** Description changed:
Hello,
My name is Jeff Xu, I work with Stephen Röttger on hardening the chrome
browser. I'm reaching out to explore the possibility of backporting
- memory sealing into the 22.04 LTS kernel.
+ memory sealing into the 24.04 LTS kernel.
For context, it is worth noting that the Kernel introduces mseal support
in version 6.10 [1]. The Chrome V8 engine will utilize the memory
sealing function to protect its JIT compiler from memory corruption
vulnerabilities. The change is merged in Chrome, and we believe that
Ubuntu users would benefit from using this safer version of Chrome.
In addition, glibc's dynamic linker is adding mseal to seal RO mapping
such as .text, .rodata, .relco [2], the integration test is completed.
The backport work includes 4 commits [3] [4] [5] [6]. ChromeOS and
Android GKI both have the mseal backported to the 6.6 kernel. I will
send out patches for LTS 22.04 to kernel-team@lists.ubuntu.com
Thank you for your time and consideration.
Best regards,
Jeff
[1] https://docs.kernel.org/userspace-api/mseal.html
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
[3] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595211/4
[4] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595853/4
[5] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5742931
[6] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5802772
** Description changed:
Hello,
My name is Jeff Xu, I work with Stephen Röttger on hardening the chrome
browser. I'm reaching out to explore the possibility of backporting
memory sealing into the 24.04 LTS kernel.
For context, it is worth noting that the Kernel introduces mseal support
in version 6.10 [1]. The Chrome V8 engine will utilize the memory
sealing function to protect its JIT compiler from memory corruption
vulnerabilities. The change is merged in Chrome, and we believe that
Ubuntu users would benefit from using this safer version of Chrome.
In addition, glibc's dynamic linker is adding mseal to seal RO mapping
such as .text, .rodata, .relco [2], the integration test is completed.
The backport work includes 4 commits [3] [4] [5] [6]. ChromeOS and
Android GKI both have the mseal backported to the 6.6 kernel. I will
- send out patches for LTS 22.04 to kernel-team@lists.ubuntu.com
+ send out patches for LTS 24.04 to kernel-team@lists.ubuntu.com
Thank you for your time and consideration.
Best regards,
Jeff
[1] https://docs.kernel.org/userspace-api/mseal.html
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
[3] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595211/4
[4] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595853/4
[5] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5742931
[6] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5802772
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2089711
Title:
Request to backport mseal syscall to LTS 24.04 LTS GA kernel
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Triaged
Bug description:
Hello,
My name is Jeff Xu, I work with Stephen Röttger on hardening the
chrome browser. I'm reaching out to explore the possibility of
backporting memory sealing into the 24.04 LTS kernel.
For context, it is worth noting that the Kernel introduces mseal
support in version 6.10 [1]. The Chrome V8 engine will utilize the
memory sealing function to protect its JIT compiler from memory
corruption vulnerabilities. The change is merged in Chrome, and we
believe that Ubuntu users would benefit from using this safer version
of Chrome.
In addition, glibc's dynamic linker is adding mseal to seal RO mapping
such as .text, .rodata, .relco [2], the integration test is
completed.
The backport work includes 4 commits [3] [4] [5] [6]. ChromeOS and
Android GKI both have the mseal backported to the 6.6 kernel. I will
send out patches for LTS 24.04 to kernel-team@lists.ubuntu.com
Thank you for your time and consideration.
Best regards,
Jeff
[1] https://docs.kernel.org/userspace-api/mseal.html
[2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html
[3] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595211/4
[4] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595853/4
[5] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5742931
[6] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5802772
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089711/+subscriptions
Комментариев нет:
Отправить комментарий