lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Jun 2016 09:03:36 -0700
From:	Dave Hansen <dave@...1.net>
To:	Thomas Gleixner <tglx@...utronix.de>
Cc:	linux-kernel@...r.kernel.org, x86@...nel.org,
	linux-api@...r.kernel.org, linux-arch@...r.kernel.org,
	linux-mm@...ck.org, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, dave.hansen@...ux.intel.com
Subject: Re: [PATCH 2/9] mm: implement new pkey_mprotect() system call

On 06/11/2016 02:47 AM, Thomas Gleixner wrote:
> On Wed, 8 Jun 2016, Dave Hansen wrote:
>> > Proposed semantics:
>> > 1. protection key 0 is special and represents the default,
>> >    unassigned protection key.  It is always allocated.
>> > 2. mprotect() never affects a mapping's pkey_mprotect()-assigned
>> >    protection key. A protection key of 0 (even if set explicitly)
>> >    represents an unassigned protection key.
>> >    2a. mprotect(PROT_EXEC) on a mapping with an assigned protection
>> >        key may or may not result in a mapping with execute-only
>> >        properties.  pkey_mprotect() plus pkey_set() on all threads
>> >        should be used to _guarantee_ execute-only semantics.
>> > 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The
>> >    kernel will internally attempt to allocate and dedicate a
>> >    protection key for the purpose of execute-only mappings.  This
>> >    may not be possible in cases where there are no free protection
>> >    keys available.
> Shouldn't we just reserve a protection key for PROT_EXEC unconditionally?

Normal userspace does not do PROT_EXEC today.  So, today, we'd
effectively lose one of our keys by reserving it.  Of the folks I've
talked to who really want this feature, and *will* actually use it, one
of the most common complaints is that there are too few keys.

Folks who actively *want* true PROT_EXEC semantics can use the explicit
pkey interfaces.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ