On 2/11/25 7:21 PM, jef...@chromium.org wrote:
> From: Jeff Xu <jef...@chromium.org>
>
> ---
> include/linux/userprocess.h | 18 ++++++++++++++++++
> init/Kconfig | 18 ++++++++++++++++++
> security/Kconfig | 18 ++++++++++++++++++
> 3 files changed, 54 insertions(+)
> create mode 100644 include/linux/userprocess.h
>
> diff --git a/init/Kconfig b/init/Kconfig
> index d0d021b3fa3b..892d2bcdf397 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -1882,6 +1882,24 @@ config ARCH_HAS_MEMBARRIER_CALLBACKS
> config ARCH_HAS_MEMBARRIER_SYNC_CORE
> bool
>
> +config ARCH_HAS_MSEAL_SYSTEM_MAPPINGS
> + bool
> + help
> + Control MSEAL_SYSTEM_MAPPINGS access based on architecture.
> +
> + A 64-bit kernel is required for the memory sealing feature.
> + No specific hardware features from the CPU are needed.
> +
> + To enable this feature, the architecture needs to update their
> + speical mappings calls to include the sealing flag and confirm
special
> + that it doesn't unmap/remap system mappings during the life
> + time of the process. After the architecture enables this, a
> + distribution can set CONFIG_MSEAL_SYSTEM_MAPPING to manage access
> + to the feature.
> +
> + For complete descriptions of memory sealing, please see
> + Documentation/userspace-api/mseal.rst
> +
> config HAVE_PERF_EVENTS
> bool
> help
--
~Randy
