From: Leon Hwang <leon.hwang@linux.dev>
To: linux-mm@kvack.org
Cc: linux-doc@vger.kernel.org,
"Peter Zijlstra" <peterz@infradead.org>,
linux-kernel@vger.kernel.org,
"Liam R . Howlett" <liam@infradead.org>,
"Gary Guo" <gary@garyguo.net>,
linux-riscv@lists.infradead.org,
"Vlastimil Babka" <vbabka@kernel.org>,
"Alexandre Ghiti" <alex@ghiti.fr>,
"Jonathan Corbet" <corbet@lwn.net>,
"Alice Ryhl" <aliceryhl@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Leon Hwang" <leon.hwang@linux.dev>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Jann Horn" <jannh@google.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Shuah Khan" <skhan@linuxfoundation.org>,
"Pedro Falcato" <pfalcato@suse.de>,
"Lorenzo Stoakes" <ljs@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Thomas Weißschuh" <thomas.weissschuh@linutronix.de>,
"Nicolas Schier" <nsc@kernel.org>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Douglas Anderson" <dianders@chromium.org>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Thomas Gleixner" <tglx@kernel.org>,
"Paul Walmsley" <pjw@kernel.org>
Subject: [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels
Date: Fri, 3 Jul 2026 10:25:07 +0800 [thread overview]
Message-ID: <20260703022507.187457-1-leon.hwang@linux.dev> (raw)
mseal.o is built only for 64-bit kernels, so 32-bit kernels fall back
to sys_ni_syscall() and return -ENOSYS rather than -EPERM.
Document the -EINTR return from mmap_write_lock_killable(), fix the
CONFIG_MSEAL_SYSTEM_MAPPINGS typo, and describe system mappings in
terms of VM_SEALED_SYSMAP.
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
---
Documentation/userspace-api/mseal.rst | 18 ++++++++++--------
init/Kconfig | 2 +-
mm/mseal.c | 4 ++--
3 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst
index ea9b11a0bd89..1f1cf206670c 100644
--- a/Documentation/userspace-api/mseal.rst
+++ b/Documentation/userspace-api/mseal.rst
@@ -50,8 +50,10 @@ mseal syscall signature
* The start address (``addr``) is not allocated.
* The end address (``addr`` + ``len``) is not allocated.
* A gap (unallocated memory) between start and end address.
- - **-EPERM**:
- * sealing is supported only on 64-bit CPUs, 32-bit is not supported.
+ - **-EINTR**:
+ * Interrupted while waiting for the mmap write lock.
+ - **-ENOSYS**:
+ * The kernel does not implement ``mseal()``.
**Note about error return**:
- For above error cases, users can expect the given memory range is
@@ -62,7 +64,8 @@ mseal syscall signature
memory range could happen. However, those cases should be rare.
**Architecture support**:
- mseal only works on 64-bit CPUs, not 32-bit CPUs.
+ mseal is built only for 64-bit kernels. 32-bit kernels return
+ ``-ENOSYS``.
**Idempotent**:
users can call mseal multiple times. mseal on an already sealed memory
@@ -131,20 +134,19 @@ Use cases
- Chrome browser: protect some security sensitive data structures.
- System mappings:
- The system mappings are created by the kernel and includes vdso, vvar,
+ The system mappings are created by the kernel and include vdso, vvar,
vvar_vclock, vectors (arm compat-mode), sigpage (arm compat-mode), uprobes.
Those system mappings are readonly only or execute only, memory sealing can
- protect them from ever changing to writable or unmmap/remapped as different
+ protect them from ever changing to writable or unmapped/remapped as different
attributes. This is useful to mitigate memory corruption issues where a
corrupted pointer is passed to a memory management system.
If supported by an architecture (CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS),
- the CONFIG_MSEAL_SYSTEM_MAPPINGS seals all system mappings of this
- architecture.
+ CONFIG_MSEAL_SYSTEM_MAPPINGS seals mappings marked with VM_SEALED_SYSMAP.
The following architectures currently support this feature: x86-64, arm64,
- loongarch and s390.
+ loongarch, riscv, and s390.
WARNING: This feature breaks programs which rely on relocating
or unmapping system mappings. Known broken software at the time
diff --git a/init/Kconfig b/init/Kconfig
index 5230d4879b1c..12bb39f637b1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -2112,7 +2112,7 @@ config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
from a kernel perspective.
After the architecture enables this, a distribution can set
- CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature.
+ CONFIG_MSEAL_SYSTEM_MAPPINGS to manage access to the feature.
For complete descriptions of memory sealing, please see
Documentation/userspace-api/mseal.rst
diff --git a/mm/mseal.c b/mm/mseal.c
index 9781647483d1..0464c7b94ab9 100644
--- a/mm/mseal.c
+++ b/mm/mseal.c
@@ -132,8 +132,8 @@ static int mseal_apply(struct mm_struct *mm,
* addr is not a valid address (not allocated).
* end (start + len) is not a valid address.
* a gap (unallocated memory) between start and end.
- * -EPERM:
- * - In 32 bit architecture, sealing is not supported.
+ * -EINTR:
+ * interrupted while waiting for the mmap write lock.
* Note:
* user can call mseal(2) multiple times, adding a seal on an
* already sealed memory is a no-action (no error).
--
2.54.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
reply other threads:[~2026-07-03 2:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260703022507.187457-1-leon.hwang@linux.dev \
--to=leon.hwang@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=aliceryhl@google.com \
--cc=aou@eecs.berkeley.edu \
--cc=corbet@lwn.net \
--cc=dianders@chromium.org \
--cc=gary@garyguo.net \
--cc=jannh@google.com \
--cc=liam@infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=ljs@kernel.org \
--cc=nathan@kernel.org \
--cc=nsc@kernel.org \
--cc=ojeda@kernel.org \
--cc=palmer@dabbelt.com \
--cc=peterz@infradead.org \
--cc=pfalcato@suse.de \
--cc=pjw@kernel.org \
--cc=rdunlap@infradead.org \
--cc=skhan@linuxfoundation.org \
--cc=tglx@kernel.org \
--cc=thomas.weissschuh@linutronix.de \
--cc=vbabka@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox