From: Thomas Gleixner <tglx@linutronix.de>
To: Aruna Ramakrishna <aruna.ramakrishna@oracle.com>,
Dave Hansen <dave.hansen@intel.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>
Subject: Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE
Date: Fri, 15 Mar 2024 18:36:04 +0100 [thread overview]
Message-ID: <871q8bl7nf.ffs@tglx> (raw)
In-Reply-To: <349322E5-5E6C-48D5-BA12-1CF47CE82930@oracle.com>
On Thu, Mar 14 2024 at 18:14, Aruna Ramakrishna wrote:
>> On Mar 14, 2024, at 10:54 AM, Dave Hansen <dave.hansen@intel.com> wrote:
>> The need for this new feature is highly dependent on the threat model
>> that it supports. I'm highly dubious that there's a true need to
>> protect against an attacker with arbitrary write access in the same
>> address space. We need to have a lot more information there.
>
> I thought the PKRU value being reset in the signal handler was
> supposed to be the default behavior. In which case, this is a bug.
>
> "Signal Handler Behavior
> Each time a signal handler is invoked (including nested signals),
> the thread is temporarily given a new, default set of protection
> key rights that override the rights from the interrupted context.”
>
> (Ref: https://man7.org/linux/man-pages/man7/pkeys.7.html)
>
> I'm not very familiar with protection keys (before I started looking
> into this issue), so I apologize for misunderstanding.
>
> fpu__clear_user_states() does reset PKRU, but that happens much later
> in the flow. Before that, the kernel tries to save registers on to the
> alternate signal stack in setup_rt_frame(), and that fails if the
> application has explicitly disabled pkey 0 (and the alt stack is
> protected by pkey 0). This patch attempts to move that reset a little
> earlier in the flow, so that setup_rt_frame() can succeed.
>
>> I haven't even more than glanced at the code. It looks pretty
>> unspeakably ugly even at a glance.
>
> I agree with you - no argument there.
It's a horrible hack.
> But I’m not sure there is a “clean” way to do this. If there is, I’m
> happy to redo the patch.
If it turns out to be required, desired whatever then the obvious clean
solution is to hand the PKRU value down:
setup_rt_frame()
xxx_setup_rt_frame()
get_sigframe()
copy_fpstate_to_sigframe()
copy_fpstate_to_sigframe() has the user fpstate pointer already so none
of the __update_pkru_in_sigframe() monstrosities are required. No?
Thanks,
tglx
next prev parent reply other threads:[~2024-03-15 17:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-14 17:29 [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE Aruna Ramakrishna
2024-03-14 17:54 ` Dave Hansen
2024-03-14 18:14 ` Aruna Ramakrishna
2024-03-14 18:30 ` Dave Hansen
2024-03-15 4:47 ` Aruna Ramakrishna
2024-03-18 17:32 ` Matthias Neugschwandtner
2024-03-15 17:36 ` Thomas Gleixner [this message]
2024-03-15 18:06 ` Aruna Ramakrishna
2024-03-15 18:43 ` Aruna Ramakrishna
2024-03-15 23:05 ` Thomas Gleixner
2024-03-18 17:25 ` Aruna Ramakrishna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871q8bl7nf.ffs@tglx \
--to=tglx@linutronix.de \
--cc=aruna.ramakrishna@oracle.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.