From: "Michael Kerrisk (man-pages)" <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Dave Hansen <dave-gkUM19QKKo4@public.gmane.org>
Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
Jonathan Corbet <corbet-T1hC0tSOHrs@public.gmane.org>,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org"
<x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-arch <linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org"
<linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Dave Hansen <dave.hansen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
Subject: Re: [PATCH 5/8] x86, pkeys: allocation/free syscalls
Date: Thu, 2 Jun 2016 19:26:03 -0500 [thread overview]
Message-ID: <5499ff55-ae0f-e54c-05fd-b1e76dc05a89@gmail.com> (raw)
In-Reply-To: <574F7B16.4080906-gkUM19QKKo4@public.gmane.org>
On 06/01/2016 07:17 PM, Dave Hansen wrote:
> On 06/01/2016 05:11 PM, Michael Kerrisk (man-pages) wrote:
>>>>>>
>>>>>> If I read this right, it doesn't actually remove any pkey restrictions
>>>>>> that may have been applied while the key was allocated. So there could be
>>>>>> pages with that key assigned that might do surprising things if the key is
>>>>>> reallocated for another use later, right? Is that how the API is intended
>>>>>> to work?
>>>>
>>>> Yeah, that's how it works.
>>>>
>>>> It's not ideal. It would be _best_ if we during mm_pkey_free(), we
>>>> ensured that no VMAs under that mm have that vma_pkey() set. But, that
>>>> search would be potentially expensive (a walk over all VMAs), or would
>>>> force us to keep a data structure with a count of all the VMAs with a
>>>> given key.
>>>>
>>>> I should probably discuss this behavior in the manpages and address it
>> s/probably//
>>
>> And, did I miss it. Was there an updated man-pages patch in the latest
>> series? I did not notice it.
>
> There have been to changes to the patches that warranted updating the
> manpages until now. I'll send the update immediately.
Do those updated pages include discussion of the point noted above?
I could not see it mentioned there.
Just by the way, the above behavior seems to offer possibilities
for users to shoot themselves in the foot, in a way that has security
implications. (Or do I misunderstand?)
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
WARNING: multiple messages have this Message-ID (diff)
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: Dave Hansen <dave@sr71.net>
Cc: mtk.manpages@gmail.com, Jonathan Corbet <corbet@lwn.net>,
lkml <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Linux API <linux-api@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Dave Hansen <dave.hansen@linux.intel.com>
Subject: Re: [PATCH 5/8] x86, pkeys: allocation/free syscalls
Date: Thu, 2 Jun 2016 19:26:03 -0500 [thread overview]
Message-ID: <5499ff55-ae0f-e54c-05fd-b1e76dc05a89@gmail.com> (raw)
Message-ID: <20160603002603.xsCWgEnF2u_01Ktqon1k8Kk1DsnoZ5bckm50SlOZ-x8@z> (raw)
In-Reply-To: <574F7B16.4080906@sr71.net>
On 06/01/2016 07:17 PM, Dave Hansen wrote:
> On 06/01/2016 05:11 PM, Michael Kerrisk (man-pages) wrote:
>>>>>>
>>>>>> If I read this right, it doesn't actually remove any pkey restrictions
>>>>>> that may have been applied while the key was allocated. So there could be
>>>>>> pages with that key assigned that might do surprising things if the key is
>>>>>> reallocated for another use later, right? Is that how the API is intended
>>>>>> to work?
>>>>
>>>> Yeah, that's how it works.
>>>>
>>>> It's not ideal. It would be _best_ if we during mm_pkey_free(), we
>>>> ensured that no VMAs under that mm have that vma_pkey() set. But, that
>>>> search would be potentially expensive (a walk over all VMAs), or would
>>>> force us to keep a data structure with a count of all the VMAs with a
>>>> given key.
>>>>
>>>> I should probably discuss this behavior in the manpages and address it
>> s/probably//
>>
>> And, did I miss it. Was there an updated man-pages patch in the latest
>> series? I did not notice it.
>
> There have been to changes to the patches that warranted updating the
> manpages until now. I'll send the update immediately.
Do those updated pages include discussion of the point noted above?
I could not see it mentioned there.
Just by the way, the above behavior seems to offer possibilities
for users to shoot themselves in the foot, in a way that has security
implications. (Or do I misunderstand?)
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
WARNING: multiple messages have this Message-ID (diff)
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: Dave Hansen <dave@sr71.net>
Cc: mtk.manpages@gmail.com, Jonathan Corbet <corbet@lwn.net>,
lkml <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
Linux API <linux-api@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Dave Hansen <dave.hansen@linux.intel.com>
Subject: Re: [PATCH 5/8] x86, pkeys: allocation/free syscalls
Date: Thu, 2 Jun 2016 19:26:03 -0500 [thread overview]
Message-ID: <5499ff55-ae0f-e54c-05fd-b1e76dc05a89@gmail.com> (raw)
In-Reply-To: <574F7B16.4080906@sr71.net>
On 06/01/2016 07:17 PM, Dave Hansen wrote:
> On 06/01/2016 05:11 PM, Michael Kerrisk (man-pages) wrote:
>>>>>>
>>>>>> If I read this right, it doesn't actually remove any pkey restrictions
>>>>>> that may have been applied while the key was allocated. So there could be
>>>>>> pages with that key assigned that might do surprising things if the key is
>>>>>> reallocated for another use later, right? Is that how the API is intended
>>>>>> to work?
>>>>
>>>> Yeah, that's how it works.
>>>>
>>>> It's not ideal. It would be _best_ if we during mm_pkey_free(), we
>>>> ensured that no VMAs under that mm have that vma_pkey() set. But, that
>>>> search would be potentially expensive (a walk over all VMAs), or would
>>>> force us to keep a data structure with a count of all the VMAs with a
>>>> given key.
>>>>
>>>> I should probably discuss this behavior in the manpages and address it
>> s/probably//
>>
>> And, did I miss it. Was there an updated man-pages patch in the latest
>> series? I did not notice it.
>
> There have been to changes to the patches that warranted updating the
> manpages until now. I'll send the update immediately.
Do those updated pages include discussion of the point noted above?
I could not see it mentioned there.
Just by the way, the above behavior seems to offer possibilities
for users to shoot themselves in the foot, in a way that has security
implications. (Or do I misunderstand?)
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-06-03 0:26 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 15:28 [PATCH 0/8] System Calls for Memory Protection Keys Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 1/8] x86, pkeys: add fault handling for PF_PK page fault bit Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 2/8] mm: implement new pkey_mprotect() system call Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 3/8] x86, pkeys: make mprotect_key() mask off additional vm_flags Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 4/8] x86: wire up mprotect_key() system call Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 5/8] x86, pkeys: allocation/free syscalls Dave Hansen
2016-05-31 15:28 ` Dave Hansen
[not found] ` <20160531152822.FE8D405E-LXbPSdftPKxrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2016-06-01 18:37 ` Jonathan Corbet
2016-06-01 18:37 ` Jonathan Corbet
2016-06-01 18:37 ` Jonathan Corbet
2016-06-01 19:32 ` Dave Hansen
2016-06-01 19:32 ` Dave Hansen
[not found] ` <574F386A.8070106-gkUM19QKKo4@public.gmane.org>
2016-06-02 0:11 ` Michael Kerrisk (man-pages)
2016-06-02 0:11 ` Michael Kerrisk (man-pages)
2016-06-02 0:11 ` Michael Kerrisk (man-pages)
2016-06-02 0:17 ` Dave Hansen
2016-06-02 0:17 ` Dave Hansen
[not found] ` <574F7B16.4080906-gkUM19QKKo4@public.gmane.org>
2016-06-03 0:26 ` Michael Kerrisk (man-pages) [this message]
2016-06-03 0:26 ` Michael Kerrisk (man-pages)
2016-06-03 0:26 ` Michael Kerrisk (man-pages)
2016-06-03 17:28 ` Dave Hansen
2016-06-03 17:28 ` Dave Hansen
2016-06-03 19:27 ` Michael Kerrisk (man-pages)
2016-06-03 19:27 ` Michael Kerrisk (man-pages)
2016-06-01 20:48 ` Arnd Bergmann
2016-06-01 20:48 ` Arnd Bergmann
2016-06-02 21:10 ` Dave Hansen
2016-06-02 21:10 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 6/8] x86, pkeys: add pkey set/get syscalls Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 7/8] pkeys: add details of system call use to Documentation/ Dave Hansen
2016-05-31 15:28 ` Dave Hansen
2016-06-01 16:43 ` Jonathan Corbet
2016-06-01 16:43 ` Jonathan Corbet
2016-06-01 16:46 ` Dave Hansen
2016-06-01 16:46 ` Dave Hansen
[not found] ` <574F114F.8010701-gkUM19QKKo4@public.gmane.org>
2016-06-01 16:49 ` Jonathan Corbet
2016-06-01 16:49 ` Jonathan Corbet
2016-06-01 16:49 ` Jonathan Corbet
2016-06-01 17:10 ` Dave Hansen
2016-06-01 17:10 ` Dave Hansen
2016-05-31 15:28 ` [PATCH 8/8] x86, pkeys: add self-tests Dave Hansen
2016-05-31 15:28 ` Dave Hansen
-- strict thread matches above, loose matches on Subject: below --
2016-04-11 15:54 [PATCH 0/8] System Calls for Memory Protection Keys Dave Hansen
2016-04-11 15:54 ` [PATCH 5/8] x86, pkeys: allocation/free syscalls Dave Hansen
2016-04-11 15:54 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5499ff55-ae0f-e54c-05fd-b1e76dc05a89@gmail.com \
--to=mtk.manpages-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=corbet-T1hC0tSOHrs@public.gmane.org \
--cc=dave-gkUM19QKKo4@public.gmane.org \
--cc=dave.hansen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.