The patch titled Subject: mseal: add branch prediction hint has been added to the -mm mm-unstable branch. Its filename is mseal-add-mseal-syscall-fix.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mseal-add-mseal-syscall-fix.patch This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jeff Xu <jeffxu@xxxxxxxxxxxx> Subject: mseal: add branch prediction hint Date: Tue, 23 Apr 2024 19:28:25 +0000 It is unlikely that application calls mm syscall, such as mprotect, on already sealed mappings, adding branch prediction hint. Link: https://lkml.kernel.org/r/20240423192825.1273679-2-jeffxu@xxxxxxxxxxxx Signed-off-by: Jeff Xu <jeffxu@xxxxxxxxxxxx> Suggested-by: Pedro Falcato <pedro.falcato@xxxxxxxxx> Cc: Amer Al Shanawany <amer.shanawany@xxxxxxxxx> Cc: Dave Hansen <dave.hansen@xxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Guenter Roeck <groeck@xxxxxxxxxxxx> Cc: Jann Horn <jannh@xxxxxxxxxx> Cc: Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx> Cc: Jeff Xu <jeffxu@xxxxxxxxxx> Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Jorge Lucangeli Obes <jorgelo@xxxxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cc: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx> Cc: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx> Cc: Shuah Khan <shuah@xxxxxxxxxx> Cc: Stephen Röttger <sroettger@xxxxxxxxxx> Cc: Suren Baghdasaryan <surenb@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/madvise.c | 2 +- mm/mmap.c | 4 ++-- mm/mprotect.c | 2 +- mm/mremap.c | 4 ++-- mm/mseal.c | 6 +++--- 5 files changed, 9 insertions(+), 9 deletions(-) --- a/mm/madvise.c~mseal-add-mseal-syscall-fix +++ a/mm/madvise.c @@ -1436,7 +1436,7 @@ int do_madvise(struct mm_struct *mm, uns * Check if the address range is sealed for do_madvise(). * can_modify_mm_madv assumes we have acquired the lock on MM. */ - if (!can_modify_mm_madv(mm, start, end, behavior)) { + if (unlikely(!can_modify_mm_madv(mm, start, end, behavior))) { error = -EPERM; goto out; } --- a/mm/mmap.c~mseal-add-mseal-syscall-fix +++ a/mm/mmap.c @@ -2740,7 +2740,7 @@ int do_vmi_munmap(struct vma_iterator *v * Prevent unmapping a sealed VMA. * can_modify_mm assumes we have acquired the lock on MM. */ - if (!can_modify_mm(mm, start, end)) + if (unlikely(!can_modify_mm(mm, start, end))) return -EPERM; /* arch_unmap() might do unmaps itself. */ @@ -3163,7 +3163,7 @@ int do_vma_munmap(struct vma_iterator *v * Prevent unmapping a sealed VMA. * can_modify_mm assumes we have acquired the lock on MM. */ - if (!can_modify_mm(mm, start, end)) + if (unlikely(!can_modify_mm(mm, start, end))) return -EPERM; arch_unmap(mm, start, end); --- a/mm/mprotect.c~mseal-add-mseal-syscall-fix +++ a/mm/mprotect.c @@ -749,7 +749,7 @@ static int do_mprotect_pkey(unsigned lon * checking if memory is sealed. * can_modify_mm assumes we have acquired the lock on MM. */ - if (!can_modify_mm(current->mm, start, end)) { + if (unlikely(!can_modify_mm(current->mm, start, end))) { error = -EPERM; goto out; } --- a/mm/mremap.c~mseal-add-mseal-syscall-fix +++ a/mm/mremap.c @@ -912,7 +912,7 @@ static unsigned long mremap_to(unsigned * * can_modify_mm assumes we have acquired the lock on MM. */ - if (!can_modify_mm(mm, addr, addr + old_len)) + if (unlikely(!can_modify_mm(mm, addr, addr + old_len))) return -EPERM; if (flags & MREMAP_FIXED) { @@ -1087,7 +1087,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, a * Place can_modify_mm here so we can keep the logic related to * shrink/expand together. */ - if (!can_modify_mm(mm, addr, addr + old_len)) { + if (unlikely(!can_modify_mm(mm, addr, addr + old_len))) { ret = -EPERM; goto out; } --- a/mm/mseal.c~mseal-add-mseal-syscall-fix +++ a/mm/mseal.c @@ -32,7 +32,7 @@ static inline void set_vma_sealed(struct */ static bool can_modify_vma(struct vm_area_struct *vma) { - if (vma_is_sealed(vma)) + if (unlikely(vma_is_sealed(vma))) return false; return true; @@ -75,7 +75,7 @@ bool can_modify_mm(struct mm_struct *mm, /* going through each vma to check. */ for_each_vma_range(vmi, vma, end) { - if (!can_modify_vma(vma)) + if (unlikely(!can_modify_vma(vma))) return false; } @@ -100,7 +100,7 @@ bool can_modify_mm_madv(struct mm_struct /* going through each vma to check. */ for_each_vma_range(vmi, vma, end) - if (is_ro_anon(vma) && !can_modify_vma(vma)) + if (unlikely(is_ro_anon(vma) && !can_modify_vma(vma))) return false; /* Allow by default. */ _ Patches currently in -mm which might be from jeffxu@xxxxxxxxxxxx are mseal-wire-up-mseal-syscall.patch mseal-add-mseal-syscall.patch mseal-add-mseal-syscall-fix.patch selftest-mm-mseal-memory-sealing.patch mseal-add-documentation.patch selftest-mm-mseal-read-only-elf-memory-segment.patch selftest-mm-mseal-read-only-elf-memory-segment-fix.patch selftest-mm-mseal-read-only-elf-memory-segment-fix-3.patch