Public bug reported: Hello,
My name is Jeff Xu, I work with Stephen Röttger on hardening the chrome browser. I'm reaching out to explore the possibility of backporting memory sealing into the 22.04 LTS kernel. For context, it is worth noting that the Kernel introduces mseal support in version 6.10 [1]. The Chrome V8 engine will utilize the memory sealing function to protect its JIT compiler from memory corruption vulnerabilities. The change is merged in Chrome, and we believe that Ubuntu users would benefit from using this safer version of Chrome. In addition, glibc’s dynamic linker is adding mseal to seal RO mapping such as .text, .rodata, .relco [2], the integration test is completed. The backport work includes 4 commits [3] [4] [5] [6]. ChromeOS and Android GKI both have the mseal backported to the 6.6 kernel. I will send out patches for LTS 22.04 to kernel-t...@lists.ubuntu.com Thank you for your time and consideration. Best regards, Jeff [1] https://docs.kernel.org/userspace-api/mseal.html [2] https://sourceware.org/pipermail/libc-alpha/2024-September/160291.html [3] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595211/4 [4] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5595853/4 [5] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5742931 [6] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/5802772 ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089711 Title: Request to backport mseal syscall to LTS 24.04 LTS GA kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089711/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
