On Tue, May 16, 2023 at 10:08 PM Kees Cook keescook@chromium.org wrote:
On Mon, May 15, 2023 at 01:05:46PM +0000, jeffxu@chromium.org wrote:
This patch introduces a new flag, PKEY_ENFORCE_API, to the pkey_alloc() function. When a PKEY is created with this flag, it is enforced that any thread that wants to make changes to the memory mapping (such as mprotect) of the memory must have write access to the PKEY. PKEYs created without this flag will continue to work as they do now, for backwards compatibility.
Only PKEY created from user space can have the new flag set, the PKEY allocated by the kernel internally will not have it. In other words, ARCH_DEFAULT_PKEY(0) and execute_only_pkey won’t have this flag set, and continue work as today.
Cool! Yeah, this looks like it could become quite useful. I assume V8 folks are on board with this API, etc?
Yes! (I'm from the v8 team driving the implementation on v8 side)
This set of patch covers mprotect/munmap, I plan to work on other syscalls after this.
Which ones are on your list currently?
-- Kees Cook