From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dave Hansen Subject: Re: [PATCH 05/11] x86/fpu: set PKRU state for kernel threads Date: Thu, 18 Oct 2018 13:56:24 -0700 Message-ID: References: <20181004140547.13014-1-bigeasy@linutronix.de> <20181004140547.13014-6-bigeasy@linutronix.de> <39e0a55f-4920-cfde-9bef-09c51109d211@linux.intel.com> <20181018162644.qqjkzoqn2fleyi2b@linutronix.de> <20181018182538.vgotfpsdy7qxl2tg@linutronix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Cc: Andrew Lutomirski , LKML , X86 ML , Paolo Bonzini , Radim Krcmar , kvm list , "Jason A. Donenfeld" , Rik van Riel To: Andy Lutomirski , Sebastian Andrzej Siewior Return-path: In-Reply-To: Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: kvm.vger.kernel.org On 10/18/2018 01:46 PM, Andy Lutomirski wrote: > Setting it to allow-all/none would let the operation always fail or > succeed which might be an improvement in terms of debugging. However it > is hard to judge what the correct behaviour should be. Should fail or > succeed. Succeed. :) > But this is not the only loophole: There is ptrace interface which is > used by gdb (just checked) and also bypasses PKRU. So… Bypassing protection keys is not a big deal IMNHO. In places where a sane one is not readily available, I'm totally fine with just effectively disabling it (PKRU=0) for the length of time it isn't available.