Re: [PATCH 0/6] Memory Mapping (VMA) protection using PKU - set 1

From: Dave Hansen
Date: Mon May 15 2023 - 10:28:35 EST

Next message: Rob Clark: "[PATCH v4 0/9] drm: fdinfo memory stats"
Previous message: Johan Hovold: "Re: [PATCH v8 7/9] arm64: dts: qcom: sc8280xp: Add multiport controller node for SC8280"
In reply to: jeffxu: "[PATCH 6/6] PKEY:selftest pkey_enforce_api for munmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/15/23 06:05, jeffxu@xxxxxxxxxxxx wrote:
> We're using PKU for in-process isolation to enforce control-flow integrity
> for a JIT compiler. In our threat model, an attacker exploits a
> vulnerability and has arbitrary read/write access to the whole process
> space concurrently to other threads being executed. This attacker can
> manipulate some arguments to syscalls from some threads.

This all sounds like it hinges on the contents of PKRU in the attacker
thread.

Could you talk a bit about how the attacker is prevented from running
WRPKRU, XRSTOR or compelling the kernel to write to PKRU like at sigreturn?

Next message: Rob Clark: "[PATCH v4 0/9] drm: fdinfo memory stats"
Previous message: Johan Hovold: "Re: [PATCH v8 7/9] arm64: dts: qcom: sc8280xp: Add multiport controller node for SC8280"
In reply to: jeffxu: "[PATCH 6/6] PKEY:selftest pkey_enforce_api for munmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]