From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2D7BAC77B75
	for <linux-mm@archiver.kernel.org>; Tue, 16 May 2023 22:17:51 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id AE86D900003; Tue, 16 May 2023 18:17:50 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A98B8900002; Tue, 16 May 2023 18:17:50 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 9607D900003; Tue, 16 May 2023 18:17:50 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 85A02900002
	for <linux-mm@kvack.org>; Tue, 16 May 2023 18:17:50 -0400 (EDT)
Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id 55FCAADD1C
	for <linux-mm@kvack.org>; Tue, 16 May 2023 22:17:50 +0000 (UTC)
X-FDA: 80797531500.24.BED9D4A
Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47])
	by imf30.hostedemail.com (Postfix) with ESMTP id 74A4680011
	for <linux-mm@kvack.org>; Tue, 16 May 2023 22:17:48 +0000 (UTC)
Authentication-Results: imf30.hostedemail.com;
	dkim=pass header.d=google.com header.s=20221208 header.b="o2yls/45";
	spf=pass (imf30.hostedemail.com: domain of jeffxu@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=jeffxu@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1684275468;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=DFM3fAYlTPBxQGmteO/2uHFhqAyi1JN0aT26xTBpePY=;
	b=sT/iOhpNC+ad5X6E9Md3ee6n1bZgQOxuyxgBJcg2y2UnDSbOD/ayNOI3PxXwxFOPb8n4ln
	GZ7Iw1g1uWCm5rOAz0uxAU9RQynwnzIMH2xlZqLAxGNgtGtY1YmpmUokcHDz4X4XggGZ3p
	xOkMgnBj5AYPEO5vvHcam85H0ow3K9Q=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684275468; a=rsa-sha256;
	cv=none;
	b=M1cRvkFHj+b7SLPQyI0EGnDThZ3fST+INRrRh+buU+DwgAuUQM7Kqkz9bqIxRS6KrJS4yO
	Hor8RqZlEEADYH5KMpGSwCPUCHWwYpt3nzz/HWkXuG70StrxG9W7uCiunTBVNdTXZx6K4e
	+Z0js91wTpW8oUprKgcNuCHDDXXLehw=
ARC-Authentication-Results: i=1;
	imf30.hostedemail.com;
	dkim=pass header.d=google.com header.s=20221208 header.b="o2yls/45";
	spf=pass (imf30.hostedemail.com: domain of jeffxu@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=jeffxu@google.com;
	dmarc=pass (policy=reject) header.from=google.com
Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-50dba8a52dcso1613a12.0
        for <linux-mm@kvack.org>; Tue, 16 May 2023 15:17:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1684275467; x=1686867467;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=DFM3fAYlTPBxQGmteO/2uHFhqAyi1JN0aT26xTBpePY=;
        b=o2yls/45s0xkZRgXdYp9Llp5QvwSiw2Yins46NJBQ93VxSzpcVos6BkD9ZuzWFA6zU
         OLiA/M6Ocvy+P4BEWoZdomhusGCoMMqAFW61552mNjMRB4VeIol0mTshVg5jouXKuObl
         Qj7ybH1dkgrkD5EEkwaYEi3zN4P4l5qGIq5z9AwQNzUOGmyRuM62BwnbBdj6zPnZ0v4B
         gdKf2Eq2CjxCfpZB1geOeSvb6FtBgiO4ynAq+LDyuAWeuAucwu30IDaI3JRef9OAg43t
         m+dXn+w3YLkbCgdi1d7j3HJbtKxXGw15d65FITdPhLK6pSsk9JI6fdnBe39mHtctSmcS
         Shgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1684275467; x=1686867467;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=DFM3fAYlTPBxQGmteO/2uHFhqAyi1JN0aT26xTBpePY=;
        b=PZtf2WsNqGvzkypaI8hmIi0UT5/mMbc45OGIosFBwbK+JDWEIrp1Bx7hKVFMW+DgKP
         AZK3MGTklSMMtjCjAKyU/AVh6dMQwU4law0WJvmiz6tr/VPNIszerOwN49ql6KpzpNgT
         Wigb40gB6vI2l87HWzgkUGseVnu/KKor71QCzSOwgmV1wQ0HtzvXVXXuypgZOsneonuJ
         g+4dOA03IMcspss96tkQbyD5VbYGcVnq5SCYDmtztq3AyUo1lcWfVclWvhYTjL+5u8RY
         rUvBSUIsIG02ud16zcbtMwAJHZ0tP59JbFhQJVG/jB1GfelTStGq+JKOoUegXr9GoxrQ
         3esQ==
X-Gm-Message-State: AC+VfDwCYpc+ZnjYIpfWaabf8UXHOo2yDRC81jdHKtEgZGIrJjOo5Bn/
	Rht9OORoGHTsbbFWIH+tB1Nsd7/R9IWaIkH3/KszFw==
X-Google-Smtp-Source: ACHHUZ4kIdAG/+KEv1wYdz2uXbEvowoCYDRdQ98dgmPo2TYOqhB/KFXxkuuo4dMNQNDQo21ejrglf36AsKWL2Iuky8U=
X-Received: by 2002:a50:aadd:0:b0:50b:f6ce:2f3d with SMTP id
 r29-20020a50aadd000000b0050bf6ce2f3dmr51714edc.0.1684275466605; Tue, 16 May
 2023 15:17:46 -0700 (PDT)
MIME-Version: 1.0
References: <20230515130553.2311248-1-jeffxu@chromium.org> <202305161307.4A16BB6A47@keescook>
In-Reply-To: <202305161307.4A16BB6A47@keescook>
From: Jeff Xu <jeffxu@google.com>
Date: Tue, 16 May 2023 15:17:09 -0700
Message-ID: <CALmYWFteCd+h+tn+LmgTpN9Ld5=qAMMQ34=b1KCoE3OSBun+DQ@mail.gmail.com>
Subject: Re: [PATCH 0/6] Memory Mapping (VMA) protection using PKU - set 1
To: Kees Cook <keescook@chromium.org>
Cc: jeffxu@chromium.org, dave.hansen@intel.com, luto@kernel.org, 
	jorgelo@chromium.org, groeck@chromium.org, jannh@google.com, 
	sroettger@google.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, 
	linux-kselftest@vger.kernel.org, linux-mm@kvack.org, 
	linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Stat-Signature: dzdthdqkbcwamgx7zm8xrfsmiyy5pefu
X-Rspamd-Server: rspam03
X-Rspam-User: 
X-Rspamd-Queue-Id: 74A4680011
X-HE-Tag: 1684275468-463604
X-HE-Meta: U2FsdGVkX19zvGhPNL29eMz1whZrBNSAU2+Z8N9N4eS4Jg4r+048CdCJ/av1S6qL7pGx4p+g4/SurwsyLsiW7Aov4zYoYbwNCh8QG1eXejE65g7/BVsSQavU4u4Oyl/pe8rALnCFw7NaIlKx3hsRRXzpL5BwP2kSxPUkDZ2pLP1P19uxsrenO9jqT3CuMJ28S99DIJRb2GpwOUwGEtq0PM2WdyejmQ97xSvweKiGN928lp9rHwf1Y325Kvdk1M1hk9MgwHiKsr1JWV2QTBYl2eavE26oonDhRV7I+OKQ6AAEG0x9dRVc9XF1pw/iMNUlGy8LE6sZdxf6lrvlyyWm5gwnoeqPsEpqewa2Q0r1oj5X1dB3rPl0xYAJnRZ8o+Tf5PlAKB2iZqHAdCfWvDcQ419suXq5czVIHOwm7dGOcbr+47ZAos+mdCsCcipKg9MHoPAgfEWgvTs0CTn1nJgP7MIylZG8rjr4HwJ97AEKxubt2WPIop9dwPcsBiRRVTiw8ezbphpU2VJjGy6/0aC7Vkc+/8lajXjion+snQgCLN6v2CfOcq0OZP08DYXmnetSf0luqe2UZqcPIoFgd5eKkctbpNHJ7gyAT7OnSMmsv23mp7jkU3+C8UhFox/NCaToU0dkBw05PyyVy65KaNrw4Ov28xUSzf0qLQrSkdx8TvM54ONOsyUrC1azOY+r+YN5yt+aOnhWrGRhc2crd+3TQMyj0FuDn4MxvpR4FDX2Lm8FLJ4NVaVzSh0xGztygUFIL8PjxDPPYyKJwUoj0x+7kRxpf+4Zr1SjqFEW5Tr5Wl1zTsw5YQ4WAxdKLntbSzfXeP3hJTH8gAozlz5YbS57HKlFiC3Tu0wP9ww6PEljGBl3/lQRQbklhil1RyqsjQvudBQ0EcEN72aIkNpBXl5++mUzw3lLwr9LU7N2oLRh1iS+eM4EbruQp8CgAFOn8W3MHvqH8mtmoqgaB7hgISE
 bRRwrDA0
 n1eYBnRjttL3wbF1trXlJ5luSKnt9fYX1lu0LSk+fVsq9PcdFAm+3sVh5ed70wHVEfitEBWGBpU4SmHTFyy7Pq77S00+9cIB0UpmpuSUFHznz6m7SMYV111pN3Rp11EQnE9fcdIydmaEnvBedBPGedlbUFkNVLboiCKO0bqxCTxP53fMrIDKZCStCmF6VRA9k14ugVN8QR4wJCr6gbpr+gc/GKYV7D/wkLQ05mHGfcBW5IpfGkCsH6JCWvIgj7fhXp/naBKsdcXzKG2wC3ybd7guKonE/2arrvX+W
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, May 16, 2023 at 1:08=E2=80=AFPM Kees Cook <keescook@chromium.org> w=
rote:
>
> On Mon, May 15, 2023 at 01:05:46PM +0000, jeffxu@chromium.org wrote:
> > This patch introduces a new flag, PKEY_ENFORCE_API, to the pkey_alloc()
> > function. When a PKEY is created with this flag, it is enforced that an=
y
> > thread that wants to make changes to the memory mapping (such as mprote=
ct)
> > of the memory must have write access to the PKEY. PKEYs created without
> > this flag will continue to work as they do now, for backwards
> > compatibility.
> >
> > Only PKEY created from user space can have the new flag set, the PKEY
> > allocated by the kernel internally will not have it. In other words,
> > ARCH_DEFAULT_PKEY(0) and execute_only_pkey won=E2=80=99t have this flag=
 set,
> > and continue work as today.
>
> Cool! Yeah, this looks like it could become quite useful. I assume
> V8 folks are on board with this API, etc?
>
> > This set of patch covers mprotect/munmap, I plan to work on other
> > syscalls after this.
>
> Which ones are on your list currently?
>
mprotect/mprotect_pkey/munmap
mmap/mremap
madvice,brk,sbrk

Thanks!
-Jeff Xu

> --
> Kees Cook