lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 08 Jun 2021 21:05:48 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     liangjs <liangjs@....edu.cn>, Dave Hansen <dave.hansen@...el.com>
Cc:     linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
        Borislav Petkov <bp@...en8.de>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>
Subject: Re: arch_set_user_pkey_access only works on the current task_struct

On Tue, Jun 08 2021 at 11:16, liangjs wrote:
> On Mon, 2021-06-07 at 10:52 -0700, Dave Hansen wrote:
>> On 6/5/21 6:10 AM, Jiashuo Liang wrote:
>> > I am learning the kernel implementation of the x86 PKU feature. I find the
>> > arch_set_user_pkey_access function in arch/x86/kernel/fpu/xstate.c does not
>> > use its first parameter. So it is perhaps a bug?
>> 
>> I wouldn't really call it a bug.  But, yes, it is something we should
>> clean up.
>
> Should we remove the tsk parameter, or allow it to change the PKRU of tsk?
>
> By the way, we are calling write_pkru, which changes both the CPU's PKRU
> and the xsave one. Why is this necessary?

Because PKRU is xstate managed and there is the requirement to keep both
up to to date. There is work in progress to clean this up.

> If I want to change PKRU of a task_struct other than current, do I still
> need to call __write_pkru?

Of course not, but you _cannot_ safely update a different tasks PKRU
value except through ptrace which guarantees that the task is scheduled
out and stays that way until ptrace releases it again.

So tsk != current cannot work which means the function argument can just
go away.

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ