| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Dec 2015 15:48:25 -0800 From: Dave Hansen <dave.hansen@...ux.intel.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Andy Lutomirski <luto@...capital.net>, "H. Peter Anvin" <hpa@...or.com>, Oleg Nesterov <oleg@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>, Brian Gerst <brgerst@...il.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Christoph Hellwig <hch@....de> Subject: Re: Rethinking sigcontext's xfeatures slightly for PKRU's benefit? On 12/18/2015 01:45 PM, Linus Torvalds wrote: > On Fri, Dec 18, 2015 at 1:12 PM, Dave Hansen > <dave.hansen@...ux.intel.com> wrote: >> >> But, if we are picking out an execute-only pkey more dynamically, we've >> got to keep the default value for the entire process somewhere. > > How dynamic do we want to make this, though? Right now, all I plan to do is make it a one-way trip: if a process does a prot=PROT_EXEC mapping, we dedicate a key local to that process, and it gets 14 usable keys. If it doesn't use prot=PROT_EXEC, then it gets 15 usable keys. > I haven't looked at the details, and perhaps more importantly, I don't > know what exactly are the requirements you've gotten from the people > who are expected to actually use this. > > I think we might want to hardcode a couple of keys as "kernel > reserved". And I'd rather reserve them up-front than have some user > program be unhappy later when we want to use them. The one constant I've heard from the folks that are going to use this is that 15 keys is not enough. That's why I'm hesitant to remove _any_ more. > But I do think we might want to have that "no read access" as a real > fixed key too, because I think the kernel itself would want to use it: > > (a) to make sure that it gets the right fault when user space passes > in a execute-only address to a system call. Having a dedicated or static key for execute-only doesn't really change this code. We just have one extra step to go look in the mm->context and see which pkey (if any) is assigned to be execute-only in the fault code. > (b) for much more efficient PAGEALLOC_DEBUG for kernel mappings. The current hardware only applies the keys on _PAGE_USER mappings, so we can't use it for kernel mappings. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists