lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8899161a-573d-4826-a6f8-88c2dd145692@infradead.org>
Date: Tue, 11 Feb 2025 19:31:19 -0800
From: Randy Dunlap <rdunlap@...radead.org>
To: jeffxu@...omium.org, akpm@...ux-foundation.org, keescook@...omium.org,
 jannh@...gle.com, torvalds@...ux-foundation.org, vbabka@...e.cz,
 lorenzo.stoakes@...cle.com, Liam.Howlett@...cle.com,
 adhemerval.zanella@...aro.org, oleg@...hat.com, avagin@...il.com,
 benjamin@...solutions.net
Cc: linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org,
 linux-mm@...ck.org, jorgelo@...omium.org, sroettger@...gle.com, hch@....de,
 ojeda@...nel.org, thomas.weissschuh@...utronix.de, adobriyan@...il.com,
 johannes@...solutions.net, pedro.falcato@...il.com, hca@...ux.ibm.com,
 willy@...radead.org, anna-maria@...utronix.de, mark.rutland@....com,
 linus.walleij@...aro.org, Jason@...c4.com, deller@....de,
 davem@...emloft.net, peterx@...hat.com, f.fainelli@...il.com,
 gerg@...nel.org, dave.hansen@...ux.intel.com, mingo@...nel.org,
 ardb@...nel.org, mhocko@...e.com, 42.hyeyoo@...il.com, peterz@...radead.org,
 ardb@...gle.com, enh@...gle.com, rientjes@...gle.com, groeck@...omium.org,
 mpe@...erman.id.au, aleksandr.mikhalitsyn@...onical.com,
 mike.rapoport@...il.com
Subject: Re: [RFC PATCH v5 1/7] mseal, system mappings: kernel config and
 header change



On 2/11/25 7:21 PM, jeffxu@...omium.org wrote:
> From: Jeff Xu <jeffxu@...omium.org>
> 

> ---
>  include/linux/userprocess.h | 18 ++++++++++++++++++
>  init/Kconfig                | 18 ++++++++++++++++++
>  security/Kconfig            | 18 ++++++++++++++++++
>  3 files changed, 54 insertions(+)
>  create mode 100644 include/linux/userprocess.h
> 

> diff --git a/init/Kconfig b/init/Kconfig
> index d0d021b3fa3b..892d2bcdf397 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS
>  config ARCH_HAS_MEMBARRIER_SYNC_CORE
>  	bool
>  
> +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS
> +	bool
> +	help
> +	  Control MSEAL_SYSTEM_MAPPINGS access based on architecture.
> +
> +	  A 64-bit kernel is required for the memory sealing feature.
> +	  No specific hardware features from the CPU are needed.
> +
> +	  To enable this feature, the architecture needs to update their
> +	  speical mappings calls to include the sealing flag and confirm

	  special

> +	  that it doesn't unmap/remap system mappings during the life
> +	  time of the process. After the architecture enables this, a
> +	  distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access
> +	  to the feature.
> +
> +	  For complete descriptions of memory sealing, please see
> +	  Documentation/userspace-api/mseal.rst
> +
>  config HAVE_PERF_EVENTS
>  	bool
>  	help


-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ