lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240610213934.3378947-1-jeffxu@chromium.org>
Date: Mon, 10 Jun 2024 21:39:34 +0000
From: jeffxu@...omium.org
To: aruna.ramakrishna@...cle.com
Cc: dave.hansen@...ux.intel.com,
	keith.lucas@...cle.com,
	linux-kernel@...r.kernel.org,
	mingo@...nel.org,
	tglx@...utronix.de,
	x86@...nel.org,
	andrew.brownsword@...cle.com,
	matthias.neugschwandtner@...cle.com,
	jeffxu@...omium.org,
	jeffxu@...gle.com,
	jannh@...gle.com,
	keescook@...omium.org,
	sroettger@...gle.com,
	jorgelo@...omium.org,
	rick.p.edgecombe@...el.com
Subject: Re [PATCH v5 2/5] x86/pkeys: Add helper functions to update PKRU on sigframe

The orig_pkru & init_pkru_value is quite difficult to understand.

case 1> init_pkru: 00 (allow all)
orig_pkru all cases  => allow all

case 2> init_pkru: 01 (disable all)
Orig_pkru:
allow all 00 => 00 allow all.
disable all 01 => 01 disable all.
disable write 10 => 00 allow all <--- *** odd ***
disable all 11 => 01 disable all

case 3> init pkru: 10 (disable write)
allow all 00 => 00 allow all.
disable all 01 => 00 (allow all) <----*** odd ***
disable write 10 => 10 allow all
disable all 11 => 10 disable write <--- *** odd ***

case 4> init pkru: 11 (disable all)
orig_pkru all cases => unchanged. 

set PKRU(0) seems to be better, easy to understand.

In addition, kernel overwrites the PKRU during the
signal handleing is a new ABI, it might be the best
to add a flag during sigaltstack(), similar to
how SS_AUTODISARM is set.

> +	return orig_pkru;
> +}
> +
 
-Jeff

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ