From: "Stephen Röttger" <sroettger@google.com>
To: Michael Sammler <msammler@mpi-sws.org>
Cc: Kees Cook <keescook@chromium.org>,
linux-api@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linuxram@us.ibm.com, luto@amacapital.net, wad@chromium.org,
Dave Hansen <dave.hansen@intel.com>
Subject: Re: [RFC PATCH] seccomp: Add protection keys into seccomp_data
Date: Wed, 16 Nov 2022 13:20:58 +0100 [thread overview]
Message-ID: <CAEAAPHZimy_V=1FMMn64n658Gg8gE=NZT6uDKgPm+2RVVSmE6A@mail.gmail.com> (raw)
In-Reply-To: <0a643215-03ce-4388-bd1a-301dcab87c41@mpi-sws.org>
[-- Attachment #1: Type: text/plain, Size: 1143 bytes --]
On Tue, Nov 15, 2022 at 5:16 AM Michael Sammler <msammler@mpi-sws.org> wrote:
> > We're currently working on a feature in chromium that uses pkeys for
> > in-process isolation. Being able to use the pkey state in the seccomp
> > filter would be pretty useful for this. For example, it would allow
> > us to enforce that no code outside the isolated thread would ever
> > map/mprotect executable memory.
> > We can probably do something similar by adding instruction pointer
> > checks to the seccomp filter, but that feels quite hacky and this
> > feature would make a much nicer implementation.
> >
> > Are there any plans to make a version 2 of this patch?
>
> Thanks for your interest in this patch, but I am now working on other projects and currently don't plan to make a version 2 of this patch.
I'd be happy to take over writing a version 2 for this.
Kees and Dave, does this feature overall look good to you?
From the discussion, I think there are two proposed changes:
* use an architecture-generic interface as Ram Pai suggested (i.e. add
a read_pkey function)
* ensure to restore the pkru value or fetch it from the xsave buffer
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4005 bytes --]
next prev parent reply other threads:[~2022-11-16 12:25 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-14 10:09 [RFC PATCH] seccomp: Add protection keys into seccomp_data Stephen Röttger
2022-11-15 4:16 ` Michael Sammler
2022-11-16 12:20 ` Stephen Röttger [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-10-29 11:23 Michael Sammler
2018-10-29 16:25 ` Kees Cook
2018-10-29 16:37 ` Dave Hansen
2018-10-29 16:48 ` Jann Horn
2018-10-29 17:02 ` Michael Sammler
2018-10-29 17:07 ` Dave Hansen
2018-10-29 17:29 ` Dave Hansen
2018-10-29 21:55 ` Michael Sammler
2018-10-29 22:33 ` Dave Hansen
2018-10-30 10:55 ` Michael Sammler
2018-10-29 16:42 ` Jann Horn
2018-10-29 16:48 ` Ram Pai
2018-10-29 17:05 ` Michael Sammler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEAAPHZimy_V=1FMMn64n658Gg8gE=NZT6uDKgPm+2RVVSmE6A@mail.gmail.com' \
--to=sroettger@google.com \
--cc=dave.hansen@intel.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=luto@amacapital.net \
--cc=msammler@mpi-sws.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).