Hi Lorenzo
On Wed, Nov 13, 2024 at 12:47 PM Lorenzo Stoakes
wrote:
>
> I'd prefer not to move forward with this until we have confirmation that
> adequate testing has been performed, given how invasive this change is,
> even if behind a flag (unless we explicitly mention it is untested in the
> K
Hi Liam,
On Wed, Nov 13, 2024 at 4:54 PM Liam R. Howlett wrote:
> > Unlike the aforementioned mappings, the uprobe mapping is not
> > established during program startup. However, its lifetime is the same
> > as the process's lifetime [1]. It is sealed from creation.
>
> Why are you referencing ms
* jef...@chromium.org [241113 14:16]:
> From: Jeff Xu
Thanks, this looks much better. Some minor things below.
>
> Seal vdso, vvar, sigpage, uprobes and vsyscall.
>
> Those mappings are readonly or executable only, sealing can protect
> them from ever changing or unmapped during the life tim
I'd prefer not to move forward with this until we have confirmation that
adequate testing has been performed, given how invasive this change is,
even if behind a flag (unless we explicitly mention it is untested in the
Kconfig).
We are touching arch-specific stuff with VDSO, VVAR, etc. so we need
From: Jeff Xu
Seal vdso, vvar, sigpage, uprobes and vsyscall.
Those mappings are readonly or executable only, sealing can protect
them from ever changing or unmapped during the life time of the process.
For complete descriptions of memory sealing, please see mseal.rst [1].
System mappings such
