Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT and change signal semantics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On May 2, 2018, at 3:32 PM, Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
> 
>> On 05/02/2018 03:22 PM, Andy Lutomirski wrote:
>> That library wants other threads, signal handlers, and, in general, the
>> whole rest of the process to be restricted, and that library doesn't want
>> race conditions.  The problem here is that, to get this right, we either
>> need the PKRU modifications to be syscalls or to take locks, and the lock
>> approach is going to be fairly gross.
> 
> I totally get the idea that a RDPKRU/WRPKRU is non-atomic and that it
> can't be mixed with asynchronous WRPKRU's in that thread.
> 
> But, where do those come from in this scenario?  I'm not getting the
> secondary mechanism is that *makes* them unsafe.

pkey_alloc() itself.  If someone tries to allocate a key with a given default mode, unless there’s already a key that already had that value in all threads or pkey_alloc() needs to asynchronously create such a key.

There is a partial hack that glibc could do. DSOs could have a way to statically request a key (e.g. a PT_PKEY segment) and glibc could do all the pkey_alloc() calls before any threads get created. Of course, a DSO like this can’t be dlopened().  We still need a way for pkey_alloc() to update the value for signal delivery, but that’s straightforward.



[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux