| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202305161307.4A16BB6A47@keescook>
Date: Tue, 16 May 2023 13:08:44 -0700
From: Kees Cook <keescook@...omium.org>
To: jeffxu@...omium.org
Cc: dave.hansen@...el.com, luto@...nel.org, jorgelo@...omium.org,
groeck@...omium.org, jannh@...gle.com, sroettger@...gle.com,
akpm@...ux-foundation.org, jeffxu@...gle.com,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-mm@...ck.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH 0/6] Memory Mapping (VMA) protection using PKU - set 1
On Mon, May 15, 2023 at 01:05:46PM +0000, jeffxu@...omium.org wrote:
> This patch introduces a new flag, PKEY_ENFORCE_API, to the pkey_alloc()
> function. When a PKEY is created with this flag, it is enforced that any
> thread that wants to make changes to the memory mapping (such as mprotect)
> of the memory must have write access to the PKEY. PKEYs created without
> this flag will continue to work as they do now, for backwards
> compatibility.
>
> Only PKEY created from user space can have the new flag set, the PKEY
> allocated by the kernel internally will not have it. In other words,
> ARCH_DEFAULT_PKEY(0) and execute_only_pkey won’t have this flag set,
> and continue work as today.
Cool! Yeah, this looks like it could become quite useful. I assume
V8 folks are on board with this API, etc?
> This set of patch covers mprotect/munmap, I plan to work on other
> syscalls after this.
Which ones are on your list currently?
--
Kees Cook
Powered by blists - more mailing lists