git: fa77fecb0e06 - main - pkru.3: Note that the kernel may not respect PKRU protections

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 16 Apr 2026 17:46:28 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=fa77fecb0e06ec697e3d7a9ed899e568f1d2090c

commit fa77fecb0e06ec697e3d7a9ed899e568f1d2090c
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2026-04-16 17:46:11 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2026-04-16 17:46:11 +0000

    pkru.3: Note that the kernel may not respect PKRU protections
    
    There are cases where the kernel will be able to access memory covered
    by a PKRU key which nomially prohibits accesses.  I believe regular
    copyin()/copyout() are subject to the contents of PKRU, but memory
    accesses via uiomove_fromphys() will not be.  This can arise when
    performing fault I/O, for instance.  I didn't test, but I suspect AIO is
    another case.
    
    Update the man page to acknowledge this.
    
    Reviewed by:    alc, kib
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D56416
---
 lib/libsys/x86/pkru.3 | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/lib/libsys/x86/pkru.3 b/lib/libsys/x86/pkru.3
index 06837a39858d..75580953e6ed 100644
--- a/lib/libsys/x86/pkru.3
+++ b/lib/libsys/x86/pkru.3
@@ -71,13 +71,16 @@ Only one key may apply to a given range at a time.
 The default protection key index is zero, it is used even if no key
 was explicitly assigned to the address, or if the key was removed.
 .Pp
-The protection prevents the system from accessing user addresses as well
-as the user applications.
-When a system call was unable to read or write user memory due to key
-protection, it returns the
-.Er EFAULT
-error code.
-Note that some side effects may have occurred if this error is reported.
+If the user application attempts a memory access which is prohibited by the
+PKRU register, the offending thread receives a synchronous
+.Dv SIGSEGV
+signal with
+.Va si_code
+set to
+.Dv SEGV_PKUERR .
+PKRU protections might prevent the kernel from accessing protected
+user addresses when handling system calls, but this is not guaranteed and
+must not be relied upon.
 .Pp
 Both 64-bit and 32-bit applications can use protection keys.
 More information about the hardware feature is provided in the IA32 Software