登录查看更多内容

mseal() – Enhancing Memory Security in Linux Kernel 6.10

Pravin Jogdand

Embedded Linux Engineer | Linux Kernel / System Programming | Linux Device Driver | USB PCIe Disk UART | Python C C++ | Shell Perl Scripting | Yocto | RTOS | 5G | Memory / Power Management | IoT | Signal Image Processing

发布日期: 2024年8月4日

+ 关注

Functionality

Introduces mseal(), a new syscall for the Linux kernel.
Protects Virtual Memory Areas (VMAs) from unauthorized modifications.
Introduced in Linux Kernel 6.10.

Security Enhancements

Ensures read-only memory remains non-writable.
Secures executable memory against unauthorized changes.

Compatibility

Architecture-independent, supporting dynamic memory sealing.
Useful for applications like Chrome’s control-flow integrity (CFI).
Supports glibc's ELF executable loading.

Operations Blocking

Blocks destructive operations like MADV_DONTNEED.

Overall Benefits

Improves system security and resilience against vulnerabilities.

How to Use mseal()

Allocate Memory

void *addr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);

Seal the Memory Using mseal()

int result = mseal(addr, size, MSEAL_SEAL); 
if (result != 0) { 
      perror("mseal failed"); 
}
int result = mseal(addr, size, MSEAL_SEAL);
if (result != 0) 
{ 
    perror("mseal failed");
 }

Memory Access Control

The sealed memory will now be protected from unauthorized modifications.

Unseal the Memory (if necessary)

result = mseal(addr, size, MSEAL_UNSEAL); 
if (result != 0) 
{ 
    perror("mseal unseal failed");
 }

#LinuxKernel #mseal #memory #Linux

Follow: https://www.dhirubhai.net/in/pravin-jogdand-90054815/

Core Interface System

4,577 位关注者

Rahul Singh

7 个月

did they take inspiration from the company mseal for this?

Mike Reznikov

Network|Math|ML Acceleration (C/C++/RTL)

7 个月

why a new syscall, why not using mprotect?

查看更多评论

要查看或添加评论，请登录

Pravin Jogdand的更多文章

Texas Instruments Unveils the World's Smallest MCU—A Game Changer for Embedded Systems

2025年3月16日

Texas Instruments Unveils the World's Smallest MCU—A Game Changer for Embedded Systems

Texas Instruments (TI) has once again pushed the boundaries of microcontroller (MCU) innovation by introducing the…

2 条评论
Will Rust replace C in the Near Future?

2025年2月26日

Will Rust replace C in the Near Future?

Linus Torvalds has officially backed Rust for Linux kernel development, signaling a significant shift in system…

5 条评论
Edge vs. Cloud LLM: What's Better?

2024年10月13日

Edge vs. Cloud LLM: What's Better?

Optimus' robot brain from a hardware perspective focuses on meeting real-time deadlines, crucial for robots as…
Linux Kernel 6.11: Enhancing Networking, WiFi, and More - Here’s What You Need to Know

2024年9月22日

Linux Kernel 6.11: Enhancing Networking, WiFi, and More - Here’s What You Need to Know

The Linux kernel 6.11, recently released by Linus Torvalds, brings a range of significant updates and enhancements…
Packet Forwarding Control Protocol (PFCP) in Linux Kernel 6.10: A Game-Changer for Networking

2024年8月18日

Packet Forwarding Control Protocol (PFCP) in Linux Kernel 6.10: A Game-Changer for Networking

The Linux Kernel 6.10 marks a significant milestone with the introduction of Packet Forwarding Control Protocol (PFCP)…

8 条评论
Enhanced Security in Linux Kernel 6.10

2024年8月10日

Enhanced Security in Linux Kernel 6.10

Before Linux kernel 6.10, security involving Trusted Platform Modules (TPMs) was less secure, as communication between…

1 条评论
The Essence of Linux OS Greatness: Lessons from Chanakya

2024年7月13日

The Essence of Linux OS Greatness: Lessons from Chanakya

One day, Chanakya engaged in a discussion with a prominent advisor of the empire. He asked, "What qualities are…
Exploring the Life Philosophy Behind Unix: Everything as a File or Process

2024年4月6日

Exploring the Life Philosophy Behind Unix: Everything as a File or Process

In the intricate world of Unix, there exists a fundamental principle that underpins its design: "Everything is a file…
Understanding Memory Mapping: IO and IO-Mapped IO

2024年3月25日

Understanding Memory Mapping: IO and IO-Mapped IO

Introduction: In the world of Linux, making Input/Output (IO) operations smooth is important. Two important ideas in…

1 条评论
Embedded Linux and AI: Where Geek Meets Chic!

2024年3月3日

Embedded Linux and AI: Where Geek Meets Chic!

At the surface, AI dazzles with its chic allure, offering users a taste of the extraordinary. But delve deeper, and…

See all articles

mseal() – Enhancing Memory Security in Linux Kernel 6.10

Pravin Jogdand

Embedded Linux Engineer | Linux Kernel / System Programming | Linux Device Driver | USB PCIe Disk UART | Python C C++ | Shell Perl Scripting | Yocto | RTOS | 5G | Memory / Power Management | IoT | Signal Image Processing

Functionality

Security Enhancements

Compatibility

Operations Blocking

Overall Benefits

How to Use mseal()

Core Interface System

4,577 位关注者

Pravin Jogdand的更多文章

社区洞察

其他会员也浏览了

CSI Linux 2020.3 released!

Kali Linux 2024.3: A Closer Look

Blocking su to root

BHIS Webcast - Windows logging, Sysmon and ELK

Details About a Critical 9.9 Vulnerability That Affects All GNU/Linux Systems are About to be Released

How to Detect NMAP Scan Using Snort

Intro to file integrity monitoring - AIDE

How to Detect NMAP Scan Using Snort

Bypass UAC in Windows 10 using bypass_comhijack Exploit

CERT-In Finds Vulnerabilities In Apple iTunes, Google Chrome

Functionality

Security Enhancements

Compatibility

Operations Blocking

Overall Benefits

How to Use mseal()

Core Interface System

4,577 位关注者

Pravin Jogdand的更多文章

Texas Instruments Unveils the World's Smallest MCU—A Game Changer for Embedded Systems

Will Rust replace C in the Near Future?

Edge vs. Cloud LLM: What's Better?

Linux Kernel 6.11: Enhancing Networking, WiFi, and More - Here’s What You Need to Know

Packet Forwarding Control Protocol (PFCP) in Linux Kernel 6.10: A Game-Changer for Networking

Enhanced Security in Linux Kernel 6.10

The Essence of Linux OS Greatness: Lessons from Chanakya

Exploring the Life Philosophy Behind Unix: Everything as a File or Process

Understanding Memory Mapping: IO and IO-Mapped IO

Embedded Linux and AI: Where Geek Meets Chic!

社区洞察

其他会员也浏览了

CSI Linux 2020.3 released!

Kali Linux 2024.3: A Closer Look

Blocking su to root

BHIS Webcast - Windows logging, Sysmon and ELK

Details About a Critical 9.9 Vulnerability That Affects All GNU/Linux Systems are About to be Released

How to Detect NMAP Scan Using Snort

Intro to file integrity monitoring - AIDE

How to Detect NMAP Scan Using Snort

Bypass UAC in Windows 10 using bypass_comhijack Exploit

CERT-In Finds Vulnerabilities In Apple iTunes, Google Chrome