[RFC PATCH v5 7/7] mseal, system mappings: update mseal.rst

From: jeffxu
Date: Tue Feb 11 2025 - 22:23:18 EST

Next message: jeffxu: "[RFC PATCH v5 6/7] mseal, system mappings: uprobe mapping"
Previous message: jeffxu: "[RFC PATCH v5 4/7] mseal, system mappings: enable arm64"
In reply to: jeffxu: "[RFC PATCH v5 4/7] mseal, system mappings: enable arm64"
Next in thread: jeffxu: "[RFC PATCH v5 6/7] mseal, system mappings: uprobe mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jeff Xu <jeffxu@xxxxxxxxxxxx>

Update memory sealing documentation to include details about system
mappings.

Signed-off-by: Jeff Xu <jeffxu@xxxxxxxxxxxx>
---
Documentation/userspace-api/mseal.rst | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/Documentation/userspace-api/mseal.rst b/Documentation/userspace-api/mseal.rst
index 41102f74c5e2..1e4c996dfb75 100644
--- a/Documentation/userspace-api/mseal.rst
+++ b/Documentation/userspace-api/mseal.rst
@@ -130,6 +130,11 @@ Use cases

- Chrome browser: protect some security sensitive data structures.

+- System mappings:
+ If supported by an architecture (via CONFIG_ARCH_HAS_MSEAL_SYSTEM_MAPPINGS),
+ the CONFIG_MSEAL_SYSTEM_MAPPINGS seals system mappings, e.g. vdso, vvar,
+ uprobes, sigpage, vectors, etc.
+
When not to use mseal
=====================
Applications can apply sealing to any virtual memory region from userspace,
--
2.48.1.502.g6dc24dfdaf-goog

Next message: jeffxu: "[RFC PATCH v5 6/7] mseal, system mappings: uprobe mapping"
Previous message: jeffxu: "[RFC PATCH v5 4/7] mseal, system mappings: enable arm64"
In reply to: jeffxu: "[RFC PATCH v5 4/7] mseal, system mappings: enable arm64"
Next in thread: jeffxu: "[RFC PATCH v5 6/7] mseal, system mappings: uprobe mapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]