From patchwork Tue Mar 11 17:09:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 872464 Delivered-To: patch@linaro.org Received: by 2002:a5d:64ce:0:b0:38f:210b:807b with SMTP id f14csp1595576wri; Tue, 11 Mar 2025 10:17:35 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUEMzVpX4/ovPgVrypxzM9GwnBaxQ2byEYYrWvXj6mQZ2+v4FEux4YnPbw2EgcmvD/G2lh+gQ==@linaro.org X-Google-Smtp-Source: AGHT+IHdsyWamU6yrLjtwEI6ZR+V7FHBPsPHaC6BWA6UMJ7hPhjE/z3My31vvwwkT5X2g/vPRTNB X-Received: by 2002:a05:622a:41ca:b0:476:67d8:930e with SMTP id d75a77b69052e-47667d89941mr150802331cf.34.1741713454906; Tue, 11 Mar 2025 10:17:34 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1741713454; cv=pass; d=google.com; s=arc-20240605; b=ByXS/+0sJ1iXy3R4lnIjsfrpbcRJb4qKiln27cSwMu8qQJ38smmNAIjRTjqzHQcW/G rzpb2ROHgkhWVJ3DKLksb5Z+2e5mRn19GU2zsbMqajrGorOV8DYkQd4VGG21b4HVm5x8 iXSzFVDy4sxo70wm4Kf/P0sqw8FoqiSDePVMG09LYmb7RtgxQNWNymsDdQAZEyGT9z5w bI5wr0F5D819+Walbm+KLZT/rexlydsQ76T7hlmH3CKDS6BaZYEBopJ8ONOjzeBp1bq/ GZGqCp6SP9HsAlLMQmqkj/OyVYdD1tQeu74u6D5JDrJM3TDyJ9AOzMDDBtLqIyhlT/rC U+KA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=wjocoMMmVQ/8mAVoB7HFOKEgc8zq8saKqEsRGWHedKc=; fh=KcDe9xnl32Q8s5hC3CF4r26ysVeQspjxpbjrMk+PnIQ=; b=gORk9nn1705Gq4MHHdYrm63elqQW0lWziSG/Dr5H26AdEHSlht9s1rX5lIk2+GkkPv pIq15yegNyyc4qLjkwI8NbOFQ/fwMpxGqXP8n7KYCTFdvkpIDksxJQSbmteWVuUDtj+X 1E+/l3t09q/4HjBfA9XyFa/0D5n3jYqk2N/w3ro28/5v3GmOf+mfzXZ3AeF3Ho0IKGUj Uk+EjMLID8eRxvcN+Sc7DHaYavn6CeYoGVho1jkloWZKq4X5c+v0makbj/cpQ3l8ONBg x/ZyFov5JEsK/16ijAozdjkk8rMIEIoTMlioVr9j1wYN1GiCKL+V3tlA3ECxUdyDcbio 7KSQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VzwgaUAB; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-47688166e6bsi46948341cf.140.2025.03.11.10.17.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 10:17:34 -0700 (PDT) Received-SPF: pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VzwgaUAB; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6748A385771D for ; Tue, 11 Mar 2025 17:17:34 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6748A385771D Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=VzwgaUAB X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by sourceware.org (Postfix) with ESMTPS id CC90D3857C78 for ; Tue, 11 Mar 2025 17:13:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CC90D3857C78 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CC90D3857C78 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1034 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1741713195; cv=none; b=MpY+HSOgGvXyE3t8/Sdc7KcNcnC/yeYbUqpSO7u4VY9z97EPgGLC585zkOSfa3RSHJ4zUNtOWMqcczBHDzo1AqJxl+pIRTWMRjLgu0/eoEAkT9FbwMWzPFPh3MF6EhTer3DDN0WCBZ5S+sTSEJMgx1AiTt21RD+g3zuvtUsbf7U= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1741713195; c=relaxed/simple; bh=uH7CSWFXywnUjek1JNtkvXvszoE+IGG35Jlv5CsvIDo=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=NMEeq1D3btUGrtzIRQAszMLWzCZmNen4Pl2YlX1ZwYNSF0tjlm2EYKGdNaQZv6uVuLxve/mCmJh6yqKRMzIwZ9HsfikVDilag7pPdhPVh8RdTllVg7Dt5Kx8ei65S9J2q20ROfIl2tEVg9ERRF5kAsPRDp7Uu4Ps53WwS47jJ/M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CC90D3857C78 Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-2fec3176ef3so8548862a91.1 for ; Tue, 11 Mar 2025 10:13:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1741713193; x=1742317993; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wjocoMMmVQ/8mAVoB7HFOKEgc8zq8saKqEsRGWHedKc=; b=VzwgaUABevcyU3oWni+/wlQq1yIgjdslgGbuzC3sAFBpS16n2EBmcBFEWXTAeRPhy5 7IPRZ5DJ6UlvkpnqGTFG1PclwYFxmM1hemGs+G8Qft7w3c/skss9u8G/n3dTdPeEasPp vWy+dQfmeKPVmsO2SUbmneb4Yquis0ISoeqxFPj7sPEa7nMV2hdLSMg/tBP/++R3npIH DrYDJOyug+QYbY8oaRXlyY47NaKQhLS/0D0KnqTFDVlHMNTBNEtjlS9DCPcPJ4g5z8ci dgvZHxYnwS9urJ7XDpD+NaYM6mbqytn7zzoAPBD9DVY2Ll9Y6lkJ9kctm0t0cWD6YqbC 8tZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741713193; x=1742317993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wjocoMMmVQ/8mAVoB7HFOKEgc8zq8saKqEsRGWHedKc=; b=VSewVH5hGeIm3dHqOT2Aw3Cyr9mqi9R4ldTCICSfcskgPOwwAGX62NKB5X7fXG2vN2 5C0U1BMr7OvIuhyvx1PocbYkA1zifR5D7JyShRpLFPKfew4dyO0JTDTDTwIRWiagbkwS r7qY/VSVJXtzTwBBB6oPpIbf2rdCCKRYnKDHtVnCMLSysHV4Z5wToJNvp3scwRFnHYy5 AgZHMaaXmUnXbGpEEkDCXH+poRCMQR1ir5H1B1NRHufYN/sxtqVHiOfC/T848tLDoW69 xHfUMxDbmLYtxzf100a+R85lq31h2LFSpAcRoI03/Nlii+UTtq0Fai8J3VwAwzOmaZF0 WEZQ== X-Gm-Message-State: AOJu0Yxohd4fonjI5/qEx41oNt1zYrU3/7fLL7JO/MhrKqQZx8LxhCtA Q3u5JzDZN/8Q2lwWjB9tF+M0OMYJynH+vfmP4hoo7+m5llW1TXhevu4cTVqdJRF9XaeXnqbfICd g X-Gm-Gg: ASbGncsZXi4cGdHn1VwmieLR4tZbg+FUJnct9NWL9kIpxICVA1rG7erZduHxIigt8yg 11xC5fndTrddpPlkWRaLDwFGLWmo5fx9vBMS1QxVMDuDptcl8HnRsMWK8Sqc+sQPp248SW0iEmG jgwNAfIe8l9oxxi0uOwCjMk8ri95f8LnAdCcp/MqkyDUpkaClOR7+GTG/q5GUEoYn/bY9oEANGu S13BwAAsnqEpqsS9f64sQwQ6B124pMD5gnYIaY9AxXHhN1Pe7cEgmn9MDDZzC5j0vb7DsTNn1FV zIYulLas4Mb2I2O4mVEIz0/B86HWfMQ2Uva/zfrW3TDFRZM1TFlI6R4= X-Received: by 2002:a17:90a:d605:b0:2ee:db8a:2a01 with SMTP id 98e67ed59e1d1-2ff7cf128cdmr25706503a91.30.1741713193176; Tue, 11 Mar 2025 10:13:13 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:1ebf:8b5:8f5b:dd39:866]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ff693f8804sm11438131a91.47.2025.03.11.10.13.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 10:13:12 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Jeff Xu , Florian Weimer , "H . J . Lu" , Yury Khrustalev Subject: [PATCH v6 1/9] linux: Add mseal syscall support Date: Tue, 11 Mar 2025 14:09:48 -0300 Message-ID: <20250311171305.89091-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250311171305.89091-1-adhemerval.zanella@linaro.org> References: <20250311171305.89091-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patch=linaro.org@sourceware.org It has been added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370) as a way to block operations such as mapping, moving to another location, shrinking the size, expanding the size, or modifying it to a pre-existent memory mapping. Although the system only works on 64-bit CPU, the entrypoint was added for all ABIs (since kernel might eventually implement it to additional ones and/or the abi can execute on a 64-bit kernel). Checked on x86_64-linux-gnu. --- NEWS | 4 +- manual/memory.texi | 69 +++++++++++++++ sysdeps/unix/sysv/linux/Makefile | 2 + sysdeps/unix/sysv/linux/Versions | 3 + sysdeps/unix/sysv/linux/aarch64/libc.abilist | 1 + sysdeps/unix/sysv/linux/alpha/libc.abilist | 1 + sysdeps/unix/sysv/linux/arc/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/arm/le/libc.abilist | 1 + sysdeps/unix/sysv/linux/bits/mman-shared.h | 8 ++ sysdeps/unix/sysv/linux/csky/libc.abilist | 1 + sysdeps/unix/sysv/linux/hppa/libc.abilist | 1 + sysdeps/unix/sysv/linux/i386/libc.abilist | 1 + sysdeps/unix/sysv/linux/kernel-features.h | 8 ++ .../sysv/linux/loongarch/lp64/libc.abilist | 1 + .../sysv/linux/m68k/coldfire/libc.abilist | 1 + .../unix/sysv/linux/m68k/m680x0/libc.abilist | 1 + .../sysv/linux/microblaze/be/libc.abilist | 1 + .../sysv/linux/microblaze/le/libc.abilist | 1 + .../sysv/linux/mips/mips32/fpu/libc.abilist | 1 + .../sysv/linux/mips/mips64/n32/libc.abilist | 1 + .../sysv/linux/mips/mips64/n64/libc.abilist | 1 + sysdeps/unix/sysv/linux/or1k/libc.abilist | 1 + .../linux/powerpc/powerpc32/fpu/libc.abilist | 1 + .../powerpc/powerpc32/nofpu/libc.abilist | 1 + .../linux/powerpc/powerpc64/be/libc.abilist | 1 + .../linux/powerpc/powerpc64/le/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv32/libc.abilist | 1 + .../unix/sysv/linux/riscv/rv64/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-32/libc.abilist | 1 + .../unix/sysv/linux/s390/s390-64/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/be/libc.abilist | 1 + sysdeps/unix/sysv/linux/sh/le/libc.abilist | 1 + .../sysv/linux/sparc/sparc32/libc.abilist | 1 + .../sysv/linux/sparc/sparc64/libc.abilist | 1 + sysdeps/unix/sysv/linux/syscalls.list | 1 + sysdeps/unix/sysv/linux/tst-mseal-pkey.c | 84 +++++++++++++++++++ sysdeps/unix/sysv/linux/tst-mseal.c | 67 +++++++++++++++ .../unix/sysv/linux/x86_64/64/libc.abilist | 1 + .../unix/sysv/linux/x86_64/x32/libc.abilist | 1 + 40 files changed, 276 insertions(+), 1 deletion(-) create mode 100644 sysdeps/unix/sysv/linux/tst-mseal-pkey.c create mode 100644 sysdeps/unix/sysv/linux/tst-mseal.c diff --git a/NEWS b/NEWS index e2e40e141c..4732ec2522 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,9 @@ Version 2.42 Major new features: - [Add new features here] +* On Linux, the mseal function has been added. It allows to seal memory + mappings to avoid further change during process execution such as protection + permissions, unmapping, moving to another location, or shrinking the size. Deprecated and removed features, and other changes affecting compatibility: diff --git a/manual/memory.texi b/manual/memory.texi index dc4621e2c5..f092ee4ce6 100644 --- a/manual/memory.texi +++ b/manual/memory.texi @@ -3072,6 +3072,75 @@ process memory, no matter how it was allocated. However, portable use of the function requires that it is only used with memory regions returned by @code{mmap} or @code{mmap64}. +@deftypefun int mseal (void *@var{address}, size_t @var{length}, unsigned long @var{flags}) +@standards{Linux, sys/mman.h} +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} + +A successful call to the @code {mseal} function protects the memory +range @var{address} of @var{length} bytes, previous allocated with +@code{mmap} or @code{mremap}, against further metadata changes such +as: + +@itemize @bullet +@item +Unmapping, moving to another location, extending or shrinking the size, +via @code{munmap} and @code{mremap}. + +@item +Moving or expanding a different VMA into the current location, via +@code{mremap}. + +@item +Modifying the memory range with @code{mmap} along with flag @code{MAP_FIXED}. + +@item +Change the protection flags with @code{mprotect} or @code{pkey_mprotect}. Also +for certain destructive @code{madvise} behaviours (@code{MADV_DONTNEED}, +@code{MADV_FREE}, @code{MADV_DONTNEED_LOCKED}, and @code{MADV_WIPEONFORK}), +@code{mseal} only blocks the operation if the protection key associate with +the memory denies write. + +@item +Destructive behaviors on anonymous memory, such as @code{madvice} with +@code{MADV_DONTNEED}. +@end itemize + +The @var{address} must be an allocated virtual memory done by @code{mmap} +or @code{mremap}, and it must be page aligned. The end address (@var{address} +plus @var{length}) must be within an allocated virtual memory range. There +should be no unallocated memory between the start and end of address range. + +The @var{flags} is currently ununsed. + +The @code{mseal} function returns @math{0} on sucess and @math{-1} on +failure. + +The following @code{errno} error conditions are defined for this +function: + +@table @code +@item EPERM +The system blocked the operation, and the given address range is unmodified +without a partial update. This error is also returned when @code{mseal} +is issued on a 32 bit CPUs (the sealing is currently supported only on +64-bit CPUs, although 32 bit binaries running on 64 bit kernel is +supported). + +@item ENOMEM +Either the @var{address} is not allocated, or the end address is not within the +allocation, or there is an unallocated memory between start and end address. + +@item ENOSYS +The kernel does not support the @code{mseal} syscall. + +@strong{NB:} The memory sealing changes the lifetime of a mapping, where the +sealing memory could not be unmapped until the process terminates or replaces +the process image through @code{execve} function. The sealed mappings are +inherited through @code{fork}. + +@end table +@end deftypefun + @subsection Memory Protection Keys @cindex memory protection key diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile index 395d2d6593..ae46e0726d 100644 --- a/sysdeps/unix/sysv/linux/Makefile +++ b/sysdeps/unix/sysv/linux/Makefile @@ -213,6 +213,8 @@ tests += \ tst-misalign-clone \ tst-mlock2 \ tst-mount \ + tst-mseal \ + tst-mseal-pkey \ tst-ntp_adjtime \ tst-ntp_gettime \ tst-ntp_gettimex \ diff --git a/sysdeps/unix/sysv/linux/Versions b/sysdeps/unix/sysv/linux/Versions index 55d565545a..e5d226165e 100644 --- a/sysdeps/unix/sysv/linux/Versions +++ b/sysdeps/unix/sysv/linux/Versions @@ -332,6 +332,9 @@ libc { sched_getattr; sched_setattr; } + GLIBC_2.42 { + mseal; + } GLIBC_PRIVATE { # functions used in other libraries __syscall_rt_sigqueueinfo; diff --git a/sysdeps/unix/sysv/linux/aarch64/libc.abilist b/sysdeps/unix/sysv/linux/aarch64/libc.abilist index 38db77e4f7..eab487fc76 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc.abilist +++ b/sysdeps/unix/sysv/linux/aarch64/libc.abilist @@ -2750,3 +2750,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/alpha/libc.abilist b/sysdeps/unix/sysv/linux/alpha/libc.abilist index 637bfce9fb..d6d3464c46 100644 --- a/sysdeps/unix/sysv/linux/alpha/libc.abilist +++ b/sysdeps/unix/sysv/linux/alpha/libc.abilist @@ -3097,6 +3097,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/arc/libc.abilist b/sysdeps/unix/sysv/linux/arc/libc.abilist index 4a305cf730..2c7aa2c939 100644 --- a/sysdeps/unix/sysv/linux/arc/libc.abilist +++ b/sysdeps/unix/sysv/linux/arc/libc.abilist @@ -2511,3 +2511,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/arm/be/libc.abilist b/sysdeps/unix/sysv/linux/arm/be/libc.abilist index 1d54f71b14..54fd3d3a83 100644 --- a/sysdeps/unix/sysv/linux/arm/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/be/libc.abilist @@ -2803,6 +2803,7 @@ GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/arm/le/libc.abilist b/sysdeps/unix/sysv/linux/arm/le/libc.abilist index ff7e8bc40b..4231ef1ffd 100644 --- a/sysdeps/unix/sysv/linux/arm/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/arm/le/libc.abilist @@ -2800,6 +2800,7 @@ GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/bits/mman-shared.h b/sysdeps/unix/sysv/linux/bits/mman-shared.h index 31590979b9..b9892f62c2 100644 --- a/sysdeps/unix/sysv/linux/bits/mman-shared.h +++ b/sysdeps/unix/sysv/linux/bits/mman-shared.h @@ -81,6 +81,14 @@ int pkey_free (int __key) __THROW; range. */ int pkey_mprotect (void *__addr, size_t __len, int __prot, int __pkey) __THROW; +/* Seal the address range to avoid further modifications, such as remmap to + shrink or expand the VMA, change protection permission with mprotect, + unmap with munmap, destructive semantic such madvise with MADV_DONTNEED. + The address range must be valid VMA, withouth any gap (unallocated memory) + between start and end, and ADDR much be page aligned (LEN will be page + aligned implicitly). */ +int mseal (void *__addr, size_t __len, unsigned long flags) __THROW; + __END_DECLS #endif /* __USE_GNU */ diff --git a/sysdeps/unix/sysv/linux/csky/libc.abilist b/sysdeps/unix/sysv/linux/csky/libc.abilist index c3ed65467d..53265587ca 100644 --- a/sysdeps/unix/sysv/linux/csky/libc.abilist +++ b/sysdeps/unix/sysv/linux/csky/libc.abilist @@ -2787,3 +2787,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/hppa/libc.abilist b/sysdeps/unix/sysv/linux/hppa/libc.abilist index 991475380c..2ad9eb1286 100644 --- a/sysdeps/unix/sysv/linux/hppa/libc.abilist +++ b/sysdeps/unix/sysv/linux/hppa/libc.abilist @@ -2824,6 +2824,7 @@ GLIBC_2.4 unshare F GLIBC_2.41 cacheflush F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/i386/libc.abilist b/sysdeps/unix/sysv/linux/i386/libc.abilist index 4fedf775d4..f808d3f110 100644 --- a/sysdeps/unix/sysv/linux/i386/libc.abilist +++ b/sysdeps/unix/sysv/linux/i386/libc.abilist @@ -3007,6 +3007,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h index 86b2d3ce51..a44824991f 100644 --- a/sysdeps/unix/sysv/linux/kernel-features.h +++ b/sysdeps/unix/sysv/linux/kernel-features.h @@ -257,4 +257,12 @@ # define __ASSUME_FCHMODAT2 0 #endif +/* The mseal system call was introduced across all architectures in Linux 6.10 + (although only supported on 64-bit CPUs). */ +#if __LINUX_KERNEL_VERSION >= 0x060A00 +# define __ASSUME_MSEAL 1 +#else +# define __ASSUME_MSEAL 0 +#endif + #endif /* kernel-features.h */ diff --git a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist index 0024282289..db7a5896ff 100644 --- a/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist +++ b/sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist @@ -2271,3 +2271,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist index 142595eb3e..91250faca5 100644 --- a/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist @@ -2783,6 +2783,7 @@ GLIBC_2.4 xprt_register F GLIBC_2.4 xprt_unregister F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist index 85e7746c10..f5f8c2d613 100644 --- a/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist +++ b/sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist @@ -2950,6 +2950,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist index 91dc1b8378..e505d338f4 100644 --- a/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/be/libc.abilist @@ -2836,3 +2836,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist index 3440e90f6f..c360b28fd1 100644 --- a/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/microblaze/le/libc.abilist @@ -2833,3 +2833,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist index 5ee7b8c52f..fa09f9d9c9 100644 --- a/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist @@ -2911,6 +2911,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist index ae7474c0f0..1db4a115c8 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist @@ -2917,6 +2917,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist index cdf040dec2..770fa9b042 100644 --- a/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist +++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist @@ -2819,6 +2819,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/or1k/libc.abilist b/sysdeps/unix/sysv/linux/or1k/libc.abilist index c356a11b1c..c41f91db28 100644 --- a/sysdeps/unix/sysv/linux/or1k/libc.abilist +++ b/sysdeps/unix/sysv/linux/or1k/libc.abilist @@ -2261,3 +2261,4 @@ GLIBC_2.40 setcontext F GLIBC_2.40 swapcontext F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist index 7937f94cf0..8eccaa5c92 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist @@ -3140,6 +3140,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist index d6e35f31d2..f827f65615 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist @@ -3185,6 +3185,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist index 2268d6890d..141186553d 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist @@ -2894,6 +2894,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist index 7f61b14bc8..7786c97072 100644 --- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist @@ -2970,3 +2970,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist index 4187241f50..090a8a3cc3 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist @@ -2514,3 +2514,4 @@ GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist index 8935beccac..8f8daa10b2 100644 --- a/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist +++ b/sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist @@ -2714,3 +2714,4 @@ GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.40 __riscv_hwprobe F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist index e69dc7ccf6..68ad13d4d1 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist @@ -3138,6 +3138,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist index 7d860001d8..b07e767d44 100644 --- a/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist +++ b/sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist @@ -2931,6 +2931,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sh/be/libc.abilist b/sysdeps/unix/sysv/linux/sh/be/libc.abilist index fcb8161841..841da24118 100644 --- a/sysdeps/unix/sysv/linux/sh/be/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/be/libc.abilist @@ -2830,6 +2830,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sh/le/libc.abilist b/sysdeps/unix/sysv/linux/sh/le/libc.abilist index 3fd078d125..2a8cba719e 100644 --- a/sysdeps/unix/sysv/linux/sh/le/libc.abilist +++ b/sysdeps/unix/sysv/linux/sh/le/libc.abilist @@ -2827,6 +2827,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist index 1ce1fe9da7..8f9031f344 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist @@ -3159,6 +3159,7 @@ GLIBC_2.4 wprintf F GLIBC_2.4 wscanf F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist index 07507b86f6..e5abc49fce 100644 --- a/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist +++ b/sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist @@ -2795,6 +2795,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/syscalls.list b/sysdeps/unix/sysv/linux/syscalls.list index f1cfe8dc13..424bf43868 100644 --- a/sysdeps/unix/sysv/linux/syscalls.list +++ b/sysdeps/unix/sysv/linux/syscalls.list @@ -39,6 +39,7 @@ mlockall - mlockall i:i mlockall mount EXTRA mount i:sssUp __mount mount mount_setattr EXTRA mount_setattr i:isUpU mount_setattr move_mount EXTRA move_mount i:isisU move_mount +mseal EXTRA mseal i:bUU __mseal mseal munlock - munlock i:aU munlock munlockall - munlockall i: munlockall nfsservctl EXTRA nfsservctl i:ipp __compat_nfsservctl nfsservctl@GLIBC_2.0:GLIBC_2.28 diff --git a/sysdeps/unix/sysv/linux/tst-mseal-pkey.c b/sysdeps/unix/sysv/linux/tst-mseal-pkey.c new file mode 100644 index 0000000000..d194fbaaaf --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-mseal-pkey.c @@ -0,0 +1,84 @@ +/* Basic tests for mseal and pkey. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + TEST_VERIFY_EXIT (mseal (MAP_FAILED, 0, 0) == -1); + if (errno == ENOSYS || errno == EPERM) + FAIL_UNSUPPORTED ("kernel does not support mseal"); + TEST_COMPARE (errno, EINVAL); + + int key = pkey_alloc (0, 0); + if (key < 0) + { + if (errno == ENOSYS) + FAIL_UNSUPPORTED + ("kernel does not support memory protection keys"); + if (errno == EINVAL) + FAIL_UNSUPPORTED + ("CPU does not support memory protection keys: %m"); + if (errno == ENOSPC) + FAIL_UNSUPPORTED + ("no keys available or kernel does not support memory" + " protection keys"); + FAIL_EXIT1 ("pkey_alloc: %m"); + } + + long pagesize = xsysconf (_SC_PAGESIZE); + + void *page = xmmap (NULL, pagesize, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1); + + TEST_COMPARE (pkey_mprotect (page, pagesize, PROT_READ | PROT_WRITE, + key), 0); + + TEST_VERIFY_EXIT (mseal (page, pagesize, 0) == 0); + + /* For certain destructive madvise behaviours (MADV_DONTNEED, + MADV_FREE, MADV_DONTNEED_LOCKED, and MADV_WIPEONFORK), mseal + only blocks the operation if the PKRU denies write. */ + TEST_VERIFY_EXIT (pkey_set (key, 0) == 0); + TEST_COMPARE (madvise (page, pagesize, MADV_DONTNEED), 0); + + /* The other mapping operation change are always blocked, + regardless of PKRU state. */ + TEST_COMPARE (pkey_mprotect (page, pagesize, PROT_READ, key), -1); + TEST_COMPARE (errno, EPERM); + + TEST_COMPARE (mprotect (page, pagesize, PROT_READ), -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (pkey_set (key, PKEY_DISABLE_WRITE) == 0); + TEST_COMPARE (madvise (page, pagesize, MADV_DONTNEED), -1); + TEST_COMPARE (errno, EPERM); + + TEST_COMPARE (mprotect (page, pagesize, PROT_READ), -1); + TEST_COMPARE (errno, EPERM); + TEST_COMPARE (munmap (page, pagesize),-1); + TEST_COMPARE (errno, EPERM); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/tst-mseal.c b/sysdeps/unix/sysv/linux/tst-mseal.c new file mode 100644 index 0000000000..0aff1e9e4c --- /dev/null +++ b/sysdeps/unix/sysv/linux/tst-mseal.c @@ -0,0 +1,67 @@ +/* Basic tests for mseal. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static int +do_test (void) +{ + TEST_VERIFY_EXIT (mseal (MAP_FAILED, 0, 0) == -1); + if (errno == ENOSYS || errno == EPERM) + FAIL_UNSUPPORTED ("kernel does not support mseal"); + TEST_COMPARE (errno, EINVAL); + + size_t pagesize = getpagesize (); + void *p = xmmap (NULL, 4 * pagesize, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE, -1); + xmunmap (p + 2 * pagesize, pagesize); + + /* Unaligned address. */ + TEST_VERIFY_EXIT (mseal (p + 1, pagesize, 0) == -1); + TEST_COMPARE (errno, EINVAL); + + /* Length too big. */ + TEST_VERIFY_EXIT (mseal (p, 3 * pagesize, 0) == -1); + TEST_COMPARE (errno, ENOMEM); + + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + /* Apply the same seal should be idempotent. */ + TEST_VERIFY_EXIT (mseal (p, pagesize, 0) == 0); + + TEST_VERIFY_EXIT (mprotect (p, pagesize, PROT_WRITE) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (munmap (p, pagesize) == -1); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (mremap (p, pagesize, 2 * pagesize, 0) == MAP_FAILED); + TEST_COMPARE (errno, EPERM); + + TEST_VERIFY_EXIT (madvise (p, pagesize, MADV_DONTNEED) == -1); + TEST_COMPARE (errno, EPERM); + + xmunmap (p + pagesize, pagesize); + xmunmap (p + 3 * pagesize, pagesize); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist index 5acf49dbe8..5a22654095 100644 --- a/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/64/libc.abilist @@ -2746,6 +2746,7 @@ GLIBC_2.4 unlinkat F GLIBC_2.4 unshare F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F GLIBC_2.5 __readlinkat_chk F GLIBC_2.5 inet6_opt_append F GLIBC_2.5 inet6_opt_find F diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist index 02d1bb97dc..d627f4fcce 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist +++ b/sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist @@ -2765,3 +2765,4 @@ GLIBC_2.39 stdc_trailing_zeros_ull F GLIBC_2.39 stdc_trailing_zeros_us F GLIBC_2.41 sched_getattr F GLIBC_2.41 sched_setattr F +GLIBC_2.42 mseal F