Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp49352rwd; Wed, 31 May 2023 18:51:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5hp9IhnRlgYrPE/e8JfNxbTLVG144KKBaXTwpSCPl3BOM5qDsgcasOwZH+lduGUOGvndLw X-Received: by 2002:a37:7cc:0:b0:75b:23a0:d9ac with SMTP id 195-20020a3707cc000000b0075b23a0d9acmr6358713qkh.2.1685584317379; Wed, 31 May 2023 18:51:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685584317; cv=none; d=google.com; s=arc-20160816; b=NuH/lxWrPJh3/LZrHxeO8bBlGAtFr30vkei5fLjPA39LlMA81Vlq6uv1xAwzE/GpBA 1o2BrWdzkZeiAR7dZ6BAMEtFm7+P4kk3z3qXHRkWIywMITX9B310Om7mVbEWvlXNO5zU RLZIOUNYx870YX/lwj14dvJShqzao1Ld1RZ97Go9s3Zr3mpjincQyxD9a0XScPigbEHH QdXXmMAArcEBd/WxugSdBjM4tRCKGhPQVC6Y21hDsHEHHxbicwVLUH4OKDhNfQ10MWFs Plx6Sy2ubPC87xKZdvyyLD5c4/arQhaKqqeOeOEyPZm3gAxvD82/ceVv+6byyjyhQ9pz myzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=tMAT58qbQXF1B/aV0JXyDKL3tKS6p5XVrEhxiBvvom8=; b=x4L7HeiOsnvfm9sFwQhX2fDnwFYuS1DcSJA2NzkY5UvqIhpjpVAeBZdysFaGbRk/pe ykPPMCQQU0GnB35SGJt9a/0KFyP725SMbikba8aLXrP1o8gvzlV9aHURi8yVmq/JzZVY DXI93jREwAih1sNVGfUV8RA805aws+oKrEX9E18FCDWAOw1Lg51nxwQNTKYFfh4soRFy EVt57e6CQuaSrpUEP6yEyoCkfhulF3j0gWOZzm+DvEpHbkCwZeICiUAgkyB/2HA8WDeX vw1NjVPxliB3+bz6VGgFaFfYHMwYwDqo1SDV4Q5hdqIRyhyqQpLALbyo0/KL/6J5zAOE 3Fyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QqnSID8T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c28-20020a056a00009c00b0064d2484f08esi4569318pfj.361.2023.05.31.18.51.45; Wed, 31 May 2023 18:51:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=QqnSID8T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229946AbjFABjt (ORCPT + 99 others); Wed, 31 May 2023 21:39:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230075AbjFABjr (ORCPT ); Wed, 31 May 2023 21:39:47 -0400 Received: from mail-oa1-x30.google.com (mail-oa1-x30.google.com [IPv6:2001:4860:4864:20::30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A66A132 for ; Wed, 31 May 2023 18:39:45 -0700 (PDT) Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-1a1b95cc10eso450227fac.0 for ; Wed, 31 May 2023 18:39:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1685583584; x=1688175584; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=tMAT58qbQXF1B/aV0JXyDKL3tKS6p5XVrEhxiBvvom8=; b=QqnSID8TL++2yzRRDDuaMkHhVp8lsXcS+ymgGQb5lDd4sYMhG/oQFCl2NU1I8d59+b 6e5ESL6nze+ez1VHvS6R/k/V3uRvZvufAgrj1cS/yr1tMkBARrKMK25VaRl7bEdsYe3J KAVU7aCxUJijFS63DKZwrheTh7hF6OQyZBKYo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685583584; x=1688175584; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tMAT58qbQXF1B/aV0JXyDKL3tKS6p5XVrEhxiBvvom8=; b=DloPqVygvV9vgckdLfkqRS+mkN7+rTUCG3QVCImx30v09052HAtxoYAx7m2Kb51S4H 8DkRqDRqERjESYcvIedPFpBnncQeSSOlpbiLMFD9Lk6qfOYtYv036z0kOLuX2IEBzsHo b6oDS+x0l3ExbNdwiHzQBG00ZI5E9A/HrB6NORam8CvOH2R849WxqoCcc94mAIFrLPrr g066gYb0DsxtQuKZxHqAUP7P7xznRJsVO0cLZOI2lYnyEWc9MzwGsHzmH09f/Ex8eysX PJgHNXgW1P/sIxB1fqumfcqfCtQTfrlnl7/7lcR6q6cqtZnu2hUdy7CF1ib4Yv0utVfF CMhg== X-Gm-Message-State: AC+VfDyw7X/Zer7+/sXRV1Lp+AX//yxceJwPM1RYaaNPSU4b72K0v1g/ UXUFn6m/tsNBq9jZEuIusHPZ6YZ7zg4/i3rHQ1vYlw== X-Received: by 2002:a05:6870:d411:b0:192:7111:d8c9 with SMTP id i17-20020a056870d41100b001927111d8c9mr5718936oag.42.1685583584692; Wed, 31 May 2023 18:39:44 -0700 (PDT) MIME-Version: 1.0 References: <20230515130553.2311248-1-jeffxu@chromium.org> <2bcffc9f-9244-0362-2da9-ece230055320@intel.com> <2b14036e-aed8-4212-bc0f-51ec4fe5a5c1@intel.com> <9d64c949-6d5f-06c0-47ef-caade67477e5@intel.com> In-Reply-To: <9d64c949-6d5f-06c0-47ef-caade67477e5@intel.com> From: Jeff Xu Date: Wed, 31 May 2023 18:39:00 -0700 Message-ID: Subject: Re: [PATCH 0/6] Memory Mapping (VMA) protection using PKU - set 1 To: Dave Hansen Cc: Jeff Xu , =?UTF-8?Q?Stephen_R=C3=B6ttger?= , luto@kernel.org, jorgelo@chromium.org, keescook@chromium.org, groeck@chromium.org, jannh@google.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dave, Thanks for feedback, regarding sigaltstack: On Thu, May 18, 2023 at 2:04=E2=80=AFPM Dave Hansen = wrote: > > > > Agreed on signaling handling is a tough part: what do you think about > > the approach (modifying PKRU from saved stack after XSAVE), is there a > > blocker ? > > Yes, signal entry and sigreturn are not necessarily symmetric so you > can't really have a stack. > To clarify: I mean this option below: - before get_sigframe(), save PKUR =3D> tmp - modify thread's PKRU so it can write to sigframe - XSAVE - save tmp =3D> sigframe I believe you proposed this in a previous discussion [1]: and I quote here: "There's a delicate point when building the stack frame that the kernel would need to move over to the new PKRU value to build the frame before it writes the *OLD* value to the frame. But, it's far from impossible." sigreturn will restore thread's original PKRU from sigframe. In case of asymmetrics caused by siglongjmp, user space doesn't call sigreturn, the application needs to set desired PKRU before siglongjmp. I think this solution should work. [1] https://lore.kernel.org/lkml/b4f0dca5-1d15-67f7-4600-9a0a91e9d0bd@intel= .com/ Best regards, -Jeff