Re: MPK: pkey_free and key reuse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/09/2017 06:48 AM, Florian Weimer wrote:
> On 11/08/2017 09:41 PM, Dave Hansen wrote:
>>> (B) If a key is reused, existing threads retain their access rights,
>>> while there is an expectation that pkey_alloc denies access for the
>>> threads except the current one.
>> Where does this expectation come from?
> 
> For me, it was the access_rights argument to pkey_alloc.  What else
> would it do?  For the current thread, I can already set the rights with
> a PKRU write, so the existence of the syscall argument is puzzling.

The manpage is pretty bare here.  But the thought was that, in most
cases, you will want to allocate a key and start using it immediately.
This was in response to some feedback on one of the earlier reviews of
the patch set.

>> Using the malloc() analogy, we
>> don't expect that free() in one thread actively takes away references to
>> the memory held by other threads.
> 
> But malloc/free isn't expected to be a partial antidote to random
> pointer scribbling.

Nor is protection keys intended to be an antidote for use-after-free.

> I think we should either implement revoke on pkey_alloc, with a
> broadcast to all threads (the pkey_set race can be closed by having a
> vDSO for that an the revocation code can check %rip to see if the old
> PKRU value needs to be fixed up).  Or we add the two pkey_alloc flags I
> mentioned earlier.

That sounds awfully complicated to put in-kernel.  I'd be happy to
review the patches after you put them together once we see how it looks.

You basically want threads to broadcast their PKRU values at pkey_free()
time.  That's totally doable... in userspace.  You just need a mechanism
for each thread to periodically check if they need an update.  I don't
think we need kernel intervention and vDSO magic for that.

--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux