> On Oct 4, 2018, at 9:45 AM, Rik van Riel <riel@xxxxxxxxxxx> wrote: > > On Thu, 2018-10-04 at 16:05 +0200, Sebastian Andrzej Siewior wrote: > > >> In v3 I dropped that decouple idea. I also learned that the wrpkru >> instruction is not privileged and so caching it in kernel does not >> work. > > Wait, so any thread can bypass its memory protection > keys, even if there is a seccomp filter preventing > it from calling the PKRU syscalls? > > Is that intended? > > Is that simply a hardware limitation, or something > where we can set a flag somewhere to force tasks to > go through the kernel? > > Hardware limitation.
