From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9433C77B75 for ; Mon, 15 May 2023 14:28:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2DEBE900003; Mon, 15 May 2023 10:28:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 26889900002; Mon, 15 May 2023 10:28:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0BBF6900003; Mon, 15 May 2023 10:28:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id EC0AA900002 for ; Mon, 15 May 2023 10:28:35 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 8DC97406A5 for ; Mon, 15 May 2023 14:28:35 +0000 (UTC) X-FDA: 80792720190.01.10C1F28 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by imf27.hostedemail.com (Postfix) with ESMTP id EE30C40002 for ; Mon, 15 May 2023 14:28:31 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Ebtm8Uck; spf=pass (imf27.hostedemail.com: domain of dave.hansen@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=dave.hansen@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684160912; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QN9RhwORxAG/aP7/kp6kBHRyhjUF7RylPHPAjK6l7vo=; b=O8L7fcfVsGbiFoYcLSdlYD70qATbAjtc5dQZmaDgewtEqPFsStKzT4N1KxDiMIO02Chlgl 9lREZ/168TjoypT/dqeQp9hw58IwFEk0SjT8XNsub7bdGA7z00Z7tX17OceNi5lrbx6m1Z 21DFJFQ0kZxizVy7eX3tRD/Vn+15SSg= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Ebtm8Uck; spf=pass (imf27.hostedemail.com: domain of dave.hansen@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=dave.hansen@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684160912; a=rsa-sha256; cv=none; b=vHDBG5w8ZDkk9OpnrYXzpnDpgWt1pzDv4LMNOuI65fjMBcVFQdvZX6WCIdU4mxRFnZWjzX 29E4TPJO9pDZtC3fX7XbroWCsVqZrNHUAQuP5uwBafC8g//WvjBX5enP+HDmkfnkTvoCJg A0LHSknEsWKa7SOLVbJQbQv0JwU5IUA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684160912; x=1715696912; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=xfYqN7JzCkoWyoq5r778vSA22m35h9Rh/Z7ivVg+D70=; b=Ebtm8Uck/biVnq6qMlpkSClKCdTtQHuedezkAOXEoxQ9xRUQSzAzgB5b Rbl/AYuDw4OjoUNOX+g/3TGAoEco6lwRDm/HyuR6+1CPjXfjfl9ucskLw pzNn3oaB3nrNbBe/p9tTN0YZhaUJobvrXq+1cKZ6EhPo7dcxGGl2ouSCf HR5e4VR3AcoknwAIZ2GoK+39mHiZ3czlZv7wP38t9hzgViJqBU5gUbyLF 9P/ldCw3yLTFz00Bbxe35nVRVx9tCAW0kHOm5jDgzUvc7woaweNfY7wvz CNE5+NKfOGRYxQHo91g1xR3+InvJ67Bn04r/KCf3NdCd4+V56l3VKKz6I g==; X-IronPort-AV: E=McAfee;i="6600,9927,10711"; a="354372405" X-IronPort-AV: E=Sophos;i="5.99,276,1677571200"; d="scan'208";a="354372405" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2023 07:28:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10711"; a="733897472" X-IronPort-AV: E=Sophos;i="5.99,276,1677571200"; d="scan'208";a="733897472" Received: from satwikja-mobl.amr.corp.intel.com (HELO [10.212.213.112]) ([10.212.213.112]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 May 2023 07:28:30 -0700 Message-ID: <2bcffc9f-9244-0362-2da9-ece230055320@intel.com> Date: Mon, 15 May 2023 07:28:29 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH 0/6] Memory Mapping (VMA) protection using PKU - set 1 Content-Language: en-US To: jeffxu@chromium.org, luto@kernel.org, jorgelo@chromium.org, keescook@chromium.org, groeck@chromium.org, jannh@google.com, sroettger@google.com Cc: akpm@linux-foundation.org, jeffxu@google.com, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org References: <20230515130553.2311248-1-jeffxu@chromium.org> From: Dave Hansen In-Reply-To: <20230515130553.2311248-1-jeffxu@chromium.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: EE30C40002 X-Stat-Signature: sxhr9duunymzs1kozfu9k1zdoc359d13 X-HE-Tag: 1684160911-858255 X-HE-Meta: U2FsdGVkX1+CPxWhEmp68mbAf+AVvdrLc4ju0tv/NQXrwsp+s4jQ9FEQfetQl00jbK/JsUMk/ORIdvap4LLwUAEvhEkDZu7JWXeKF6D/7SpbXD+mlEaxQBAp9cHEmlXl5irySepunNmxZiccf8Pva1ecEDvlYB4HR1wPHd/S3adJChnPAemK3RvBx4vJfJThFEGlbPMOb+wR/aeRBNvSf/V/u/VlhkTFAEmDn4CLineLh6bmUTJ92lNScHZYdb4c+n5Ok4ugsUPagoeUgbUnAX5kfssSY/4u1TimXBZmfraXl+SD05X9F3ByvAqH8KmTwhQKA4ptgh6wHshkqwoQciBYFKWHizzZW0MEJLXBEjnbAZQHpSNc/EQaA2QP8Vh7tEY+QbL9Zb+OuuLKDA5soS7WNeZ4wMvb9xdsvZRh/8WimxsOaRRipZ7rXLpwQnywO9YD1PxibWSvTtfoY9vQfOeXR3gcEEGSPgNnVdTIFQudbY8Y3GTSA0lc+pgDHNb2sLHLWpki4pfG119CDpncM/pZD3lckptdTcvXryx0CwsbyCtQtzGetpRqgtgCPQkGeZQ+eXSEA3MIJV+jnEmcj4pTF0ah+x+GwjzJsiY+oycp7ubTP8G2eEj8eWctwmXF6UWkyLysUkVeEwz69t0XufydQxIZ4xXbQPcDyMvxqyA7XJwPK7Fz7fm48LbyZhArTjUzFyEcSCfhqKyh/Ea2ACe7bvb8Mi7Xzj1OgOlxxySk64t5jvieUonchL51wTP7iob+G3pa2+YGeqnPmwtawEZ0urRJ/sRWkKlvyNusEep0vDMyclThWFvc8Gl9XWDBLQuEaT2pWMn9PiD5dyPsIb+hKozT/PY/tziSyUQTW1KsHIDqeHYSYog9RtxSokOd2wzfTcdPMJzl500gGFJ/0mSOHFNQgoU0u9jeNkE1Q186pFBvng2yjVPFtRac6DbeO0zQuA9XfJR8s7hc6jC uOBc8VVc WbEAL/mP+bkNL54PXrj391YZxpc1hr5LSEIRY0oKVWJgo3QuIo023+w61PjruO95JawGQIalKIsXuYeCuC1i5EMh0kteCwuhBsgHZJMEW9MSvtinShyhdKnly0CeuS7AC4T4PxlQQi/Bb0AEKbGs3wKieQcI5z3ur8h18NTAbdoz4jK4onNiy0S/ff/oX84xvt3IPyg0Zi7pgZA85UPDZfF75dbBxoMEtjvSCslxSk8xOOA4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 5/15/23 06:05, jeffxu@chromium.org wrote: > We're using PKU for in-process isolation to enforce control-flow integrity > for a JIT compiler. In our threat model, an attacker exploits a > vulnerability and has arbitrary read/write access to the whole process > space concurrently to other threads being executed. This attacker can > manipulate some arguments to syscalls from some threads. This all sounds like it hinges on the contents of PKRU in the attacker thread. Could you talk a bit about how the attacker is prevented from running WRPKRU, XRSTOR or compelling the kernel to write to PKRU like at sigreturn?