On 2/11/25 7:21 PM, jeffxu@xxxxxxxxxxxx wrote: > From: Jeff Xu <jeffxu@xxxxxxxxxxxx> > > --- > include/linux/userprocess.h | 18 ++++++++++++++++++ > init/Kconfig | 18 ++++++++++++++++++ > security/Kconfig | 18 ++++++++++++++++++ > 3 files changed, 54 insertions(+) > create mode 100644 include/linux/userprocess.h > > diff --git a/init/Kconfig b/init/Kconfig > index d0d021b3fa3b..892d2bcdf397 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS > config ARCH_HAS_MEMBARRIER_SYNC_CORE > bool > > +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > + bool > + help > + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. > + > + A 64-bit kernel is required for the memory sealing feature. > + No specific hardware features from the CPU are needed. > + > + To enable this feature, the architecture needs to update their > + speical mappings calls to include the sealing flag and confirm special > + that it doesn't unmap/remap system mappings during the life > + time of the process. After the architecture enables this, a > + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access > + to the feature. > + > + For complete descriptions of memory sealing, please see > + Documentation/userspace-api/mseal.rst > + > config HAVE_PERF_EVENTS > bool > help -- ~Randy
