Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE

[Matthias Neugschwandtner]

On 3/15/24 05:47, Aruna Ramakrishna wrote:

> It’s not about the man page - it's just that, my understanding of this flow and this use case stems from there. I think we assumed that we can turn off pkey 0 and still be able to set up the alt sig stack (and have the kernel reset it to init_pkru anyway) - and when that didn’t work, it seemed like a bug. :)
>
> > In other words, you're not going to spur me into action my thwapping me
> > with the manpage that I wrote.  You've got to convince me that your new
> > use case is valid, this is the best way to support your new use case,
> > and that your implementation of the new feature is sane.
>
> Matthias/Eric,
> Can you please talk about the use case in greater detail?

Sure. The core use case we are trying to handle is inspired by the seminal 
ERIM paper [1] on using protection keys for in-process isolation. We want to
protect the memory regions of an application from corruption by a component 
that co-resides in the same address space.
Since all memory allocated by the main application is tagged with pkey 0 by 
default, we remove access to it when entering the component. If a signal is 
triggered at that time, the kernel subsequently fails to set up the signal 
handling stack.

Thank you,
Matthias

[1] 
https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner