Re: [RFC PATCH v1 1/8] Add mseal syscall

On Mon, Oct 16, 2023 at 8:07 AM Greg KH wrote: > > On Mon, Oct 16, 2023 at 02:38:20PM +, jef...@chromium.org wrote: > > +#ifdef CONFIG_MSEAL > > + /* > > + * bit masks for seal. > > + * need this since vm_flags is full. > > + */ > > + unsigned long vm_seals; /* s

Re: [RFC PATCH v1 1/8] Add mseal syscall

On Mon, Oct 16, 2023 at 02:38:20PM +, jef...@chromium.org wrote: > +#ifdef CONFIG_MSEAL > + /* > + * bit masks for seal. > + * need this since vm_flags is full. > + */ > + unsigned long vm_seals; /* seal flags, see mm.h. */ "unsigned long" and yet: > diff --git

[RFC PATCH v1 1/8] Add mseal syscall

From: Jeff Xu mseal() prevents system calls from modifying the metadata of virtual addresses. Five syscalls can be sealed, as specified by bitmasks: MM_SEAL_MPROTECT: Deny mprotect(2)/pkey_mprotect(2). MM_SEAL_MUNMAP: Deny munmap(2). MM_SEAL_MMAP: Deny mmap(2). MM_SEAL_MREMAP: Deny mremap(2). MM