Lines Matching +full:use +full:- +full:cases
1 .. SPDX-License-Identifier: GPL-2.0
17 such an attacker primitive can break control-flow integrity guarantees
18 since read-only memory that is supposed to be trusted can become writable
29 -----------------------
34 - The start address must be in an allocated VMA.
35 - The start address must be page aligned.
36 - The end address (**addr** + **len**) must be in an allocated VMA.
37 - no gap (unallocated memory) between start and end address.
41 **flags**: reserved for future use.
44 - **0**: Success.
45 - **-EINVAL**:
49 - **-ENOMEM**:
53 - **-EPERM**:
54 * sealing is supported only on 64-bit CPUs, 32-bit is not supported.
57 - For above error cases, users can expect the given memory range is
59 - There might be other internal errors/cases not listed here, e.g.
61 number of supported VMAs. In those cases, partial updates to the given
62 memory range could happen. However, those cases should be rare.
65 mseal only works on 64-bit CPUs, not 32-bit CPUs.
69 is a no-action (not error).
77 -------------------------------------
90 - munmap
91 - mmap
92 - mremap
93 - mprotect and pkey_mprotect
94 - some destructive madvise behaviors: MADV_DONTNEED, MADV_FREE,
113 Kernel will return -EPERM for blocked syscalls.
115 When blocked syscall return -EPERM due to sealing, the memory regions may
118 - munmap: munmap is atomic. If one of VMAs in the given range is
120 - mprotect, pkey_mprotect, madvise: partial update might happen, e.g.
122 VMAs before reaching the sealed VMA and return -EPERM.
123 - mmap and mremap: undefined behavior.
125 Use cases
127 - glibc:
131 - Chrome browser: protect some security sensitive data structures.
133 - System mappings:
135 vvar_vclock, vectors (arm compat-mode), sigpage (arm compat-mode), uprobes.
146 The following architectures currently support this feature: x86-64, arm64,
154 When not to use mseal
162 - aio/shm
169 - ptr allocated by malloc (heap)
170 Don't use mseal on the memory ptr return from malloc().
175 non-deterministic.
195 Those cases are:
197 - Write to read-only memory through /proc/self/mem interface (FOLL_FORCE).
198 - Write to read-only memory through ptrace (such as PTRACE_POKETEXT).
199 - userfaultfd.
206 - [1] https://github.com/apple-oss-distributions/xnu/blob/1031c584a5e37aff177559b9f69dbd3c8c3fd30a/…
207 - [2] https://man.openbsd.org/mimmutable.2
208 - [3] https://lore.kernel.org/lkml/CAG48ez3ShUYey+ZAFsU2i1RpQn0a5eOs2hzQ426FkcgnfUGLvA@mail.gmail.c…
209 - [4] https://docs.google.com/document/d/1O2jwK4dxI3nRcOJuPYkonhTkNQfbmwdvxQMyXgeaRHo/edit#heading=…