* [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels
@ 2026-07-03 2:25 Leon Hwang
2026-07-03 9:30 ` Lance Yang
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Leon Hwang @ 2026-07-03 2:25 UTC (permalink / raw)
To: linux-mm
Cc: linux-doc, Peter Zijlstra, linux-kernel, Liam R . Howlett,
Gary Guo, linux-riscv, Vlastimil Babka, Alexandre Ghiti,
Jonathan Corbet, Alice Ryhl, Miguel Ojeda, Leon Hwang, Albert Ou,
Jann Horn, Nathan Chancellor, Shuah Khan, Pedro Falcato,
Lorenzo Stoakes, Andrew Morton, Thomas Weißschuh,
Nicolas Schier, Randy Dunlap, Douglas Anderson, Palmer Dabbelt,
Thomas Gleixner, Paul Walmsley
mseal.o is built only for 64-bit kernels, so 32-bit kernels fall back
to sys_ni_syscall() and return -ENOSYS rather than -EPERM.
Document the -EINTR return from mmap_write_lock_killable(), fix the
CONFIG_MSEAL_SYSTEM_MAPPINGS typo, and describe system mappings in
terms of VM_SEALED_SYSMAP.
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
---
Documentation/userspace-api/mseal.rst | 18 ++++++++++--------
init/Kconfig | 2 +-
mm/mseal.c | 4 ++--
3 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst
index ea9b11a0bd89..1f1cf206670c 100644
--- a/Documentation/userspace-api/mseal.rst
+++ b/Documentation/userspace-api/mseal.rst
@@ -50,8 +50,10 @@ mseal syscall signature
* The start address (``addr``) is not allocated.
* The end address (``addr`` + ``len``) is not allocated.
* A gap (unallocated memory) between start and end address.
- - **-EPERM**:
- * sealing is supported only on 64-bit CPUs, 32-bit is not supported.
+ - **-EINTR**:
+ * Interrupted while waiting for the mmap write lock.
+ - **-ENOSYS**:
+ * The kernel does not implement ``mseal()``.
**Note about error return**:
- For above error cases, users can expect the given memory range is
@@ -62,7 +64,8 @@ mseal syscall signature
memory range could happen. However, those cases should be rare.
**Architecture support**:
- mseal only works on 64-bit CPUs, not 32-bit CPUs.
+ mseal is built only for 64-bit kernels. 32-bit kernels return
+ ``-ENOSYS``.
**Idempotent**:
users can call mseal multiple times. mseal on an already sealed memory
@@ -131,20 +134,19 @@ Use cases
- Chrome browser: protect some security sensitive data structures.
- System mappings:
- The system mappings are created by the kernel and includes vdso, vvar,
+ The system mappings are created by the kernel and include vdso, vvar,
vvar_vclock, vectors (arm compat-mode), sigpage (arm compat-mode), uprobes.
Those system mappings are readonly only or execute only, memory sealing can
- protect them from ever changing to writable or unmmap/remapped as different
+ protect them from ever changing to writable or unmapped/remapped as different
attributes. This is useful to mitigate memory corruption issues where a
corrupted pointer is passed to a memory management system.
If supported by an architecture (CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS),
- the CONFIG_MSEAL_SYSTEM_MAPPINGS seals all system mappings of this
- architecture.
+ CONFIG_MSEAL_SYSTEM_MAPPINGS seals mappings marked with VM_SEALED_SYSMAP.
The following architectures currently support this feature: x86-64, arm64,
- loongarch and s390.
+ loongarch, riscv, and s390.
WARNING: This feature breaks programs which rely on relocating
or unmapping system mappings. Known broken software at the time
diff --git a/init/Kconfig b/init/Kconfig
index 5230d4879b1c..12bb39f637b1 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -2112,7 +2112,7 @@ config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
from a kernel perspective.
After the architecture enables this, a distribution can set
- CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature.
+ CONFIG_MSEAL_SYSTEM_MAPPINGS to manage access to the feature.
For complete descriptions of memory sealing, please see
Documentation/userspace-api/mseal.rst
diff --git a/mm/mseal.c b/mm/mseal.c
index 9781647483d1..0464c7b94ab9 100644
--- a/mm/mseal.c
+++ b/mm/mseal.c
@@ -132,8 +132,8 @@ static int mseal_apply(struct mm_struct *mm,
* addr is not a valid address (not allocated).
* end (start + len) is not a valid address.
* a gap (unallocated memory) between start and end.
- * -EPERM:
- * - In 32 bit architecture, sealing is not supported.
+ * -EINTR:
+ * interrupted while waiting for the mmap write lock.
* Note:
* user can call mseal(2) multiple times, adding a seal on an
* already sealed memory is a no-action (no error).
--
2.54.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels
2026-07-03 2:25 [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels Leon Hwang
@ 2026-07-03 9:30 ` Lance Yang
2026-07-03 9:44 ` Thomas Weißschuh
2026-07-03 9:44 ` Pedro Falcato
2 siblings, 0 replies; 4+ messages in thread
From: Lance Yang @ 2026-07-03 9:30 UTC (permalink / raw)
To: leon.hwang
Cc: linux-doc, peterz, linux-kernel, linux-mm, gary, linux-riscv,
vbabka, thomas.weissschuh, corbet, aliceryhl, ojeda, aou, jannh,
nathan, skhan, pfalcato, ljs, akpm, alex, liam, nsc, rdunlap,
dianders, Lance Yang, palmer, tglx, pjw
On Fri, Jul 03, 2026 at 10:25:07AM +0800, Leon Hwang wrote:
>mseal.o is built only for 64-bit kernels, so 32-bit kernels fall back
>to sys_ni_syscall() and return -ENOSYS rather than -EPERM.
>
>Document the -EINTR return from mmap_write_lock_killable(), fix the
>CONFIG_MSEAL_SYSTEM_MAPPINGS typo, and describe system mappings in
>terms of VM_SEALED_SYSMAP.
>
>Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
>---
Thanks, free free to add:
Acked-by: Lance Yang <lance.yang@linux.dev>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels
2026-07-03 2:25 [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels Leon Hwang
2026-07-03 9:30 ` Lance Yang
@ 2026-07-03 9:44 ` Thomas Weißschuh
2026-07-03 9:44 ` Pedro Falcato
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Weißschuh @ 2026-07-03 9:44 UTC (permalink / raw)
To: Leon Hwang
Cc: linux-doc, Peter Zijlstra, linux-kernel, linux-mm, Gary Guo,
linux-riscv, Vlastimil Babka, Alexandre Ghiti, Jonathan Corbet,
Alice Ryhl, Miguel Ojeda, Albert Ou, Jann Horn, Nathan Chancellor,
Shuah Khan, Pedro Falcato, Lorenzo Stoakes, Andrew Morton,
Liam R . Howlett, Nicolas Schier, Randy Dunlap, Douglas Anderson,
Palmer Dabbelt, Thomas Gleixner, Paul Walmsley
On Fri, Jul 03, 2026 at 10:25:07AM +0800, Leon Hwang wrote:
(...)
> The following architectures currently support this feature: x86-64, arm64,
> - loongarch and s390.
> + loongarch, riscv, and s390.
For per-architecture feature documentation we also have
Documentation/features/. Maybe move it there.
>
> WARNING: This feature breaks programs which rely on relocating
> or unmapping system mappings. Known broken software at the time
(...)
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels
2026-07-03 2:25 [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels Leon Hwang
2026-07-03 9:30 ` Lance Yang
2026-07-03 9:44 ` Thomas Weißschuh
@ 2026-07-03 9:44 ` Pedro Falcato
2 siblings, 0 replies; 4+ messages in thread
From: Pedro Falcato @ 2026-07-03 9:44 UTC (permalink / raw)
To: Leon Hwang
Cc: linux-doc, Peter Zijlstra, linux-kernel, linux-mm, Gary Guo,
linux-riscv, Vlastimil Babka, Thomas Weißschuh,
Jonathan Corbet, Alice Ryhl, Miguel Ojeda, Albert Ou, Jann Horn,
Nathan Chancellor, Shuah Khan, Lorenzo Stoakes, Andrew Morton,
Alexandre Ghiti, Liam R . Howlett, Nicolas Schier, Randy Dunlap,
Douglas Anderson, Palmer Dabbelt, Thomas Gleixner, Paul Walmsley
On Fri, Jul 03, 2026 at 10:25:07AM +0800, Leon Hwang wrote:
> mseal.o is built only for 64-bit kernels, so 32-bit kernels fall back
> to sys_ni_syscall() and return -ENOSYS rather than -EPERM.
>
> Document the -EINTR return from mmap_write_lock_killable(), fix the
> CONFIG_MSEAL_SYSTEM_MAPPINGS typo, and describe system mappings in
> terms of VM_SEALED_SYSMAP.
>
> Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
> ---
> Documentation/userspace-api/mseal.rst | 18 ++++++++++--------
> init/Kconfig | 2 +-
> mm/mseal.c | 4 ++--
> 3 files changed, 13 insertions(+), 11 deletions(-)
>
> diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst
> index ea9b11a0bd89..1f1cf206670c 100644
> --- a/Documentation/userspace-api/mseal.rst
> +++ b/Documentation/userspace-api/mseal.rst
> @@ -50,8 +50,10 @@ mseal syscall signature
> * The start address (``addr``) is not allocated.
> * The end address (``addr`` + ``len``) is not allocated.
> * A gap (unallocated memory) between start and end address.
> - - **-EPERM**:
> - * sealing is supported only on 64-bit CPUs, 32-bit is not supported.
> + - **-EINTR**:
> + * Interrupted while waiting for the mmap write lock.
> + - **-ENOSYS**:
> + * The kernel does not implement ``mseal()``.
>
> **Note about error return**:
> - For above error cases, users can expect the given memory range is
Honestly, this whole thing needs to be deleted. We need a proper manpage.
> @@ -62,7 +64,8 @@ mseal syscall signature
> memory range could happen. However, those cases should be rare.
>
> **Architecture support**:
> - mseal only works on 64-bit CPUs, not 32-bit CPUs.
> + mseal is built only for 64-bit kernels. 32-bit kernels return
> + ``-ENOSYS``.
This LGTM.
>
> **Idempotent**:
> users can call mseal multiple times. mseal on an already sealed memory
> @@ -131,20 +134,19 @@ Use cases
> - Chrome browser: protect some security sensitive data structures.
>
> - System mappings:
> - The system mappings are created by the kernel and includes vdso, vvar,
> + The system mappings are created by the kernel and include vdso, vvar,
> vvar_vclock, vectors (arm compat-mode), sigpage (arm compat-mode), uprobes.
>
> Those system mappings are readonly only or execute only, memory sealing can
> - protect them from ever changing to writable or unmmap/remapped as different
> + protect them from ever changing to writable or unmapped/remapped as different
> attributes. This is useful to mitigate memory corruption issues where a
> corrupted pointer is passed to a memory management system.
Also LGTM.
>
> If supported by an architecture (CONFIG_ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS),
> - the CONFIG_MSEAL_SYSTEM_MAPPINGS seals all system mappings of this
> - architecture.
> + CONFIG_MSEAL_SYSTEM_MAPPINGS seals mappings marked with VM_SEALED_SYSMAP.
VM_SEALED_SYSMAP isn't meaningful to userspace.
>
> The following architectures currently support this feature: x86-64, arm64,
> - loongarch and s390.
> + loongarch, riscv, and s390.
This is also useless, every 64-bit architecture will support this.
>
> WARNING: This feature breaks programs which rely on relocating
> or unmapping system mappings. Known broken software at the time
> diff --git a/init/Kconfig b/init/Kconfig
> index 5230d4879b1c..12bb39f637b1 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -2112,7 +2112,7 @@ config ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS
> from a kernel perspective.
>
> After the architecture enables this, a distribution can set
> - CONFIG_MSEAL_SYSTEM_MAPPING to manage access to the feature.
> + CONFIG_MSEAL_SYSTEM_MAPPINGS to manage access to the feature.
>
> For complete descriptions of memory sealing, please see
> Documentation/userspace-api/mseal.rst
> diff --git a/mm/mseal.c b/mm/mseal.c
> index 9781647483d1..0464c7b94ab9 100644
> --- a/mm/mseal.c
> +++ b/mm/mseal.c
> @@ -132,8 +132,8 @@ static int mseal_apply(struct mm_struct *mm,
> * addr is not a valid address (not allocated).
> * end (start + len) is not a valid address.
> * a gap (unallocated memory) between start and end.
> - * -EPERM:
> - * - In 32 bit architecture, sealing is not supported.
> + * -EINTR:
> + * interrupted while waiting for the mmap write lock.
> * Note:
> * user can call mseal(2) multiple times, adding a seal on an
> * already sealed memory is a no-action (no error).
And this whole header needs to be deleted as well. No one's looking at
kernel code for documentation (and if they are, we did a horrendous job
at actually documenting the thing).
--
Pedro
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-07-03 9:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-03 2:25 [PATCH] mm/mseal: fix mseal documentation for 32-bit kernels Leon Hwang
2026-07-03 9:30 ` Lance Yang
2026-07-03 9:44 ` Thomas Weißschuh
2026-07-03 9:44 ` Pedro Falcato
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox