lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 14 Mar 2018 09:05:30 +0100
From:   Florian Weimer <fweimer@...hat.com>
To:     Ram Pai <linuxram@...ibm.com>
Cc:     mpe@...erman.id.au, mingo@...hat.com, akpm@...ux-foundation.org,
        linuxppc-dev@...ts.ozlabs.org, linux-mm@...ck.org, x86@...nel.org,
        linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org,
        dave.hansen@...el.com, benh@...nel.crashing.org, paulus@...ba.org,
        khandual@...ux.vnet.ibm.com, aneesh.kumar@...ux.vnet.ibm.com,
        bsingharora@...il.com, hbabu@...ibm.com, mhocko@...nel.org,
        bauerman@...ux.vnet.ibm.com, ebiederm@...ssion.com, corbet@....net,
        arnd@...db.de, msuchanek@...e.com, Ulrich.Weigand@...ibm.com
Subject: Re: [PATCH] x86, powerpc : pkey-mprotect must allow pkey-0

On 03/14/2018 09:00 AM, Florian Weimer wrote:
> On 03/09/2018 09:00 PM, Ram Pai wrote:
>> On Fri, Mar 09, 2018 at 12:04:49PM +0100, Florian Weimer wrote:
>>> On 03/09/2018 09:12 AM, Ram Pai wrote:
>>>> Once an address range is associated with an allocated pkey, it 
>>>> cannot be
>>>> reverted back to key-0. There is no valid reason for the above 
>>>> behavior.
>>>
>>> mprotect without a key does not necessarily use key 0, e.g. if
>>> protection keys are used to emulate page protection flag combination
>>> which is not directly supported by the hardware.
>>>
>>> Therefore, it seems to me that filtering out non-allocated keys is
>>> the right thing to do.
>>
>> I am not sure, what you mean. Do you agree with the patch or otherwise?
> 
> I think it's inconsistent to make key 0 allocated, but not the key which 
> is used for PROT_EXEC emulation, which is still reserved.  Even if you 
> change the key 0 behavior, it is still not possible to emulate mprotect 
> behavior faithfully with an allocated key.

Ugh.  Should have read the code first before replying:

         /* Do we need to assign a pkey for mm's execute-only maps? */
         if (execute_only_pkey == -1) {
                 /* Go allocate one to use, which might fail */
                 execute_only_pkey = mm_pkey_alloc(mm);
                 if (execute_only_pkey < 0)
                         return -1;
                 need_to_set_mm_pkey = true;
         }

So we do allocate the PROT_EXEC-only key, and I assume it means that the 
key can be restored using pkey_mprotect.  So the key 0 behavior is a 
true exception after all, and it makes sense to realign the behavior 
with the other keys.

Thanks,
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ