Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE
From: Matthias Neugschwandtner
Date: Mon Mar 18 2024 - 13:33:09 EST
On 3/15/24 05:47, Aruna Ramakrishna wrote:
It’s not about the man page - it's just that, my understanding of this flow and this use case stems from there. I think we assumed that we can turn off pkey 0 and still be able to set up the alt sig stack (and have the kernel reset it to init_pkru anyway) - and when that didn’t work, it seemed like a bug. :)
In other words, you're not going to spur me into action my thwapping me
with the manpage that I wrote. You've got to convince me that your new
use case is valid, this is the best way to support your new use case,
and that your implementation of the new feature is sane.
Matthias/Eric,
Can you please talk about the use case in greater detail?
Sure. The core use case we are trying to handle is inspired by the seminal
ERIM paper [1] on using protection keys for in-process isolation. We want to
protect the memory regions of an application from corruption by a component
that co-resides in the same address space.
Since all memory allocated by the main application is tagged with pkey 0 by
default, we remove access to it when entering the component. If a signal is
triggered at that time, the kernel subsequently fails to set up the signal
handling stack.
Thank you,
Matthias
[1]
https://www.usenix.org/conference/usenixsecurity19/presentation/vahldiek-oberwagner