lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <0f990ce6-0eac-bd77-18d8-e2e3fdd5fb43@intel.com>
Date:   Mon, 26 Mar 2018 21:11:48 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     Ram Pai <linuxram@...ibm.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        tglx@...utronix.de, mpe@...erman.id.au, mingo@...nel.org,
        akpm@...ux-foundation.org, shuah@...nel.org
Subject: Re: [PATCH 1/9] x86, pkeys: do not special case protection key 0

On 03/26/2018 07:27 PM, Ram Pai wrote:
>> This is a bit nicer than what Ram proposed because it is simpler
>> and removes special-casing for pkey 0.  On the other hand, it does
>> allow applciations to pkey_free() pkey-0, but that's just a silly
>> thing to do, so we are not going to protect against it.
> The more I think about this, the more I feel we are opening up a can
> of worms.  I am ok with a bad application, shooting itself in its feet.
> But I am worried about all the bug reports and support requests we
> will encounter when applications inadvertently shoot themselves 
> and blame it on the kernel.
> 
> a warning in dmesg logs indicating a free-of-pkey-0 can help deflect
> the blame from the kernel.

I think it's OK to leave it.  A legit, very careful app could decide not
to use pkey 0.  It might even be fun to write that in the selftests for
sheer entertainment value.

Although, it _could_ be a bit more debuggable than it is now.  A
tracepoint that dumps out the pkey that got faulted on along with the
PKRU value at fault time might be nice to have.  That's mildly difficult
to do from outside the app.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ