| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.11.1606111147000.5839@nanos> Date: Sat, 11 Jun 2016 11:47:44 +0200 (CEST) From: Thomas Gleixner <tglx@...utronix.de> To: Dave Hansen <dave@...1.net> cc: linux-kernel@...r.kernel.org, x86@...nel.org, linux-api@...r.kernel.org, linux-arch@...r.kernel.org, linux-mm@...ck.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, dave.hansen@...ux.intel.com Subject: Re: [PATCH 2/9] mm: implement new pkey_mprotect() system call On Wed, 8 Jun 2016, Dave Hansen wrote: > Proposed semantics: > 1. protection key 0 is special and represents the default, > unassigned protection key. It is always allocated. > 2. mprotect() never affects a mapping's pkey_mprotect()-assigned > protection key. A protection key of 0 (even if set explicitly) > represents an unassigned protection key. > 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection > key may or may not result in a mapping with execute-only > properties. pkey_mprotect() plus pkey_set() on all threads > should be used to _guarantee_ execute-only semantics. > 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The > kernel will internally attempt to allocate and dedicate a > protection key for the purpose of execute-only mappings. This > may not be possible in cases where there are no free protection > keys available. Shouldn't we just reserve a protection key for PROT_EXEC unconditionally? Thanks, tglx
Powered by blists - more mailing lists