From: Jeff Xu
Add sealing test to cover mremap for
Expand/shrink/move across vmas.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 202 +++-
1 file changed, 201 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/
From: Jeff Xu
Add sealing test to cover mmap for
Expand/shrink across sealed vmas (MAP_FIXED)
Reuse the same address in !MAP_FIXED case.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 126 +++-
1 file changed, 125 insertions(+), 1 deletion(-)
diff --g
From: Jeff Xu
Add a test to munmap across multiple vma ranges.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 80 -
1 file changed, 79 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/testing/selftests/mm/
From: Jeff Xu
Add more checks for vma size, prot bits and api errcode
after attempt of modifing sealed mappings.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 398
1 file changed, 332 insertions(+), 66 deletions(-)
diff --git a/tools/testing/sel
From: Jeff Xu
Add a testcase to cover all sealed madvise type.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 30 -
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/testing/selftests/mm/
From: Jeff Xu
This series increase the test coverage of mseal_test by:
Add check for vma_size, prot, and error code for existing tests.
Add more testcases for madvise, munmap, mmap and mremap to cover
sealing in different scenarios.
The increase test coverage hopefully help to prevent future re
From: Jeff Xu
Add sealing test to cover mremap for
Expand/shrink/move across vmas.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 202 +++-
1 file changed, 201 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/
From: Jeff Xu
Add sealing test to cover mmap for
Expand/shrink across vmas.
Reuse the same address in !MAP_FIXED case.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 125 +++-
1 file changed, 124 insertions(+), 1 deletion(-)
diff --git a/tools/testing
From: Jeff Xu
Add a testcase to cover all sealed madvise type.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 108 +++-
1 file changed, 107 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/testing/selftests/mm
From: Jeff Xu
Add check for vma size, prot bits and error return.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 398
1 file changed, 332 insertions(+), 66 deletions(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/testing/selftes
From: Jeff Xu
This series increase the test coverage of mseal_test by:
Add check for vma_size, prot, and error code for existing tests.
Add more testcases for madvise, munmap, mmap and mremap to cover
sealing in different scenarios.
The increase test coverage hopefully help to prevent future re
From: Jeff Xu
Add more testcases and increase test coverage, e.g. add
get_vma_size to check VMA size and prot bits.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 826 ++--
1 file changed, 759 insertions(+), 67 deletions(-)
diff --git a/tools/testing/
From: Jeff Xu
mmap(MAP_FIXED) should return EPERM when memory is sealed.
Fixes: 4205a39e06da ("mm/munmap: replace can_modify_mm with can_modify_vma")
Signed-off-by: Jeff Xu
---
mm/mmap.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index 80d70ed
From: Jeff Xu
mremap doesn't allow relocate, expand, shrink across VMA boundaries,
refactor the code to check src address range before doing anything on
the destination.
This also allow we remove can_modify_mm from mremap, since
the src address must be single VMA, use can_modify_vma instead.
Si
From: Jeff Xu
Add selftest to mremap across VMA boundaries,
i.e. mremap will fail.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/mseal_test.c | 293 +++-
1 file changed, 292 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/
From: Jeff Xu
mremap doesn't allow relocate, expand, shrink across VMA boundaries,
refactor the code to check src address range before doing anything on
the destination, i.e. destination won't be unmapped, if src address
failed the boundaries check.
This also allows us to remove can_modify_mm fr
From: Jeff Xu
the syscall remap accepts following:
mremap(src, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, dst)
when the src is sealed, the call will fail with error code:
EPERM
Previously, the test uses hard-coded 0xdeaddead as dst, and it
will fail on the system with newer glibc installed
From: Jeff Xu
the syscall remap accepts following:
sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP,
(void*) 0xdead)
when the src is sealed, the call will fail with when error code:
EPERM
Also remove the dependency on glibc for mremap(), the previous
version of
From: Jeff Xu
Add documentation for memfd_create flags: MFD_NOEXEC_SEAL
and MFD_EXEC
Cc: sta...@vger.kernel.org
Signed-off-by: Jeff Xu
Reviewed-by: Randy Dunlap
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mfd_noexec.rst | 86 ++
2 fi
From: Jeff Xu
When MFD_NOEXEC_SEAL was introduced, there was one big mistake: it
didn't have proper documentation. This led to a lot of confusion,
especially about whether or not memfd created with the MFD_NOEXEC_SEAL
flag is sealable. Before MFD_NOEXEC_SEAL, memfd had to explicitly set
MFD_ALLOW
From: Jeff Xu
Add documentation for memfd_create flags: MFD_NOEXEC_SEAL
and MFD_EXEC
Cc: sta...@vger.kernel.org
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mfd_noexec.rst | 86 ++
2 files changed, 87 insertions(
From: Jeff Xu
When MFD_NOEXEC_SEAL was introduced, there was one big mistake: it
didn't have proper documentation. This led to a lot of confusion,
especially about whether or not memfd created with the MFD_NOEXEC_SEAL
flag is sealable. Before MFD_NOEXEC_SEAL, memfd had to explicitly set
MFD_ALLOW
From: Jeff Xu
Add documentation for memfd_create flags: FMD_NOEXEC_SEAL
and MFD_EXEC
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mfd_noexec.rst | 86 ++
2 files changed, 87 insertions(+)
create mode 100644 Docum
From: Jeff Xu
When MFD_NOEXEC_SEAL was introduced, there was one big mistake: it
didn't have proper documentation. This led to a lot of confusion,
especially about whether or not memfd created with the MFD_NOEXEC_SEAL
flag is sealable. Before MFD_NOEXEC_SEAL, memfd had to explicitly set
MFD_ALLOW
From: Jeff Xu
By default, memfd_create() creates a non-sealable MFD, unless the
MFD_ALLOW_SEALING flag is set.
When the MFD_NOEXEC_SEAL flag is initially introduced, the MFD created
with that flag is sealable, even though MFD_ALLOW_SEALING is not set.
This patch changes MFD_NOEXEC_SEAL to be non
From: Jeff Xu
Add documentation for MFD_NOEXEC_SEAL and MFD_EXEC
Cc: sta...@vger.kernel.org
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mfd_noexec.rst | 90 ++
2 files changed, 91 insertions(+)
create mode 10064
From: Jeff Xu
By default, memfd_create() creates a non-sealable MFD, unless the
MFD_ALLOW_SEALING flag is set.
When the MFD_NOEXEC_SEAL flag is initially introduced, the MFD created
with that flag is sealable, even though MFD_ALLOW_SEALING is not set.
This patch changes MFD_NOEXEC_SEAL to be non
From: Jeff Xu
add include linux/mman.h to fix arm build
fix a typo
Signed-off-by: Jeff Xu
Suggested-by: Ryan Roberts
---
tools/testing/selftests/mm/mseal_test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/mm/mseal_test.c
b/tools/testing/selft
From: Jeff Xu
This is followup on arm build failure reported by
Ryan Roberts [1]
I don't have right setup to repro the issue, so would need some
help to verify this in arm build.
[1] https://lore.kernel.org/lkml/f797fbde-ffb7-44b0-8af6-4ed2ec47e...@arm.com/
Jeff Xu (1):
selftest mm/mseal: f
From: Jeff Xu
It is unlikely that application calls mm syscall, such as mprotect,
on already sealed mappings, adding branch prediction hint.
Signed-off-by: Jeff Xu
Suggested-by: Pedro Falcato
---
mm/madvise.c | 2 +-
mm/mmap.c | 4 ++--
mm/mprotect.c | 2 +-
mm/mremap.c | 4 ++--
mm/ms
From: Jeff Xu
This is followup patch on discussion happened during mseal v10 discussion [1]
Add branch perdiction hint to mseal code.
Please apply on top of mseal v10 patch
(which already in mm-unstable)
[1]
https://lore.kernel.org/lkml/cajucfpflwjg4n7wppt+u9vc4xhole_bppz0tdkf7w45hgky...@mail
From: Jeff Xu
fix compile warning reported by test robot
Signed-off-by: Jeff Xu
Reported-by: kernel test robot
Closes: https://lore.kernel.org/r/202404190226.ofjoewv8-...@intel.com/
Suggested-by: Pedro Falcato
---
tools/testing/selftests/mm/mseal_test.c | 3 +--
tools/testing/selftests/mm/se
From: Jeff Xu
fix compile warning reported by test robot [1]
Please apply on top of patch titled:
"selftest mm/mseal: style change"
(which already in mm-unstable)
[1] https://lore.kernel.org/all/202404190226.ofjoewv8-...@intel.com/
History:
V2: fix as suggested by Pedro Falcato
v1:
https://lo
From: Jeff Xu
fix compile warning reported by test robot [1]
Please apply on top of patch titled:
"selftest mm/mseal: style change"
(which already in mm-unstable)
[1] https://lore.kernel.org/all/202404190226.ofjoewv8-...@intel.com/
Thanks!
-Jeff
Jeff Xu (1):
selftest mm/mseal: fix compile
From: Jeff Xu
fix compile warning reported by test robot
Signed-off-by: Jeff Xu
Reported-by: kernel test robot
Closes: https://lore.kernel.org/r/202404190226.ofjoewv8-...@intel.com/
---
tools/testing/selftests/mm/mseal_test.c | 3 +--
tools/testing/selftests/mm/seal_elf.c | 3 +--
2 files c
From: Jeff Xu
remove "assert" from testcase.
remove "return 0"
Signed-off-by: Jeff Xu
Suggested-by: Muhammad Usama Anjum
---
tools/testing/selftests/mm/mseal_test.c | 124 +---
tools/testing/selftests/mm/seal_elf.c | 3 -
2 files changed, 91 insertions(+), 36 deletions
From: Jeff Xu
This patch is a follow up to the comments [1] on test code during
mseal discussion. This is style only change to the selftest code, not to
test code logic.
Please apply on top of mseal v10 patch [2]
[1]
https://lore.kernel.org/all/e1744539-a843-468a-9101-ce7a08669...@collabora.co
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1836 +++
3 files changed, 1838 i
From: Jeff Xu
Sealing read-only of elf mapping so it can't be changed by mprotect.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore | 1 +
tools/testing/selftests/mm/Makefile | 1 +
tools/testing/selftests/mm/seal_elf.c | 183 ++
3 files changed, 1
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mseal.rst | 199 ++
2 files changed, 200 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --gi
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
This is V10 version, it rebases v9 patch to 6.9.rc3.
We also applied and tested mseal() in chrome and chromebook.
--
This patchset proposes a new mseal() syscall for the Linux kernel.
In a nutshell, mseal() protects
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1836 +++
3 files changed, 1838 i
From: Jeff Xu
Sealing read-only of elf mapping so it can't be changed by mprotect.
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore | 1 +
tools/testing/selftests/mm/Makefile | 1 +
tools/testing/selftests/mm/seal_elf.c | 183 ++
3 files changed, 1
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mseal.rst | 199 ++
2 files changed, 200 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --gi
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
This is V9 version, with removing MAP_SEALABLE and PROT_SEAL
from mmap(), adding perfrmance benchmark and a test
to demo the sealing of read-only memory segment of elf mapping.
--
This patchset proposes a new mseal()
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 2024 +++
3 files changed, 2026 i
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mseal.rst | 215 ++
2 files changed, 216 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --gi
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
In a nutshell, mseal() protects the VMAs of a given virtual memory
range against modifications, such as changes to their permission bits.
Modern CPUs support memory permissions, such as the read/write (RW)
and no-e
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1997 +++
3 files changed, 1999 i
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/index.rst | 1 +
Documentation/userspace-api/mseal.rst | 183 ++
2 files changed, 184 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --gi
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
In a nutshell, mseal() protects the VMAs of a given virtual memory
range against modifications, such as changes to their permission bits.
Modern CPUs support memory permissions, such as the read/write (RW)
and no-e
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1997 +++
3 files changed, 1999 i
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/mseal.rst | 181 ++
1 file changed, 181 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --git a/Documentation/userspace-api/mseal.rst
b/Doc
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
In a nutshell, mseal() protects the VMAs of a given virtual memory
range against modifications, such as changes to their permission bits.
Modern CPUs support memory permissions, such as the read/write (RW)
and no-e
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/mseal.rst | 181 ++
1 file changed, 181 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --git a/Documentation/userspace-api/mseal.rst
b/Doc
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1989 +++
3 files changed, 1991 i
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
In a nutshell, mseal() protects the VMAs of a given virtual memory
range against modifications, such as changes to their permission bits.
Modern CPUs support memory permissions, such as the read/write (RW)
and no-e
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1971 +++
3 files changed, 1973 i
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/mseal.rst | 181 ++
1 file changed, 181 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --git a/Documentation/userspace-api/mseal.rst
b/Doc
From: Jeff Xu
The new mseal() is an syscall on 64 bit CPU, and with
following signature:
int mseal(void addr, size_t len, unsigned long flags)
addr/len: memory range.
flags: reserved.
mseal() blocks following operations for the given memory range.
1> Unmapping, moving to another location, and
From: Jeff Xu
This is V4 of the patch, the patch has improved significantly since V1,
thanks to diverse inputs, a few discussions remain, please read those
in the open discussion section of v4 of change history.
-
This patchset prop
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
Add documentation for mseal().
Signed-off-by: Jeff Xu
---
Documentation/userspace-api/mseal.rst | 189 ++
1 file changed, 189 insertions(+)
create mode 100644 Documentation/userspace-api/mseal.rst
diff --git a/Documentation/userspace-api/mseal.rst
b/Doc
From: Jeff Xu
selftest for memory sealing change in mmap() and mseal().
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/.gitignore |1 +
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/config |1 +
tools/testing/selftests/mm/mseal_test.c | 214
From: Jeff Xu
The MAP_SEALABLE flag is added to the flags field of mmap().
When present, it marks the map as sealable. A map created
without MAP_SEALABLE will not support sealing; In other words,
mseal() will fail for such a map.
Applications that don't care about sealing will expect their
behav
From: Jeff Xu
Certain types of madvise() operations are destructive, such as
MADV_DONTNEED, which can effectively alter region contents by
discarding pages, especially when memory is anonymous. This blocks
such operations for anonymous memory which is not writable to the
user.
The MM_SEAL_DISCAR
From: Jeff Xu
Add merge/split handling for mlock/madvice/mprotect/mmap case.
Make sealed VMA mergeable with adjacent VMAs.
This is so that we don't run out of VMAs, i.e. there is a max
number of VMA per process.
Signed-off-by: Jeff Xu
Suggested-by: Jann Horn
---
fs/userfaultfd.c | 8 +
From: Jeff Xu
Allow mmap() to set the sealing type when creating a mapping. This is
useful for optimization because it avoids having to make two system
calls: one for mmap() and one for mseal(). With this change, mmap()
can take an input that specifies the sealing type, so only one system
call is
From: Jeff Xu
The new mseal() is an architecture independent syscall, and with
following signature:
mseal(void addr, size_t len, unsigned long types, unsigned long flags)
addr/len: memory range. Must be continuous/allocated memory, or else
mseal() will fail and no VMA is updated. For details o
From: Jeff Xu
The base package includes the features common to all VMA sealing
types. It prevents sealed VMAs from:
1> Unmapping, moving to another location, and shrinking the size, via
munmap() and mremap(), can leave an empty space, therefore can be
replaced with a VMA with a new set of attribu
From: Jeff Xu
Seal PROT and PKEY of the address range, in other words, mprotect()
and pkey_mprotect() will be denied if the memory is sealed with
MM_SEAL_PROT_PKEY.
Signed-off-by: Jeff Xu
---
mm/mprotect.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/mm/mprotect.c b/mm/mprot
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
Two utilities to be used later.
can_modify_mm:
checks sealing flags for given memory range.
can_modify_vma:
checks sealing flags for given vma.
Signed-off-by: Jeff Xu
---
include/linux/mm.h | 18 ++
mm/mseal.c | 38
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
In a nutshell, mseal() protects the VMAs of a given virtual memory
range against modifications, such as changes to their permission bits.
Modern CPUs support memory permissions, such as the read/write (RW)
and no-e
From: Jeff Xu
selftest for sealing mprotect/munmap/mremap/mmap
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1428 +++
2 files changed, 1429 insertions(+)
create mode 100644 tools/testing/selftests/mm
From: Jeff Xu
mremap(2) can shrink/expand a VMA, or move a VMA to a fixed
address and overwriting or existing VMA. Sealing will
prevent unintended mremap(2) call.
What this patch does:
When a mremap(2) is invoked, if one of its VMAs has MM_SEAL_MREMAP
set from previous mseal(2) call, this mremap
From: Jeff Xu
mmap(2) can change a protection of existing VMAs.
Sealing will prevent unintended mmap(2) call.
What this patch does:
When a mmap(2) is invoked, if one of its VMAs has MM_SEAL_MMAP set
from previous mseal(2) call, the mmap(2) will fail, without any
VMAs modified.
The patch is base
From: Jeff Xu
munmap(2) unmap VMAs in the given address range.
Sealing will prevent unintended munmap(2) call.
What this patch does:
When a munmap(2) is invoked, if one of its VMAs has MM_SEAL_MUNMAP
set from previous mseal(2) call, this munmap(2) will fail,
without any VMA modified.
This patch
From: Jeff Xu
can_modify_mm:
checks sealing flags for given memory range.
can_modify_vma:
checks sealing flags for given vma.
Signed-off-by: Jeff Xu
---
include/linux/mm.h | 26 ++
mm/mseal.c | 42 --
2 files changed,
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
Modern CPUs support memory permissions such as RW and NX bits. Linux has
supported NX since the release of kernel version 2.6.8 in August 2004 [1].
The memory permission feature improves security stance on memory
co
From: Jeff Xu
mprotect(2) changes protection of VMAs in the given address
range. Sealing will prevent unintended mprotect call.
What this patch does:
When a mprotect(2) is invoked, if one of its VMAs has MM_SEAL_MPROTECT
set from previous mseal(2) call, this mprotect(2) will fail, without
any VM
From: Jeff Xu
Wire up mseal syscall for all architectures.
Signed-off-by: Jeff Xu
---
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 ++
ar
From: Jeff Xu
This patchset proposes a new mseal() syscall for the Linux kernel.
Modern CPUs support memory permissions such as RW and NX bits. Linux has
supported NX since the release of kernel version 2.6.8 in August 2004 [1].
The memory permission feature improves security stance on memory
co
From: Jeff Xu
selftest for sealing mprotect/munmap/mremap/mmap
Signed-off-by: Jeff Xu
---
tools/testing/selftests/mm/Makefile |1 +
tools/testing/selftests/mm/mseal_test.c | 1428 +++
2 files changed, 1429 insertions(+)
create mode 100644 tools/testing/selftests/mm
From: Jeff Xu
can_modify_mm:
checks sealing flags for given memory range.
can_modify_vma:
checks sealing flags for given vma.
Signed-off-by: Jeff Xu
---
include/linux/mm.h | 34 ++
mm/mseal.c | 60 ++
2 files chang
From: Jeff Xu
check seal for mmap(2)
Signed-off-by: Jeff Xu
---
fs/aio.c | 5 +++--
include/linux/mm.h | 5 -
ipc/shm.c | 3 ++-
mm/internal.h | 4 ++--
mm/mmap.c | 13 +
mm/nommu.c | 6 --
mm/util.c | 8 +---
7 fi
From: Jeff Xu
check seal for mremap(2)
Signed-off-by: Jeff Xu
---
mm/mremap.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/mm/mremap.c b/mm/mremap.c
index e43f9ceaa29d..2288f9d0b126 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -836,7 +836,15 @@ static unsigned long mrem
From: Jeff Xu
check seal for munmap(2).
Signed-off-by: Jeff Xu
---
include/linux/mm.h | 2 +-
mm/mmap.c | 22 ++
mm/mremap.c| 5 +++--
3 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index aafdb6895
1 - 100 of 104 matches
Mail list logo
