lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <25bad37f-273e-4626-999c-e1890be96182@lucifer.local>
Date: Tue, 15 Apr 2025 16:26:16 +0100
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: WangYuli <wangyuli@...ontech.com>
Cc: corbet@....net, chenhuacai@...nel.org, kernel@...0n.name,
        akpm@...ux-foundation.org, jeffxu@...omium.org,
        Liam.Howlett@...cle.com, kees@...nel.org, hca@...ux.ibm.com,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        loongarch@...ts.linux.dev, xry111@...111.site, tglx@...utronix.de,
        thomas.weissschuh@...utronix.de, Jason@...c4.com,
        zhanjun@...ontech.com, niecheng1@...ontech.com,
        guanwentao@...ontech.com
Subject: Re: [PATCH] mseal sysmap: enable LoongArch

On Tue, Apr 15, 2025 at 11:09:37PM +0800, WangYuli wrote:
> Hi Lorenzo Stoakes,
>
> On 2025/4/15 21:58, Lorenzo Stoakes wrote:
> > I'm sure it's fine, but I am yet to encounter somebody enabling this for an
> > arch and saying 'I have checked to ensure we in no way rely on remapping
> > the VDSO, VVAR or any other special mapping'.
> >
> > Because if you haven't, doing this breaks your arch.
> >
> > I hate to sound like a grumpy maintainer, but could I just ask to check
> > whether you have, indeed, confirmed this? :)
>
> I've done some real-world testing before submitting.
>
> Before enabling MSEAL_SYSTEM_MAPPINGS, vdso/vvar is not sealed; after
> enabling MSEAL_SYSTEM_MAPPINGS, vdso/vvar is sealed.
>
> I tested the boot and shutdown of the Deepin 23 distribution, web Browse
> with Firefox, and document editing with LibreOffice both before and after
> enabling it, and I didn't encounter any issues (MSEAL_SYSTEM_MAPPINGS does
> cause a noticeable performance drop when outputting images via simple_drm,
> but I think this is expected).

I don't know why there would be any performance impact?... there shouldn't
be.

No this doesn't suffice, though thanks for doing this and confirming!

You need to examine the arch specific code to ensure there is no code that
remaps any of these system mappings.

I went and checked <grumpy maintainer>(100% of arches submitted now it's
been me who's checked so far :)</grumpy maintainer> and it appears that
there is no such issue.

So we seem to be good.

>
> Of course, I also ran the self-tests provided by
> tools/testing/selftests/mseal_system_mappings, and all tests passed.
>
> I wanted to confirm if "breaks your arch" refers to the above?
>
> Do I need to perform any other kinds of tests to ensure the validity of this
> submission?
>
> > If so then all good.
> >
> > I also think we have a table somewhere in a doc that needs updating then?
> > Jeff, can you confirm?

This is Documentation/features/core/mseal_sys_mappings/arch-support.txt I
believe btw.

> >
> > Thanks!
> >
> Thanks!
>
> --
> WangYuli

Overall if you send a v2 with doc changes I can ack maybe, but necessary to
get a R-b from arch maintainers and I'd suggest it going through the arch
tree.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ