Hi Liam,
On Wed, Nov 13, 2024 at 4:54 PM Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> wrote:
> > Unlike the aforementioned mappings, the uprobe mapping is not
> > established during program startup. However, its lifetime is the same
> > as the process's lifetime [1]. It is sealed from creation.
>
> Why are you referencing mseal.rst for the uprobe mapping lifetime? I
> can't find anything in there about uprobe.
>
This should be [2], thanks for checking.
>
> It also can't be used on 32 bit systems, as per your kernel-parameters
> changes (and mseal specification). This is missing from the changelog.
>
sure, I will add that to the commit msg.
> > + exec.seal_system_mappings = [KNL]
> > + Format: { no | yes }
> > + Seal system mappings: vdso, vvar, sigpage, vsyscall,
> > + uprobe.
> > + This overwrites KCONFIG CONFIG_SEAL_SYSTEM_MAPPINGS
> ^^^^^^^^^ overrides ?
sure.
> > - if (vsyscall_mode == XONLY)
> > - vm_flags_init(&gate_vma, VM_EXEC);
> > + if (vsyscall_mode == XONLY) {
> > + unsigned long vm_flags = VM_EXEC;
> > +
> > + vm_flags |= seal_system_mappings();
> > +
>
> nit, extra line here.
>
removed.
> But.. this will add the VM_SEALED flag on any 64bit architecture that
> enables the SEAL_SYSTEM_MAPPINGS config. That will happen by bots with
> random config builds. I don't know if they have test cases that
> specifically unmap the vmas you are sealing (ppc64 probably tries to
> unmap the vdso).
>
> I do know that I've had syzbot bugs that unmap _all_ vmas. I'm guessing
> you will get bot notification on these failures for any 64bit
> architecture. You may want to look into it to avoid such fuzzing
> failures, but we still need this to be tested somehow.
>test_mremap_vdso.c
I found one selftest that could fail:
tools/testing/selftests/x86/test_mremap_vdso.c
I could add tools/testing/selftests/x86/config and add
CONFIG_SYSTEM_MAPPINGS=n there.
as instructed in selftest documentation [1]
[1] https://docs.kernel.org/dev-tools/kselftest.html#contributing-new-tests-details
>
> overwrite or override? I think the difference is that overwrite implies
> permanence where override doesn't. I'm fine with either, it just reads
> a bit odd to me.
>
sure, changed to override
> >
> > +config SEAL_SYSTEM_MAPPINGS
> > + bool "seal system mappings"
> > + default n
> > + depends on 64BIT
> > + depends on !CHECKPOINT_RESTORE
> > + help
> > + Seal system mappings such as vdso, vvar, sigpage, vsyscall, uprobes.
> > + Note: CHECKPOINT_RESTORE might relocate vdso mapping during restore,
> > + and remap will fail if the mapping is sealed, therefore
> > + !CHECKPOINT_RESTORE is added as dependency.
>
> You could also add a portion here about your override functionality on
> command line. "this can be disabled or enabled by..."
>
sure.
> I really think having something that can be found by searching for mseal
> is really desirable here. That is, make menuconfig, press / for search,
> type mseal -> find this feature. If this was MSEAL_SYSTEM_MAPPINGS,
> searching for seal or mseal would work and would serve to link the
> config option to the mseal document.
>
using "seal" would work here. I will add a note here to mseal.rst for reference.
> Right now there is no information in the help that will allow it to be
> found by 'mseal'. There is also nothing in the documentation that
> states this exists, which you should probably update with this feature?
>
I will update mseal.rst to include this feature.
Thanks for reviewing.
-Jeff
