On Fri, Feb 14, 2025 at 7:00 AM Lorenzo Stoakes
wrote:
>
> On Fri, Feb 14, 2025 at 06:39:48AM -0800, Jeff Xu wrote:
> > mseal_system_mappings() can be placed in mm.h in this patch, as you
> > suggested. But in the near future, it will be moved out of mm.h and find
> > a right header. The functiona
On Fri, Feb 14, 2025 at 06:39:48AM -0800, Jeff Xu wrote:
> mseal_system_mappings() can be placed in mm.h in this patch, as you
> suggested. But in the near future, it will be moved out of mm.h and find
> a right header. The functionality belongs to exe namespace, because of
> the reasons I put in t
On Thu, Feb 13, 2025 at 5:10 PM Liam R. Howlett wrote:
>
> * Liam R. Howlett [250213 19:14]:
> > * Jeff Xu [250213 17:00]:
> > > On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
> > > wrote:
> > >
> > > > > > >
> > > > > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part
> >
* Liam R. Howlett [250213 19:14]:
> * Jeff Xu [250213 17:00]:
> > On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
> > wrote:
> >
> > > > > >
> > > > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part of
> > > > > > the build. This is intentional. Any 32-bit code trying to us
* Jeff Xu [250213 17:00]:
> On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
> wrote:
>
> > > > >
> > > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part of
> > > > > the build. This is intentional. Any 32-bit code trying to use the
> > > > > sealing function or the VM_SEALED
On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
wrote:
> > > >
> > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part of
> > > > the build. This is intentional. Any 32-bit code trying to use the
> > > > sealing function or the VM_SEALED flag will immediately fail
> > > > compi
* Kees Cook [250213 15:11]:
> On Thu, Feb 13, 2025 at 01:29:46PM -0500, Liam R. Howlett wrote:
> > * Jeff Xu [250213 12:17]:
> > > On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett
> > > wrote:
> > > >
> > > ...
> > > > >
> > > > > In this version, we've improved the handling of system mapping
>
On Thu, Feb 13, 2025 at 01:29:46PM -0500, Liam R. Howlett wrote:
> * Jeff Xu [250213 12:17]:
> > On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett
> > wrote:
> > >
> > ...
> > > >
> > > > In this version, we've improved the handling of system mapping sealing
> > > > from
> > > > previous versions
* Jeff Xu [250213 12:17]:
> On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett
> wrote:
> >
> ...
> > >
> > > In this version, we've improved the handling of system mapping sealing
> > > from
> > > previous versions, instead of modifying the _install_special_mapping
> > > function itself, which wo
On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett wrote:
>
...
> >
> > In this version, we've improved the handling of system mapping sealing from
> > previous versions, instead of modifying the _install_special_mapping
> > function itself, which would affect all architectures, we now call
> > _inst
* jef...@chromium.org [250211 22:22]:
> From: Jeff Xu
>
> Provide infrastructure to mseal system mappings. Establish
> two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS,
> ARCH_HAS_MSEAL_SYSTEM_MAPPINGS) and a header file (userprocess.h)
> for future patches.
>
> As discussed during mseal() upst
On Tue, Feb 11, 2025 at 7:31 PM Randy Dunlap wrote:
>
>
>
> On 2/11/25 7:21 PM, jef...@chromium.org wrote:
> > From: Jeff Xu
> >
>
> > ---
> > include/linux/userprocess.h | 18 ++
> > init/Kconfig| 18 ++
> > security/Kconfig| 18 ++
From: Jeff Xu
Provide infrastructure to mseal system mappings. Establish
two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS,
ARCH_HAS_MSEAL_SYSTEM_MAPPINGS) and a header file (userprocess.h)
for future patches.
As discussed during mseal() upstream process [1], mseal() protects
the VMAs of a given
On 2/11/25 7:21 PM, jef...@chromium.org wrote:
> From: Jeff Xu
>
> ---
> include/linux/userprocess.h | 18 ++
> init/Kconfig| 18 ++
> security/Kconfig| 18 ++
> 3 files changed, 54 insertions(+)
> create mode 10064
From: Jeff Xu
Provide infrastructure to mseal system mappings. Establish
two kernel configs (CONFIG_MSEAL_SYSTEM_MAPPINGS,
ARCH_HAS_MSEAL_SYSTEM_MAPPINGS) and a header file (userprocess.h)
for future patches.
As discussed during mseal() upstream process [1], mseal() protects
the VMAs of a given
15 matches
Mail list logo
