[PATCH v6 0/4] rseq: Make rseq work with protection keys
From: Dmitry Vyukov
Date: Thu Feb 27 2025 - 09:17:45 EST
If an application registers rseq, and ever switches to another pkey
protection (such that the rseq becomes inaccessible), then any
context switch will cause failure in __rseq_handle_notify_resume()
attempting to read/write struct rseq and/or rseq_cs. Since context
switches are asynchronous and are outside of the application control
(not part of the restricted code scope), temporarily enable access
to 0 (default) PKEY to read/write rseq/rseq_cs.
0 is the only PKEY supported for rseq for now.
Theoretically other PKEYs can be supported, but it's unclear
how/if that can work. So for now we don't support that to simplify
code.
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: "Paul E. McKenney" <paulmck@xxxxxxxxxx>
Cc: Boqun Feng <boqun.feng@xxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Aruna Ramakrishna <aruna.ramakrishna@xxxxxxxxxx>
Cc: x86@xxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Dmitry Vyukov (4):
pkeys: add API to switch to permissive/zero pkey register
x86/signal: Use write_permissive_pkey_val() helper
rseq: Make rseq work with protection keys
selftests/rseq: Add test for rseq+pkeys
arch/x86/Kconfig | 1 +
arch/x86/include/asm/pkeys.h | 30 ++++++++
arch/x86/include/asm/pkru.h | 10 ++-
arch/x86/kernel/signal.c | 6 +-
include/linux/pkeys.h | 31 ++++++++
include/uapi/linux/rseq.h | 4 +
kernel/rseq.c | 11 +++
mm/Kconfig | 2 +
tools/testing/selftests/rseq/Makefile | 2 +-
tools/testing/selftests/rseq/pkey_test.c | 98 ++++++++++++++++++++++++
tools/testing/selftests/rseq/rseq.h | 1 +
11 files changed, 188 insertions(+), 8 deletions(-)
create mode 100644 tools/testing/selftests/rseq/pkey_test.c
base-commit: dd83757f6e686a2188997cb58b5975f744bb7786
--
2.48.1.658.g4767266eb4-goog