Announcement

Collapse
No announcement yet.

Google Proposes New mseal() Memory Sealing Syscall For Linux

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Google Proposes New mseal() Memory Sealing Syscall For Linux

    Phoronix: Google Proposes New mseal() Memory Sealing Syscall For Linux

    Google is proposing a new mseal() memory sealing system call for the Linux kernel. Google intends for this architecture independent system call to be initially used by the Google Chrome web browser on Chrome OS while experiments are underway for use by Glibc in the dynamic linker to seal all non-writable segments at startup...

    Google Proposes New mseal() Memory Sealing Syscall For Linux - Phoronix
    https://www.phoronix.com/news/Linux-mseal-Memory-Sealing
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    People work at Google? Or did the one dude working there teach Bard to write kernel patches?
    • Likes 4

    Comment

    • #3
      Originally posted by Ironmask View Post
      People work at Google? Or did the one dude working there teach Bard to write kernel patches?
      Sounds about right. This kind of AI is only good at regurgitating existing ideas. From the patch notes:

      A similar feature already exists in the XNU kernel with the
      VM_FLAGS_PERMANENT [3] flag and on OpenBSD with the mimmutable syscall [4].​
      ​

      Good to see Linux trying to catch up with security ideas though. Always surprising to see Apple ahead of the game (for OpenBSD it is obviously expected since security is one of its main focuses).
      Last edited by kpedersen; 17 October 2023, 09:35 AM.
      • Likes 4

      Comment

      • #4
        Originally posted by kpedersen View Post

        Sounds about right. This kind of AI is only good at regurgitating existing ideas. From the patch notes:
        You're giving LLMs WAY too much credit here. Taking inspiration from good ideas happening elsewhere is not merely "regurgiating", and actually a good thing.

        Comment

        • #5
          Originally posted by archkde View Post

          Taking inspiration from good ideas happening elsewhere is not merely "regurgiating", and actually a good thing.
          This isn't taking good ideas happening elsewhere, it's reinventing the wheel. Knowing at least a little bit about a platform you're writing kernel patches for is not a huge ask.
          • Likes 1

          Comment

          • #6
            Torvalds needs to write these rules down before he passes. Especially the obvious stuff. Because Harvard isn't teaching them.
            • Likes 13

            Comment

            • #7
              Originally posted by TheMightyBuzzard View Post

              This isn't taking good ideas happening elsewhere, it's reinventing the wheel. Knowing at least a little bit about a platform you're writing kernel patches for is not a huge ask.
              This did already happen elsewhere, it was inspired by XNU and OpenBSD. That the Linux patch was not of great quality doesn't mean the idea isn't good.
              • Likes 1

              Comment

              • #8
                Originally posted by emansom View Post
                Torvalds needs to write these rules down before he passes. Especially the obvious stuff. Because Harvard isn't teaching them.
                I'm sure he knows plenty of people willing and capable of passing the torch down to.
                You can't really write rules down for this stuff, its just "what's good/common sense" which unfortunately a lot of corporations have no idea what that is.
                Most of his rants amount to "hey maybe make this readable" or "hey maybe dont make an exact duplicate of what we already have" or just "hey maybe use our standard infrastructure instead of injecting your own shitty one you use in-house that nobody else wants or needs"
                • Likes 2

                Comment

                • #9
                  Still hopeful somebody will port pledge from OpenBSD.

                  So much better than the tens of "security frameworks" Linux already has.
                  • Likes 4

                  Comment

                  • #10
                    Originally posted by ayumu View Post
                    Still hopeful somebody will port pledge from OpenBSD.

                    So much better than the tens of "security frameworks" Linux already has.
                    Theo came in an proposed openbsd's mimmutable(2) call.

                    Re: [RFC PATCH v1 0/8] Introduce mseal() syscall - Theo de Raadt
                    https://lore.kernel.org/lkml/[email protected]/


                    I agree that linux could learn a bit more from the bsd's (and also windows). pledge would have been nice, but with containers, I'm afraid that ship has sailed.
                    • Likes 4

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X