PKU usage improvements for threads

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "Stephen Röttger" <sroettger@google.com>,
	x86@kernel.org, linux-kernel@vger.kernel.org
Subject: PKU usage improvements for threads
Date: Mon, 22 Aug 2022 13:40:28 -0700	[thread overview]
Message-ID: <202208221331.71C50A6F@keescook> (raw)

Hi!

I was hoping to start a conversation about PKU usage for threads in two
places, which Stephen Röttger brought to my attention, with the hope of
being able to use these in Chrome:

1) It appears to be a bug that a thread without the correct PK can make
VMAs covered by a separate PK, out from under other threads. (e.g. mmap
a new mapping to wipe out the defined PK for it.) It seems that PK checks
should be made when modifying VMAs.

2) It would be very helpful to have a mechanism for the signal stack to
be PK aware, in the sense that the kernel would switch to a predefined
PK. i.e. having a new interface to sigaltstack() which includes a PK.

Are either of these something the PKU authors have considered? (Or are
there some details we're missing in this area?)

Thanks!

-Kees

-- 
Kees Cook

next             reply	other threads:[~2022-08-22 20:40 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-22 20:40 Kees Cook [this message]
2022-08-22 21:11 ` PKU usage improvements for threads Dave Hansen
2022-08-23 11:08   ` Stephen Röttger
2022-08-23 18:12     ` Dave Hansen
2022-08-23 18:24       ` Andy Lutomirski
2022-08-24  8:51         ` Stephen Röttger
2022-08-24 16:28           ` Dave Hansen
2022-08-24 16:45           ` Andy Lutomirski
2022-08-25 12:30             ` Stephen Röttger
2022-08-25 14:36               ` Dave Hansen
2022-09-02 17:18                 ` Andy Lutomirski
2022-09-03  0:16         ` Fangfei Yang
2022-09-03  0:14       ` Fangfei Yang
2022-09-06  4:34         ` Andy Lutomirski
2022-09-06  5:58           ` Fangfei Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202208221331.71C50A6F@keescook \
    --to=keescook@chromium.org \
    --cc=dave.hansen@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sroettger@google.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.