From: Dave Hansen <dave.hansen@intel.com>
To: Aruna Ramakrishna <aruna.ramakrishna@oracle.com>,
linux-kernel@vger.kernel.org
Cc: x86@kernel.org, dave.hansen@linux.intel.com, tglx@linutronix.de
Subject: Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE
Date: Thu, 14 Mar 2024 10:54:18 -0700 [thread overview]
Message-ID: <4bd2aea0-3cea-4ef8-9607-40447cd531e5@intel.com> (raw)
In-Reply-To: <20240314172920.2708810-1-aruna.ramakrishna@oracle.com>
On 3/14/24 10:29, Aruna Ramakrishna wrote:
> This patch is a workaround for a bug where the PKRU value is not
> restored to the init value before the signal handler is invoked.
I don't think we should touch this with a ten foot pole without a test
for it in tools/testing/selftests/mm/protection_keys.c.
I'm not sure this is worth the trouble. Protection keys is not a
security feature. This isn't a regression. It's been the behavior
since day one. This really is a feature request for a behavioral
improvement, not a bug fix.
The need for this new feature is highly dependent on the threat model
that it supports. I'm highly dubious that there's a true need to
protect against an attacker with arbitrary write access in the same
address space. We need to have a lot more information there.
I haven't even more than glanced at the code. It looks pretty
unspeakably ugly even at a glance.
next prev parent reply other threads:[~2024-03-14 17:54 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-14 17:29 [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE Aruna Ramakrishna
2024-03-14 17:54 ` Dave Hansen [this message]
2024-03-14 18:14 ` Aruna Ramakrishna
2024-03-14 18:30 ` Dave Hansen
2024-03-15 4:47 ` Aruna Ramakrishna
2024-03-18 17:32 ` Matthias Neugschwandtner
2024-03-15 17:36 ` Thomas Gleixner
2024-03-15 18:06 ` Aruna Ramakrishna
2024-03-15 18:43 ` Aruna Ramakrishna
2024-03-15 23:05 ` Thomas Gleixner
2024-03-18 17:25 ` Aruna Ramakrishna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4bd2aea0-3cea-4ef8-9607-40447cd531e5@intel.com \
--to=dave.hansen@intel.com \
--cc=aruna.ramakrishna@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.