 @@ TARGETS += mount TARGETS += mount_setattr TARGETS += move_mount_set_group TARGETS += mqueue +TARGETS += mseal_system_mappings TARGETS += nci TARGETS += net TARGETS += net/af_unix diff --git a/tools/testing/selftests/mseal_system_mappings/.gitignore b/tools/testing/selftests/mseal_system_mappings/.gitignore new file mode 100644 index 000000000000..319c497a595e --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +sysmap_is_sealed diff --git a/tools/testing/selftests/mseal_system_mappings/Makefile b/tools/testing/selftests/mseal_system_mappings/Makefile new file mode 100644 index 000000000000..2b4504e2f52f --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/Makefile @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only +CFLAGS += -std=c99 -pthread -Wall $(KHDR_INCLUDES) + +TEST_GEN_PROGS := sysmap_is_sealed + +include ../lib.mk diff --git a/tools/testing/selftests/mseal_system_mappings/config b/tools/testing/selftests/mseal_system_mappings/config new file mode 100644 index 000000000000..675cb9f37b86 --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/config @@ -0,0 +1 @@ +CONFIG_MSEAL_SYSTEM_MAPPINGS=y diff --git a/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c new file mode 100644 index 000000000000..0d2af30c3bf5 --- /dev/null +++ b/tools/testing/selftests/mseal_system_mappings/sysmap_is_sealed.c @@ -0,0 +1,119 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * test system mappings are sealed when + * KCONFIG_MSEAL_SYSTEM_MAPPINGS=y + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include + +#include "../kselftest.h" +#include "../kselftest_harness.h" + +#define VMFLAGS "VmFlags:" +#define MSEAL_FLAGS "sl" +#define MAX_LINE_LEN 512 + +bool has_mapping(char *name, FILE *maps) +{ + char line[MAX_LINE_LEN]; + + while (fgets(line, sizeof(line), maps)) { + if (strstr(line, name)) + return true; + } + + return false; +} + +bool mapping_is_sealed(char *name, FILE *maps) +{ + char line[MAX_LINE_LEN]; + + while (fgets(line, sizeof(line), maps)) { + if (!strncmp(line, VMFLAGS, strlen(VMFLAGS))) { + if (strstr(line, MSEAL_FLAGS)) + return true; + + return false; + } + } + + return false; +} + +FIXTURE(basic) { + FILE *maps; +}; + +FIXTURE_SETUP(basic) +{ + self->maps = fopen("/proc/self/smaps", "r"); + if (!self->maps) + SKIP(return, "Could not open /proc/self/smap, errno=%d", + errno); +}; + +FIXTURE_TEARDOWN(basic) +{ + if (self->maps) + fclose(self->maps); +}; + +FIXTURE_VARIANT(basic) +{ + char *name; + bool sealed; +}; + +FIXTURE_VARIANT_ADD(basic, vdso) { + .name = "[vdso]", + .sealed = true, +}; + +FIXTURE_VARIANT_ADD(basic, vvar) { + .name = "[vvar]", + .sealed = true, +}; + +FIXTURE_VARIANT_ADD(basic, vvar_vclock) { + .name = "[vvar_vclock]", + .sealed = true, +}; + +FIXTURE_VARIANT_ADD(basic, sigpage) { + .name = "[sigpage]", + .sealed = true, +}; + +FIXTURE_VARIANT_ADD(basic, vectors) { + .name = "[vectors]", + .sealed = true, +}; + +FIXTURE_VARIANT_ADD(basic, uprobes) { + .name = "[uprobes]", + .sealed = true, +}; + +FIXTURE_VARIANT_ADD(basic, stack) { + .name = "[stack]", + .sealed = false, +}; + +TEST_F(basic, check_sealed) +{ + if (!has_mapping(variant->name, self->maps)) { + SKIP(return, "could not find the mapping, %s", + variant->name); + } + + EXPECT_EQ(variant->sealed, + mapping_is_sealed(variant->name, self->maps)); +}; + +TEST_HARNESS_MAIN