[SRU][PATCH 0/4] Backport mseal to ubuntu 24.04 LTS kernel 6.8.y

Juerg Haefliger juerg.haefliger at canonical.com
Wed Jan 22 15:20:19 UTC 2025 

Hi Jeff,


> From: Jeff Xu <jeffxu at chromium.org>
> 
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089711
> 
> [ Impact ]
> 
> My name is Jeff Xu, I work with Stephen Röttger on hardening the chrome
> browser. I'm reaching out to explore the possibility of backporting memory
> sealing into the 22.04 LTS kernel.
> 
> For context, it is worth noting that the Kernel introduces mseal support in
> version 6.10 [1]. The Chrome V8 engine will utilize the memory sealing
> function to protect its JIT compiler from memory corruption vulnerabilities.
> The change is merged in Chrome, and we believe that Ubuntu users would benefit
> from using this safer version of Chrome. In addition, Chrome uses Ubuntu LTS
> extensively for testing, which makes ubuntu one of the first systems to have
> this enhenced security of Chrome.
> 
> glibc’s dynamic linker is adding mseal to seal RO mapping such
> as .text, .rodata, .relco [2], the integration test is completed.
> 
> The backport work includes 4 commits, and is based on 6.8.12 kernel.
> 
> ChromeOS and Android GKI both have the mseal backported to
> the 6.6 kernel [3] [4] [5] [6]
> 
> Thank you for your time and consideration.
> Best regards,
> Jeff
> 
> [1] https://docs.kernel.org/userspace-api/mseal.html
> [2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
> [3] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595211/4
> [4] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595853/4
> [5] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5742931
> [6] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5802772
> 
> [ Test Plan ]
> The test is performed by running selftest (mseal_test) on 6.8 kernel with the backport.
> I didn't include selftest as part of backport because there are many revisions of the tests
> I believe it is unnecessary to backport those.
> 
> [ Where problems could occur ]
> This is not bug, backporting this will enable chrome browser's security enhencement.
> 
> [ Other Info ]
> None.

Thanks for this. I'm not sure though. glibc in Noble is too old so only
chrome would benefit, correct? Given that the 6.11 HWE kernel should have
mseal support, I'm hesitant to entertain a backport to 6.8. We typically
don't backport new features. I haven't looked at how intrusive this backport
even is. We're having an internal discussion.

...Juerg


> 
> 
> Jeff Xu (3):
>   mseal: wire up mseal syscall
>   mseal: add mseal syscall
>   /proc/pid/smaps: add mseal info for vma
> 
> Pedro Falcato (1):
>   mseal: fix is_madv_discard()
> 
>  Documentation/filesystems/proc.rst          |   1 +
>  arch/alpha/kernel/syscalls/syscall.tbl      |   1 +
>  arch/arm/tools/syscall.tbl                  |   1 +
>  arch/arm64/include/asm/unistd.h             |   2 +-
>  arch/arm64/include/asm/unistd32.h           |   2 +
>  arch/m68k/kernel/syscalls/syscall.tbl       |   1 +
>  arch/microblaze/kernel/syscalls/syscall.tbl |   1 +
>  arch/mips/kernel/syscalls/syscall_n32.tbl   |   1 +
>  arch/mips/kernel/syscalls/syscall_n64.tbl   |   1 +
>  arch/mips/kernel/syscalls/syscall_o32.tbl   |   1 +
>  arch/parisc/kernel/syscalls/syscall.tbl     |   1 +
>  arch/powerpc/kernel/syscalls/syscall.tbl    |   1 +
>  arch/s390/kernel/syscalls/syscall.tbl       |   1 +
>  arch/sh/kernel/syscalls/syscall.tbl         |   1 +
>  arch/sparc/kernel/syscalls/syscall.tbl      |   1 +
>  arch/x86/entry/syscalls/syscall_32.tbl      |   1 +
>  arch/x86/entry/syscalls/syscall_64.tbl      |   1 +
>  arch/xtensa/kernel/syscalls/syscall.tbl     |   1 +
>  fs/proc/task_mmu.c                          |   3 +
>  include/linux/mm.h                          |   5 +
>  include/linux/syscalls.h                    |   1 +
>  include/uapi/asm-generic/unistd.h           |   5 +-
>  kernel/sys_ni.c                             |   1 +
>  mm/Makefile                                 |   4 +
>  mm/internal.h                               |  32 ++
>  mm/madvise.c                                |  12 +
>  mm/mmap.c                                   |  31 +-
>  mm/mprotect.c                               |  10 +
>  mm/mremap.c                                 |  31 ++
>  mm/mseal.c                                  | 315 ++++++++++++++++++++
>  30 files changed, 467 insertions(+), 3 deletions(-)
>  create mode 100644 mm/mseal.c
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250122/4add40b0/attachment-0001.sig>

More information about the kernel-team mailing list