From: Ingo Molnar <mingo@kernel.org>
To: Kyle Huey <me@kylehuey.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>, Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
linux-kernel@vger.kernel.org,
Robert O'Callahan <robert@ocallahan.org>,
David Manouchehri <david.manouchehri@riseup.net>,
kvm@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] x86/fpu: Allow PKRU to be (once again) written by ptrace.
Date: Wed, 3 Aug 2022 19:25:38 +0200 [thread overview]
Message-ID: <Yuqvkufu7Hu4drL6@gmail.com> (raw)
In-Reply-To: <CAP045ArF0SX84tDr=iZoK=EnXK2LsXYut3-KMkCxQO2OOhn=0A@mail.gmail.com>
* Kyle Huey <me@kylehuey.com> wrote:
> > Also, what's the security model for this register, do we trust all
> > input values user-space provides for the PKRU field in the XSTATE? I
> > realize that WRPKRU already gives user-space write access to the
> > register - but does the CPU write it all into the XSTATE, with no
> > restrictions on content whatsoever?
>
> There is no security model for this register. The CPU does write whatever
> is given to WRPKRU (or XRSTOR) into the PKRU register. The pkeys(7) man
> page notes:
>
> Protection keys have the potential to add a layer of security and
> reliability to applications. But they have not been primarily designed as
> a security feature. For instance, WRPKRU is a completely unprivileged
> instruction, so pkeys are useless in any case that an attacker controls
> the PKRU register or can execute arbitrary instructions.
Ok - allowing ptrace to set the full 32 bits of the PKRU register seems OK
then, and is 100% equivalent to using WRPKRU, right? So there's no implicit
masking/clearing of bits depending on how many keys are available, or other
details where WRPKRU might differ from a pure 32-bit per thread write,
correct?
Thanks,
Ingo
next prev parent reply other threads:[~2022-08-03 17:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-31 5:03 [PATCH] x86/fpu: Allow PKRU to be (once again) written by ptrace Kyle Huey
2022-08-03 9:03 ` Ingo Molnar
2022-08-03 15:12 ` Kyle Huey
2022-08-03 17:25 ` Ingo Molnar [this message]
2022-08-03 17:33 ` Paolo Bonzini
2022-08-03 17:35 ` Kyle Huey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yuqvkufu7Hu4drL6@gmail.com \
--to=mingo@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=david.manouchehri@riseup.net \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=me@kylehuey.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=robert@ocallahan.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox