[Midnightbsd-cvs] [MidnightBSD/src] 8007f2: Memory protection keys are an amd64 CPU feature, a...

[Lucas Holt]

  Branch: refs/heads/stable/4.0
  Home:   https://github.com/MidnightBSD/src
  Commit: 8007f2512de49e5f0f0b8878f11095ea497a76f1
      https://github.com/MidnightBSD/src/commit/8007f2512de49e5f0f0b8878f11095ea497a76f1
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-04-21 (Tue, 21 Apr 2026)

  Changed paths:
    M lib/libc/x86/sys/pkru.3
    M sys/amd64/amd64/pmap.c
    M sys/amd64/amd64/sys_machdep.c
    M sys/vm/vm_map.c
    M sys/vm/vm_map.h
    M tests/sys/posixshm/posixshm_test.c

  Log Message:
  -----------
  Memory protection keys are an amd64 CPU feature, available in modern Intel and
AMD CPUs, which allow applications to apply access restrictions to regions of
virtual memory.  On MidnightBSD this functionality is provided by the pkru(3)
interface.

In order to apply a particular protection key to an address range, the kernel
must update the corresponding page table entries.  The subroutine which handled
this failed to take into account the presence of 1GB largepage mappings created
using the shm_create_largepage(3) interface.  In particular, it would always
treat a page directory page entry as pointing to another page table page.

The bug can be abused by an unprivileged user to cause pmap_pkru_update_range()
to treat userspace memory as a page table page, and thus overwrite memory to
which the application would otherwise not have access.

Obtained from: FreeBSD



To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications