In addition to all of the memory management “MM” changes merged for the Linux 6.15 kernel, a secondary round of MM updates was submitted and subsequently merged for this next kernel version. Interesting here is using the recent MSEAL system call for being able to now seal system mappings.
Wednesday’s additional MM updates sent in by Andrew Morton include the patch series from Google engineer Jeff Xu to allow sealing of system mappings using MSEAL. The MSEAL system call itself also came out of Google as a means of memory sealing on Linux. MSEAL merged into Linux 6.10 last year to allow protecting the memory mapping against (malicious) modification. That’s now being extended with Linux 6.15 to protect system mappings.
Jeff Xu explained in the patch series for this work:
“The mseal() is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management system. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped.
The system mappings are readonly only, memory sealing can protect them from ever changing to writable or unmmap/remapped as different attributes.
System mappings such as vdso, vvar, vvar_vclock, vectors (arm compact-mode), sigpage (arm compact-mode), are created by the kernel during program initialization, and could be sealed after creation.
…
This feature’s security enhancements will benefit ChromeOS, Android, and other high security systems.”
Another useful security addition to the Linux kernel from Google that’s now in the mainline tree. With the code merged for Linux 6.15, this MSEAL sealing of system mappings is wired up for x86_64 and ARM64 architectures while in the future could be extended to additional CPU architectures.
