Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1214536imu; Tue, 20 Nov 2018 13:39:38 -0800 (PST) X-Google-Smtp-Source: AFSGD/UNeb+7bsHU9fCifdJBFWbPPwVZEFf14H8CuGd8uSl5Q4bAfc8cHCZgqpo8VIUNFvFZOWej X-Received: by 2002:a17:902:622:: with SMTP id 31-v6mr4007813plg.310.1542749978326; Tue, 20 Nov 2018 13:39:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542749978; cv=none; d=google.com; s=arc-20160816; b=kluNmaQPqnHeJ5UDywlHLqQrQuLRAVc5EiBWeeWIyBjgEJGrovjWDteJV0OCpAlNCr MntVhx6PVqDQE97doG6vEQHiuC0E9I/Z0L+IgVUYBXxqhuVmDAoxA1/MMqYsNb0XLF8Y q+mzogQ7GKyHi+QT97MhR25+wQCSDtAzK/FpQ2M6MoPNP2wdebs5nGX5/SVTCtr1J/p3 9Zy/vF4MPFX8LO8YshzlZVkRg4VP+3GhHI4bfpzLSXvgVj/0ODV4UcaXvV2F06JvSKZI hQ4ps0DHRpActuF41uzmzAInCFWODAJqM1jkQveTIiSW6hc3mPbzM26X9QTP0ysnpCKD RwmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=7MTTKf+Xmgc1NDVDg/0c4qismRxbrIPZnukJOiiF86c=; b=clCjpITaACzOaROLo1ifTvCJzoET58Hp8f2GTdSGFxAYjBx9dFK8HfxfQIGJhbmVx+ xbwKQc/XXK2MlRWnRtGM22aJ6DXMtFuWSAkMJjVi0gBh6NC6uCv1l/glLCPmK51PlWw6 FeQceMlBhEFm7LweJKohE0l+iw8CkDB8uaFiWHLdP/vbwjNuRQcVpfcz5izs3OWdHJeJ FMu8xoSeE433nEMWch0szJ/gXP8Bmejde4LvQMZFl15vm/Md6w6UKAFAiM+Cbm9aTEll JrEMIxaVFy9UbSmtCoMJid9fKGwPrXxPZZ5BE8r80Y8EiLMvZPSUbFBwcdV4ZXBN6W77 q6dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=BPLJ7SmZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si11180506pld.331.2018.11.20.13.39.23; Tue, 20 Nov 2018 13:39:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=BPLJ7SmZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726288AbeKUHp1 (ORCPT + 99 others); Wed, 21 Nov 2018 02:45:27 -0500 Received: from mail-yw1-f65.google.com ([209.85.161.65]:41529 "EHLO mail-yw1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725937AbeKUHp1 (ORCPT ); Wed, 21 Nov 2018 02:45:27 -0500 Received: by mail-yw1-f65.google.com with SMTP id f65so1362822ywc.8 for ; Tue, 20 Nov 2018 13:14:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7MTTKf+Xmgc1NDVDg/0c4qismRxbrIPZnukJOiiF86c=; b=BPLJ7SmZ5nmatGH1z2u8e+Ge2moBYO9pb88TW7Kf7J3Qb4MqAUgAnFLOStUw20ioJV fOHCNpGnXRfKA0xcDcKo16np4/D6dzbxI++dsI1+cc/8wTI0v1KgjgJUKQ7n57Gt5GpS tHawfKg107FFJoLpzZ7AH5t29EpA+aGtdvtwY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7MTTKf+Xmgc1NDVDg/0c4qismRxbrIPZnukJOiiF86c=; b=ZVnoXvtiywGH04NCDw7vVVW82MXBK900P0Xj1xbSKJxxcxeR3GYVWLhawVuughXCfJ LSk9/Ql4urw6qQhIavLIENC6MnUwB++zFM5TWd3AEIFCc4yy5cksTpcR7e2KoDqeKgVh S8TXZ/az78mmseCnioxSV+fcVOSQwkIInS7Og5jewv9jnatIvOmJbR9WIy8qg/ckW6LW fM/vrftA3tsAZLAYsTHJjtb8ow/9wJXvLqZc6jf1iJcGgmNhLle07XhohH5JYKSfCruM SaYyOR91aZR0ja0fj0LSyfj0I5HP4fx0/Rx5akzXYVrAzh9x5A3BpLZnwARla8ZskXZ9 BLIg== X-Gm-Message-State: AGRZ1gIo2dRaq5xF2CtZX7qb+T6Vf0uMUE850YTS9M5TV7w0CRS6AfU/ rpiewKY2CqzmAf/ZzwkbVva3AUHsHtQ= X-Received: by 2002:a0d:f404:: with SMTP id d4-v6mr3863481ywf.486.1542748458193; Tue, 20 Nov 2018 13:14:18 -0800 (PST) Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com. [209.85.219.170]) by smtp.gmail.com with ESMTPSA id t4-v6sm3576942ywd.83.2018.11.20.13.14.15 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Nov 2018 13:14:15 -0800 (PST) Received: by mail-yb1-f170.google.com with SMTP id z2-v6so1349854ybj.2 for ; Tue, 20 Nov 2018 13:14:15 -0800 (PST) X-Received: by 2002:a25:ac8e:: with SMTP id x14-v6mr3806610ybi.141.1542748454813; Tue, 20 Nov 2018 13:14:14 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a25:b906:0:0:0:0:0 with HTTP; Tue, 20 Nov 2018 13:14:14 -0800 (PST) In-Reply-To: <0e5fd8bc-0b18-ea88-ed95-ec81a44d0783@intel.com> References: <20181026195146.9C7C1136@viggo.jf.intel.com> <0e5fd8bc-0b18-ea88-ed95-ec81a44d0783@intel.com> From: Kees Cook Date: Tue, 20 Nov 2018 13:14:14 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/2] x86/pkeys: copy pkey state at fork() To: Dave Hansen Cc: Dave Hansen , LKML , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , X86 ML , Peter Zijlstra , Michael Ellerman , Will Deacon , Andy Lutomirski , Joerg Roedel , Daniel Micay Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 26, 2018 at 12:59 PM, Dave Hansen wrote: > On 10/26/18 12:51 PM, Dave Hansen wrote: > ... >> The result is that, after a fork(), the child's pkey state ends up >> looking like it does after an execve(), which is totally wrong. pkeys >> that are already allocated can be allocated again, for instance. > > One thing I omitted. This was very nicely discovered and reported by > danielmicay@gmail.com. Thanks, Daniel! Thread ping. Is there a v2 of this, or can this go in as-is? Looks good to me: Reviewed-by: Kees Cook -Kees -- Kees Cook