On Thu, Feb 27, 2025 at 04:04:03PM -0800, Jeff Xu wrote: > On Tue, Feb 25, 2025 at 10:04 PM Lorenzo Stoakes > <lorenzo.stoakes@xxxxxxxxxx> wrote: > > > > On Tue, Feb 25, 2025 at 05:33:24PM -0800, Jeff Xu wrote: > > > On Mon, Feb 24, 2025 at 10:05 PM Lorenzo Stoakes > > > <lorenzo.stoakes@xxxxxxxxxx> wrote: > > > > > +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS > > > > > + bool > > > > > + help > > > > > + Control MSEAL_SYSTEM_MAPPINGS access based on architecture. > > > > > + > > > > > + A 64-bit kernel is required for the memory sealing feature. > > > > > + No specific hardware features from the CPU are needed. > > > > > + > > > > > + To enable this feature, the architecture needs to update their > > > > > + special mappings calls to include the sealing flag and confirm > > > > > + that it doesn't unmap/remap system mappings during the life > > > > > + time of the process. After the architecture enables this, a > > > > > + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access > > > > > + to the feature. > > > > > > > > Architectures also need to be confirmed not to require any form of VDSO > > > > relocation, which as discussed in previous series some arches appear to > > > > need to do. I'd mention that here. > > > > > > > This might need clarification, the system mapping includes vdso, right > > > ? Why the focus on vdso ? > > > > My mistake, I thought scope was more limited than this when I first > > looked. Please disregard the focus on VDSO here... :) > > > > > > > > The sentence "... it doesn't unmap/remap system mappings during the > > > lifetime of the process." already cover what you want here, I think. > > > > > > > Right, I guess it just doesn't quite _emphasise_ it enough for me. Something > > like the below would really help bring that out: > > > > The existing of this flag for an architecture implies that it does not > > require the remapping of these system mappings during process lifetime, > > so sealing these mappings is safe from a kernel perspective. > > > I'm not sure I get the difference, but I can add it, is below OK ? > > To enable this feature, the architecture needs to update their > special mappings calls to include the sealing flag and confirm > that it doesn't unmap/remap system mappings during the life > time of the process. The existence of this flag for an architecture > implies that it does not require the remapping of these system > mappings during process lifetime, so sealing these mappings is > safe from a kernel perspective. After the architecture enables this, > a distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to > manage access to the feature. Sounds great, cheers! > > Thanks > -Jeff
