From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753712AbcAGVLI (ORCPT ); Thu, 7 Jan 2016 16:11:08 -0500 Received: from mail-oi0-f52.google.com ([209.85.218.52]:36252 "EHLO mail-oi0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752410AbcAGVLG (ORCPT ); Thu, 7 Jan 2016 16:11:06 -0500 MIME-Version: 1.0 In-Reply-To: <20160107000148.ED5D13DF@viggo.jf.intel.com> References: <20160107000104.1A105322@viggo.jf.intel.com> <20160107000148.ED5D13DF@viggo.jf.intel.com> From: Andy Lutomirski Date: Thu, 7 Jan 2016 13:10:44 -0800 Message-ID: Subject: Re: [PATCH 31/31] x86, pkeys: execute-only support To: Dave Hansen Cc: "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , X86 ML , Dave Hansen , Linus Torvalds , Andrew Morton , Kees Cook Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 6, 2016 at 4:01 PM, Dave Hansen wrote: > > From: Dave Hansen > > Protection keys provide new page-based protection in hardware. > But, they have an interesting attribute: they only affect data > accesses and never affect instruction fetches. That means that > if we set up some memory which is set as "access-disabled" via > protection keys, we can still execute from it. > could lose the bits in PKRU that enforce execute-only > permissions. To avoid this, we suggest avoiding ever calling > mmap() or mprotect() when the PKRU value is expected to be > stable. s/stable/unstable/ This may be a bit unfortunate for people who call mmap from signal handlers. Admittedly, the failure mode isn't that bad. Out of curiosity, do you have timing information for WRPKRU and RDPKRU? If they're fast and if anyone ever implements my deferred xstate restore idea, then the performance issue goes away and we can stop caring about whether PKRU is in the init state. --Andy