lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <426cc161-a419-42bb-9860-5b628b0821ab@oracle.com>
Date: Mon, 18 Mar 2024 18:32:16 +0100
From: Matthias Neugschwandtner <matthias.neugschwandtner@...cle.com>
To: Aruna Ramakrishna <aruna.ramakrishna@...cle.com>,
        Dave Hansen <dave.hansen@...el.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "x86@...nel.org" <x86@...nel.org>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        Eric Sedlar <eric.sedlar@...cle.com>,
        Andrew Brownsword <andrew.brownsword@...cle.com>,
        Craig Schelp <craig.schelp@...cle.com>
Subject: Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE

On 3/15/24 05:47, Aruna Ramakrishna wrote:

> It’s not about the man page - it's just that, my understanding of this flow and this use case stems from there. I think we assumed that we can turn off pkey 0 and still be able to set up the alt sig stack (and have the kernel reset it to init_pkru anyway) - and when that didn’t work, it seemed like a bug. :)
> 
>> In other words, you're not going to spur me into action my thwapping me
>> with the manpage that I wrote.  You've got to convince me that your new
>> use case is valid, this is the best way to support your new use case,
>> and that your implementation of the new feature is sane.
>>
>>
> 
> Matthias/Eric,
> Can you please talk about the use case in greater detail?

Sure. The core use case we are trying to handle is inspired by the seminal 
ERIM paper [1] on using protection keys for in-process isolation. We want to
protect the memory regions of an application from corruption by a component 
that co-resides in the same address space.
Since all memory allocated by the main application is tagged with pkey 0 by 
default, we remove access to it when entering the component. If a signal is 
triggered at that time, the kernel subsequently fails to set up the signal 
handling stack.

Thank you,
Matthias

[1] 
https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ