Message ID | 20181004140547.13014-1-bigeasy@linutronix.de (mailing list archive) |
---|---|
Headers | show |
Series | x86: load FPU registers on return to userland | expand |
On Thu, 2018-10-04 at 16:05 +0200, Sebastian Andrzej Siewior wrote: > In v3 I dropped that decouple idea. I also learned that the wrpkru > instruction is not privileged and so caching it in kernel does not > work. Wait, so any thread can bypass its memory protection keys, even if there is a seccomp filter preventing it from calling the PKRU syscalls? Is that intended? Is that simply a hardware limitation, or something where we can set a flag somewhere to force tasks to go through the kernel?
> On Oct 4, 2018, at 9:45 AM, Rik van Riel <riel@surriel.com> wrote: > > On Thu, 2018-10-04 at 16:05 +0200, Sebastian Andrzej Siewior wrote: > > >> In v3 I dropped that decouple idea. I also learned that the wrpkru >> instruction is not privileged and so caching it in kernel does not >> work. > > Wait, so any thread can bypass its memory protection > keys, even if there is a seccomp filter preventing > it from calling the PKRU syscalls? > > Is that intended? > > Is that simply a hardware limitation, or something > where we can set a flag somewhere to force tasks to > go through the kernel? > > Hardware limitation.
On 2018-10-04 12:45:08 [-0400], Rik van Riel wrote: > Wait, so any thread can bypass its memory protection > keys, even if there is a seccomp filter preventing > it from calling the PKRU syscalls? We have SYS_pkey_alloc +free and SYS_pkey_mprotect. For read/ write of the register value, libc is using and opcodes. > Is that intended? Either that or it ended like that because someone failed to attend a meeting where this was discussed. Here is something from pkeys(7): | Protection keys have the potential to add a layer of security and | reliability to applications. But they have not been primarily designed as a | security feature. For instance, WRPKRU is a completely unprivileged | instruction, so pkeys are useless in any case that an attacker controls the | PKRU register or can execute arbitrary instructions. Sebastian