lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240610212145.3374270-1-jeffxu@chromium.org>
Date: Mon, 10 Jun 2024 21:21:45 +0000
From: jeffxu@...omium.org
To: aruna.ramakrishna@...cle.com
Cc: dave.hansen@...ux.intel.com,
	keith.lucas@...cle.com,
	linux-kernel@...r.kernel.org,
	mingo@...nel.org,
	tglx@...utronix.de,
	x86@...nel.org,
	andrew.brownsword@...cle.com,
	matthias.neugschwandtner@...cle.com,
	jeffxu@...omium.org,
	jeffxu@...gle.com,
	jannh@...gle.com,
	keescook@...omium.org,
	sroettger@...gle.com,
	jorgelo@...omium.org,
	rick.p.edgecombe@...el.com
Subject: Re [PATCH v5 0/5] x86/pkeys: update PKRU to enable pkey 0 before XSAVE

Hi

On Thu, Jun 06, 2024 at 10:40:30PM +0000, Aruna Ramakrishna wrote:
> v5 updates:
> - No major changes, mostly a resend of v4 - except for updating the
>   commit description for patch 5/5
> 
> v4 updates (based on review feedback from Thomas Gleixner):
> - Simplified update_pkru_in_sigframe()
> - Changed sigpkru to enable minimally required keys (init_pkru and
>   current
>   pkru)
> - Modified pkey_sighandler_tests.c to use kselfttest framework
> - Fixed commit descriptions
> - Fixed sigreturn use case (pointed out by Jeff Xu)
> - Added a new sigreturn test case
> 
> v3 updates (based on review feedback from Ingo Molnar and Dave Hansen):
> - Split the original patch into 3:
>         - function interface changes
>         - helper functions
>         - functional change to write pkru on sigframe
> - Enabled all pkeys before XSAVE - i.e. wrpkru(0), rather than assuming
> that the alt sig stack is always protected by pkey 0.
> - Added a few test cases in pkey_sighandler_tests.c.
> 
> I had some trouble adding these tests to
> tools/testing/selftests/mm/protection_keys.c, so they're in a separate
> file.
> 

Please add me to the future thread of this patch ! Thanks

I added a few more people to the email list. We've dealt with similar
situations in the past ([1] [2]), so it might be a good idea to
keep them updated. Also, ChromeOS and Chrome will use the functionality
provided by this patch series.

[1] https://lore.kernel.org/all/202208221331.71C50A6F@keescook/

[2] https://docs.google.com/document/d/1DjPhBq-5gRKtTeaknQDTWfvqRBCONmYqkU1I6k-3Ai8/edit?resourcekey=0-GGQta3_yhKqK7xV5SxIrVQ&tab=t.0

Thanks!
-Jeff

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ