From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA703C77B75 for ; Tue, 16 May 2023 20:08:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D364900003; Tue, 16 May 2023 16:08:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 65BB9900002; Tue, 16 May 2023 16:08:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4FD84900003; Tue, 16 May 2023 16:08:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 3FD7D900002 for ; Tue, 16 May 2023 16:08:48 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 09A301A03FA for ; Tue, 16 May 2023 20:08:48 +0000 (UTC) X-FDA: 80797206336.27.775AE4D Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by imf15.hostedemail.com (Postfix) with ESMTP id 2C630A000B for ; Tue, 16 May 2023 20:08:45 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bnALCqwx; spf=pass (imf15.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.44 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684267726; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=u/V262qUw8XfF74g/94L9IkQoQb0N+5s9JpBNYIOMEA=; b=6nJ8uT7b985baFSp+pmX4YdSC8+Ha0vBuuUnVwkcJjbd27qPN55TD9NS5iPJhFM+C8wxGD U3Whe561YusbpjbqRujIBQ8NLnrCq24BuNVolqtVh2VIJ+yefqvv60P96Qv1H+0s3I71BJ sMaMW9zdGkIGrNkJJGchheo39mvCqqg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684267726; a=rsa-sha256; cv=none; b=Hn/i3d1934+crr1Mn+OmoFBttqVJhMRb2z3DIWlGc+t90icDxFxe4/CBovkViQalbXTDQD +9Bvr8oM+GT5/x37tSYrpZKYXOkSew6bHH+MjbwMblkju4bkCBTM7DHCPWn5rT5HKLqWPU s7wZdGC5tm97iqSdBdU5T3ull1hWOKk= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bnALCqwx; spf=pass (imf15.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.44 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-24e015fcf3dso58546a91.3 for ; Tue, 16 May 2023 13:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1684267725; x=1686859725; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=u/V262qUw8XfF74g/94L9IkQoQb0N+5s9JpBNYIOMEA=; b=bnALCqwxahspYiDsnD2PGqKtgwldIRdNo0VP23zL3wOvjH/is3DvQ9CoNkXBPWId9S NoVsQmQhLs4CWxtdpZ1ESPDhZotmLPf7b6pt0ngExFaKxyE3s/NaYNMXxrovY94oSM/h bLxopQw8iITqoQAiG/LEFjSNUhdlf6rH6bGqA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684267725; x=1686859725; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u/V262qUw8XfF74g/94L9IkQoQb0N+5s9JpBNYIOMEA=; b=SxO+SzXz+ScoTnU1C9JyIyhS8yfbAC8w8cULEXFekcUv8Uhmv/REYi+PmFiXpQKaFh 8jxJj//aAoHURj1S7ji3d9RFmG2nks8kmp42M90shHd2yEKaYounOh1en1/zsnQm9Of4 66xowVQsWdc5W4oaV9DrPk2FE2VYfS6jL7td2WjUXqUWsjWuJRzW9bXrvLpTMDjQd1ma oZkDgNKFH3/dXwEht7B0WbJCoUwQkLVOcXdh1IEHZpB6m/9O9HNIdSaNPPCoZ1QMMkrg YUQD6WtK3aZHeJmdwAVG7baiWqXclWBGKO3LyLpMadQ8Nqij4CoS6otvNkeuWTDzynKO flOg== X-Gm-Message-State: AC+VfDynXE2Be1v18l5jobc6Axt8sMRb4Kw8P5wZvEt6NPNj6zEJaRhD 9EiqmNjx5iCkWatU1TuyLIaH/g== X-Google-Smtp-Source: ACHHUZ6zYFxFN3um3mtqJr+uTQ5/Uy0JJzJJ5VCvYr/ssY4KnXlflGz6rnLj2XWp6sVUGOYly/A+uA== X-Received: by 2002:a17:90b:234f:b0:250:2d63:7b79 with SMTP id ms15-20020a17090b234f00b002502d637b79mr39485711pjb.43.1684267725084; Tue, 16 May 2023 13:08:45 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id c6-20020a170902c1c600b001a194df5a58sm15983487plc.167.2023.05.16.13.08.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 May 2023 13:08:44 -0700 (PDT) Date: Tue, 16 May 2023 13:08:44 -0700 From: Kees Cook To: jeffxu@chromium.org Cc: dave.hansen@intel.com, luto@kernel.org, jorgelo@chromium.org, groeck@chromium.org, jannh@google.com, sroettger@google.com, akpm@linux-foundation.org, jeffxu@google.com, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH 0/6] Memory Mapping (VMA) protection using PKU - set 1 Message-ID: <202305161307.4A16BB6A47@keescook> References: <20230515130553.2311248-1-jeffxu@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230515130553.2311248-1-jeffxu@chromium.org> X-Stat-Signature: fjmncgcusxcmhicjcu817u96h91f4nji X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 2C630A000B X-HE-Tag: 1684267725-480702 X-HE-Meta: U2FsdGVkX197FR1DTxcZ/4YIHSVWHhu2+91RetGov9v+hv2MhR52thsaHse2aYVRLboce9gQCcnwueXh0wYutRNFBljD9C9L59vgPW4iDYgliS3Cb80D/ZCPCdF2K+8+467veuB57TnOXvvV+qKgkzacVsH+wbBRUSL35EbEHJSyO2T5kkwchBIEGNF8rZp2FcA/xVT6Fdh9rz/yQWkAsLMd43hpecNhOfyLFPu5S87jqi1/yzBeAC93ocDSQV2LMSg9XVVL1mHpeJSYiCCu86RyJc+LWctiXURnbZf8jNc8FrRzWoymP+mVgVb2ElOMk2VPP6NnXn7mXtk6nH/0HrbKOiCr/zeJfJeNYDFp/VfEb3ulIBHgEg3jfvHZFe0GnLfkt8KLmfPpnwvH+S9uPNaUOX3I9csEevs7gaQvCBMbhGpTX9c7W3sJJlIoL+N+Ce70dZGLGhxMi2AYgYGEhmsD5D5goSYrGBvT8+kV2Nz8ZhHzSZ4RxJpkDuPItLZzXdWzhtYIDcLRy18gL2yTEE4lc6zkliXUstH2zDE1R0lVxNKcBEejSHH836HYCPZPMWRdcwvay4V6MYhKHi7KvflbjmHqLlvVI9+6SDahOYZZGZE59IyWHqR63B4qf/0sJ+vc2Wt1d5EHu+Hg55/FYhu8LgS6oxnAkOemoL20MM9tY3q5xCAArHqWV8CRWLFHwtV2RQze1aCJ5RfpO+bCG7+uy8i+h7FGKq2qqgnp13M5MDd/F7aZPTC9FHJ0htGeYWpxAkbFedyCHoYRydwhCxzQ7zPnEyTm6ImiAh9j4459Wr1s94CSYWJNlOdHi0BCcSLzkfL4n8DKdUE1jyiCcsb7Dx7lVFEXeMAH8IQfsp9bks5QdgbS86w+hWzpijlqLq9lvRO0W+cLlmaB2hXRIHfMEiy5PYLmIKiAZjpT9kdnL7d1anyhrYTltWE2E9SQousQogneHfB5FPT1C/d xcVapaxN nPqUFMxbg7AW4UVTijjkA8Sgq65aE1u4/ztaf+0LICvMFt6K4td9zkvQ05fYEDRqR5Oaw2IBT8kCXze3wxRzSM0dQKcBvAX1MrvtgT5oPMI9I023sios5EUHzDZILds9El6Xu8OOUboFjBMhGk4d/OJFG+QIli/rlCh9GszcH0Onk7Zz4g8imS08ZANhSI6XrBijrmiM3ZwIXlFn3Ev/pZYr7o03M4W5bjArYyWee3VsbfgkTZf194sxTGRHDPQ+rOy+B3W4RdxOJU75OUehn2E49F3bPqknUAQ6wn6IoFFCje9FIe3R6kcLI/8sCEPFDXtdMvvFKnHKvphODRwX6zS0Z81IzKkMTKQNSh8WQRvZngOSnJD9OB1PAg1NeOSOOZ6f3ykm/+Dxv9ti17qD3nOJoCIbEZkgC5jNtYNyfL+PUXAmcFhC4LYHC7g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, May 15, 2023 at 01:05:46PM +0000, jeffxu@chromium.org wrote: > This patch introduces a new flag, PKEY_ENFORCE_API, to the pkey_alloc() > function. When a PKEY is created with this flag, it is enforced that any > thread that wants to make changes to the memory mapping (such as mprotect) > of the memory must have write access to the PKEY. PKEYs created without > this flag will continue to work as they do now, for backwards > compatibility. > > Only PKEY created from user space can have the new flag set, the PKEY > allocated by the kernel internally will not have it. In other words, > ARCH_DEFAULT_PKEY(0) and execute_only_pkey won’t have this flag set, > and continue work as today. Cool! Yeah, this looks like it could become quite useful. I assume V8 folks are on board with this API, etc? > This set of patch covers mprotect/munmap, I plan to work on other > syscalls after this. Which ones are on your list currently? -- Kees Cook