Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE

From: Dave Hansen
Date: Thu Mar 14 2024 - 13:54:26 EST

Next message: Brett Creeley: "Re: [PATCH v4 iwl-net] i40e: Prevent setting MTU if greater than MFS"
Previous message: Alex Deucher: "Re: [PATCH 1/2] drm/amdgpu: add the IP information of the soc"
In reply to: Aruna Ramakrishna: "[RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE"
Next in thread: Aruna Ramakrishna: "Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/14/24 10:29, Aruna Ramakrishna wrote:
> This patch is a workaround for a bug where the PKRU value is not
> restored to the init value before the signal handler is invoked.

I don't think we should touch this with a ten foot pole without a test
for it in tools/testing/selftests/mm/protection_keys.c.

I'm not sure this is worth the trouble. Protection keys is not a
security feature. This isn't a regression. It's been the behavior
since day one. This really is a feature request for a behavioral
improvement, not a bug fix.

The need for this new feature is highly dependent on the threat model
that it supports. I'm highly dubious that there's a true need to
protect against an attacker with arbitrary write access in the same
address space. We need to have a lot more information there.

I haven't even more than glanced at the code. It looks pretty
unspeakably ugly even at a glance.

Next message: Brett Creeley: "Re: [PATCH v4 iwl-net] i40e: Prevent setting MTU if greater than MFS"
Previous message: Alex Deucher: "Re: [PATCH 1/2] drm/amdgpu: add the IP information of the soc"
In reply to: Aruna Ramakrishna: "[RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE"
Next in thread: Aruna Ramakrishna: "Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]