From: Leon Hwang <leon.hwang@linux.dev>
To: Pedro Falcato <pfalcato@suse.de>
Cc: linux-mm@kvack.org, "Jonathan Corbet" <corbet@lwn.net>,
"Shuah Khan" <skhan@linuxfoundation.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Liam R . Howlett" <liam@infradead.org>,
"Lorenzo Stoakes" <ljs@kernel.org>,
"Vlastimil Babka" <vbabka@kernel.org>,
"Jann Horn" <jannh@google.com>, "Paul Walmsley" <pjw@kernel.org>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Alexandre Ghiti" <alex@ghiti.fr>,
"Nathan Chancellor" <nathan@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Nicolas Schier" <nsc@kernel.org>,
"Thomas Gleixner" <tglx@kernel.org>,
"Thomas Weißschuh" <thomas.weissschuh@linutronix.de>,
"Alice Ryhl" <aliceryhl@google.com>,
"Douglas Anderson" <dianders@chromium.org>,
"Gary Guo" <gary@garyguo.net>,
"Anand Moon" <linux.amoon@gmail.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: Re: [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels
Date: Fri, 3 Jul 2026 22:50:29 +0800 [thread overview]
Message-ID: <8f75dc18-dd4c-4989-a76c-eec6cc513ccf@linux.dev> (raw)
In-Reply-To: <akeDk49-pPgUDek1@pedro-suse>
On 2026/7/3 17:44, Pedro Falcato wrote:
> On Fri, Jul 03, 2026 at 10:25:07AM +0800, Leon Hwang wrote:
>> mseal.o is built only for 64-bit kernels, so 32-bit kernels fall back
>> to sys_ni_syscall() and return -ENOSYS rather than -EPERM.
>>
>> Document the -EINTR return from mmap_write_lock_killable(), fix the
>> CONFIG_MSEAL_SYSTEM_MAPPINGS typo, and describe system mappings in
>> terms of VM_SEALED_SYSMAP.
>>
>> Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
>> ---
>> Documentation/userspace-api/mseal.rst | 18 ++++++++++--------
>> init/Kconfig | 2 +-
>> mm/mseal.c | 4 ++--
>> 3 files changed, 13 insertions(+), 11 deletions(-)
>>
>> diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst
>> index ea9b11a0bd89..1f1cf206670c 100644
>> --- a/Documentation/userspace-api/mseal.rst
>> +++ b/Documentation/userspace-api/mseal.rst
>> @@ -50,8 +50,10 @@ mseal syscall signature
>> * The start address (``addr``) is not allocated.
>> * The end address (``addr`` + ``len``) is not allocated.
>> * A gap (unallocated memory) between start and end address.
>> - - **-EPERM**:
>> - * sealing is supported only on 64-bit CPUs, 32-bit is not supported.
>> + - **-EINTR**:
>> + * Interrupted while waiting for the mmap write lock.
>> + - **-ENOSYS**:
>> + * The kernel does not implement ``mseal()``.
>>
>> **Note about error return**:
>> - For above error cases, users can expect the given memory range is
>
> Honestly, this whole thing needs to be deleted. We need a proper manpage.
$ man mseal
No manual entry for mseal
When searching "mseal manual" using Google, this doc is the first entry.
So, this change is worthy.
>
>> @@ -62,7 +64,8 @@ mseal syscall signature
>> memory range could happen. However, those cases should be rare.
>>
>> **Architecture support**:
>> - mseal only works on 64-bit CPUs, not 32-bit CPUs.
>> + mseal is built only for 64-bit kernels. 32-bit kernels return
>> + ``-ENOSYS``.
>
> This LGTM.
>
>>
>> **Idempotent**:
>> users can call mseal multiple times. mseal on an already sealed memory
>> @@ -131,20 +134,19 @@ Use cases
>> - Chrome browser: protect some security sensitive data structures.
>>
>> - System mappings:
>> - The system mappings are created by the kernel and includes vdso, vvar,
>> + The system mappings are created by the kernel and include vdso, vvar,
>> vvar_vclock, vectors (arm compat-mode), sigpage (arm compat-mode), uprobes.
>>
>> Those system mappings are readonly only or execute only, memory sealing can
>> - protect them from ever changing to writable or unmmap/remapped as different
>> + protect them from ever changing to writable or unmapped/remapped as different
>> attributes. This is useful to mitigate memory corruption issues where a
>> corrupted pointer is passed to a memory management system.
>
> Also LGTM.
>
>>
>> If supported by an architecture (CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS),
>> - the CONFIG_MSEAL_SYSTEM_MAPPINGS seals all system mappings of this
>> - architecture.
>> + CONFIG_MSEAL_SYSTEM_MAPPINGS seals mappings marked with VM_SEALED_SYSMAP.
>
> VM_SEALED_SYSMAP isn't meaningful to userspace.
Got it. Will drop this change.
>
>>
>> The following architectures currently support this feature: x86-64, arm64,
>> - loongarch and s390.
>> + loongarch, riscv, and s390.
>
> This is also useless, every 64-bit architecture will support this.
Do you mean dropping this sentence, or this change?
>
>>
>> WARNING: This feature breaks programs which rely on relocating
>> or unmapping system mappings. Known broken software at the time
>> diff --git a/init/Kconfig b/init/Kconfig
>> index 5230d4879b1c..12bb39f637b1 100644
>> --- a/init/Kconfig
>> +++ b/init/Kconfig
>> @@ -2112,7 +2112,7 @@ config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
>> from a kernel perspective.
>>
>> After the architecture enables this, a distribution can set
>> - CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature.
>> + CONFIG_MSEAL_SYSTEM_MAPPINGS to manage access to the feature.
>>
>> For complete descriptions of memory sealing, please see
>> Documentation/userspace-api/mseal.rst
>> diff --git a/mm/mseal.c b/mm/mseal.c
>> index 9781647483d1..0464c7b94ab9 100644
>> --- a/mm/mseal.c
>> +++ b/mm/mseal.c
>> @@ -132,8 +132,8 @@ static int mseal_apply(struct mm_struct *mm,
>> * addr is not a valid address (not allocated).
>> * end (start + len) is not a valid address.
>> * a gap (unallocated memory) between start and end.
>> - * -EPERM:
>> - * - In 32 bit architecture, sealing is not supported.
>> + * -EINTR:
>> + * interrupted while waiting for the mmap write lock.
>> * Note:
>> * user can call mseal(2) multiple times, adding a seal on an
>> * already sealed memory is a no-action (no error).
>
> And this whole header needs to be deleted as well. No one's looking at
> kernel code for documentation (and if they are, we did a horrendous job
> at actually documenting the thing).
>
Just to confirm, do you mean removing the entire function comment above
do_mseal()?
Thanks,
Leon
prev parent reply other threads:[~2026-07-03 14:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-03 2:25 [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels Leon Hwang
2026-07-03 9:30 ` Lance Yang
2026-07-03 9:44 ` Thomas Weißschuh
2026-07-03 15:09 ` Leon Hwang
2026-07-03 9:44 ` Pedro Falcato
2026-07-03 14:50 ` Leon Hwang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8f75dc18-dd4c-4989-a76c-eec6cc513ccf@linux.dev \
--to=leon.hwang@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=aliceryhl@google.com \
--cc=aou@eecs.berkeley.edu \
--cc=corbet@lwn.net \
--cc=dianders@chromium.org \
--cc=gary@garyguo.net \
--cc=jannh@google.com \
--cc=liam@infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux.amoon@gmail.com \
--cc=ljs@kernel.org \
--cc=nathan@kernel.org \
--cc=nsc@kernel.org \
--cc=ojeda@kernel.org \
--cc=palmer@dabbelt.com \
--cc=peterz@infradead.org \
--cc=pfalcato@suse.de \
--cc=pjw@kernel.org \
--cc=rdunlap@infradead.org \
--cc=skhan@linuxfoundation.org \
--cc=tglx@kernel.org \
--cc=thomas.weissschuh@linutronix.de \
--cc=vbabka@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox