On Tue, Feb 11, 2025 at 7:31 PM Randy Dunlap <rdunlap@xxxxxxxxxxxxx> wrote: > > > > On 2/11/25 7:21 PM, jeffxu@xxxxxxxxxxxx wrote: > > From: Jeff Xu <jeffxu@xxxxxxxxxxxx> > > > > > --- > > include/linux/userprocess.h | 18 ++++++++++++++++++ > > init/Kconfig | 18 ++++++++++++++++++ > > security/Kconfig | 18 ++++++++++++++++++ > > 3 files changed, 54 insertions(+) > > create mode 100644 include/linux/userprocess.h > > > > > diff --git a/init/Kconfig b/init/Kconfig > > index d0d021b3fa3b..892d2bcdf397 100644 > > --- a/init/Kconfig > > +++ b/init/Kconfig > > @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS > > config ARCH_HAS_MEMBARRIER_SYNC_CORE > > bool > > > > +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > > + bool > > + help > > + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. > > + > > + A 64-bit kernel is required for the memory sealing feature. > > + No specific hardware features from the CPU are needed. > > + > > + To enable this feature, the architecture needs to update their > > + speical mappings calls to include the sealing flag and confirm > > special > Ack, will fix. Thanks ! -Jeff > > + that it doesn't unmap/remap system mappings during the life > > + time of the process. After the architecture enables this, a > > + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access > > + to the feature. > > + > > + For complete descriptions of memory sealing, please see > > + Documentation/userspace-api/mseal.rst > > + > > config HAVE_PERF_EVENTS > > bool > > help > > > -- > ~Randy >
