From: Mel Gorman <mgorman@techsingularity.net>
To: Dave Hansen <dave@sr71.net>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
linux-mm@kvack.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, dave.hansen@linux.intel.com,
arnd@arndb.de, hughd@google.com, viro@zeniv.linux.org.uk
Subject: Re: [PATCH 6/9] x86, pkeys: add pkey set/get syscalls
Date: Thu, 7 Jul 2016 15:45:08 +0100 [thread overview]
Message-ID: <20160707144508.GZ11498@techsingularity.net> (raw)
In-Reply-To: <20160707124728.C1116BB1@viggo.jf.intel.com>
On Thu, Jul 07, 2016 at 05:47:28AM -0700, Dave Hansen wrote:
>
> From: Dave Hansen <dave.hansen@linux.intel.com>
>
> This establishes two more system calls for protection key management:
>
> unsigned long pkey_get(int pkey);
> int pkey_set(int pkey, unsigned long access_rights);
>
> The return value from pkey_get() and the 'access_rights' passed
> to pkey_set() are the same format: a bitmask containing
> PKEY_DENY_WRITE and/or PKEY_DENY_ACCESS, or nothing set at all.
>
> These can replace userspace's direct use of the new rdpkru/wrpkru
> instructions.
>
> With current hardware, the kernel can not enforce that it has
> control over a given key. But, this at least allows the kernel
> to indicate to userspace that userspace does not control a given
> protection key. This makes it more likely that situations like
> using a pkey after sys_pkey_free() can be detected.
>
> The kernel does _not_ enforce that this interface must be used for
> changes to PKRU, whether or not a key has been "allocated".
>
> This syscall interface could also theoretically be replaced with a
> pair of vsyscalls. The vsyscalls would just call WRPKRU/RDPKRU
> directly in situations where they are drop-in equivalents for
> what the kernel would be doing.
>
This one feels like something that can or should be implemented in
glibc.
There is no real enforcement of the values yet looking them up or
setting them takes mmap_sem for write. Applications that frequently get
called will get hammed into the ground with serialisation on mmap_sem
not to mention the cost of the syscall entry/exit.
RIght now, I'm seeing a lot of cost and not much benefit with this
specific patch.
--
Mel Gorman
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Mel Gorman <mgorman@techsingularity.net>
To: Dave Hansen <dave@sr71.net>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
linux-mm@kvack.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, dave.hansen@linux.intel.com,
arnd@arndb.de, hughd@google.com, viro@zeniv.linux.org.uk
Subject: Re: [PATCH 6/9] x86, pkeys: add pkey set/get syscalls
Date: Thu, 7 Jul 2016 15:45:08 +0100 [thread overview]
Message-ID: <20160707144508.GZ11498@techsingularity.net> (raw)
Message-ID: <20160707144508.uJ5DrKY5jdiBd5_7FFt2YpwCMkuxoW_Nv9JjuTHU-iQ@z> (raw)
In-Reply-To: <20160707124728.C1116BB1@viggo.jf.intel.com>
On Thu, Jul 07, 2016 at 05:47:28AM -0700, Dave Hansen wrote:
>
> From: Dave Hansen <dave.hansen@linux.intel.com>
>
> This establishes two more system calls for protection key management:
>
> unsigned long pkey_get(int pkey);
> int pkey_set(int pkey, unsigned long access_rights);
>
> The return value from pkey_get() and the 'access_rights' passed
> to pkey_set() are the same format: a bitmask containing
> PKEY_DENY_WRITE and/or PKEY_DENY_ACCESS, or nothing set at all.
>
> These can replace userspace's direct use of the new rdpkru/wrpkru
> instructions.
>
> With current hardware, the kernel can not enforce that it has
> control over a given key. But, this at least allows the kernel
> to indicate to userspace that userspace does not control a given
> protection key. This makes it more likely that situations like
> using a pkey after sys_pkey_free() can be detected.
>
> The kernel does _not_ enforce that this interface must be used for
> changes to PKRU, whether or not a key has been "allocated".
>
> This syscall interface could also theoretically be replaced with a
> pair of vsyscalls. The vsyscalls would just call WRPKRU/RDPKRU
> directly in situations where they are drop-in equivalents for
> what the kernel would be doing.
>
This one feels like something that can or should be implemented in
glibc.
There is no real enforcement of the values yet looking them up or
setting them takes mmap_sem for write. Applications that frequently get
called will get hammed into the ground with serialisation on mmap_sem
not to mention the cost of the syscall entry/exit.
RIght now, I'm seeing a lot of cost and not much benefit with this
specific patch.
--
Mel Gorman
SUSE Labs
next prev parent reply other threads:[~2016-07-07 14:45 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-07 12:47 [PATCH 0/9] [REVIEW-REQUEST] [v4] System Calls for Memory Protection Keys Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 1/9] x86, pkeys: add fault handling for PF_PK page fault bit Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 14:40 ` Mel Gorman
2016-07-07 14:40 ` Mel Gorman
2016-07-07 15:42 ` Dave Hansen
2016-07-07 15:42 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 2/9] mm: implement new pkey_mprotect() system call Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 14:40 ` Mel Gorman
2016-07-07 14:40 ` Mel Gorman
2016-07-07 16:51 ` Dave Hansen
2016-07-07 16:51 ` Dave Hansen
2016-07-08 10:15 ` Mel Gorman
2016-07-08 10:15 ` Mel Gorman
2016-07-07 12:47 ` [PATCH 3/9] x86, pkeys: make mprotect_key() mask off additional vm_flags Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 4/9] x86: wire up mprotect_key() system call Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 5/9] x86, pkeys: allocation/free syscalls Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 14:40 ` Mel Gorman
2016-07-07 14:40 ` Mel Gorman
2016-07-07 15:38 ` Dave Hansen
2016-07-07 15:38 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 6/9] x86, pkeys: add pkey set/get syscalls Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 14:45 ` Mel Gorman [this message]
2016-07-07 14:45 ` Mel Gorman
2016-07-07 17:33 ` Dave Hansen
2016-07-07 17:33 ` Dave Hansen
2016-07-08 7:18 ` Ingo Molnar
2016-07-08 7:18 ` Ingo Molnar
[not found] ` <20160708071810.GA27457-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-07-08 16:32 ` Dave Hansen
2016-07-08 16:32 ` Dave Hansen
2016-07-08 16:32 ` Dave Hansen
2016-07-09 8:37 ` Ingo Molnar
2016-07-09 8:37 ` Ingo Molnar
2016-07-09 8:37 ` Ingo Molnar
2016-07-11 4:25 ` Andy Lutomirski
2016-07-11 4:25 ` Andy Lutomirski
[not found] ` <CALCETrXJhVz6Za4=oidiM2Vfbb+XdggFBYiVyvOCcia+w064aQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-07-11 7:35 ` Ingo Molnar
2016-07-11 7:35 ` Ingo Molnar
2016-07-11 7:35 ` Ingo Molnar
2016-07-11 14:28 ` Dave Hansen
2016-07-11 14:28 ` Dave Hansen
2016-07-12 7:13 ` Ingo Molnar
2016-07-12 7:13 ` Ingo Molnar
2016-07-12 15:39 ` Dave Hansen
2016-07-12 15:39 ` Dave Hansen
2016-07-11 14:50 ` Andy Lutomirski
2016-07-11 14:50 ` Andy Lutomirski
2016-07-11 14:34 ` Dave Hansen
2016-07-11 14:34 ` Dave Hansen
2016-07-11 14:34 ` Dave Hansen
2016-07-11 14:45 ` Andy Lutomirski
2016-07-11 14:45 ` Andy Lutomirski
2016-07-11 15:48 ` Dave Hansen
2016-07-11 15:48 ` Dave Hansen
2016-07-12 16:32 ` Andy Lutomirski
2016-07-12 16:32 ` Andy Lutomirski
2016-07-12 17:12 ` Dave Hansen
2016-07-12 17:12 ` Dave Hansen
2016-07-12 22:55 ` Andy Lutomirski
2016-07-12 22:55 ` Andy Lutomirski
2016-07-13 7:56 ` Ingo Molnar
2016-07-13 7:56 ` Ingo Molnar
2016-07-13 18:43 ` Andy Lutomirski
2016-07-13 18:43 ` Andy Lutomirski
2016-07-14 8:07 ` Ingo Molnar
2016-07-14 8:07 ` Ingo Molnar
2016-07-18 4:43 ` Andy Lutomirski
2016-07-18 4:43 ` Andy Lutomirski
2016-07-18 9:56 ` Ingo Molnar
2016-07-18 9:56 ` Ingo Molnar
[not found] ` <20160709083715.GA29939-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-07-18 18:02 ` Dave Hansen
2016-07-18 18:02 ` Dave Hansen
2016-07-18 18:02 ` Dave Hansen
2016-07-18 20:12 ` Dave Hansen
2016-07-18 20:12 ` Dave Hansen
2016-07-18 20:12 ` Dave Hansen
2016-07-08 19:26 ` Dave Hansen
2016-07-08 19:26 ` Dave Hansen
[not found] ` <577E924C.6010406-gkUM19QKKo4@public.gmane.org>
2016-07-08 10:22 ` Mel Gorman
2016-07-08 10:22 ` Mel Gorman
2016-07-08 10:22 ` Mel Gorman
2016-07-07 12:47 ` [PATCH 7/9] generic syscalls: wire up memory protection keys syscalls Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 8/9] pkeys: add details of system call use to Documentation/ Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 12:47 ` [PATCH 9/9] x86, pkeys: add self-tests Dave Hansen
2016-07-07 12:47 ` Dave Hansen
[not found] ` <20160707124719.3F04C882-LXbPSdftPKxrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2016-07-07 14:47 ` [PATCH 0/9] [REVIEW-REQUEST] [v4] System Calls for Memory Protection Keys Mel Gorman
2016-07-07 14:47 ` Mel Gorman
2016-07-07 14:47 ` Mel Gorman
2016-07-08 18:38 ` Hugh Dickins
2016-07-08 18:38 ` Hugh Dickins
2016-07-08 18:38 ` Hugh Dickins
-- strict thread matches above, loose matches on Subject: below --
2016-06-09 0:01 [PATCH 0/9] [v3] " Dave Hansen
2016-06-09 0:01 ` [PATCH 6/9] x86, pkeys: add pkey set/get syscalls Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-07 20:47 [PATCH 0/9] [v2] System Calls for Memory Protection Keys Dave Hansen
2016-06-07 20:47 ` [PATCH 6/9] x86, pkeys: add pkey set/get syscalls Dave Hansen
2016-06-07 20:47 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160707144508.GZ11498@techsingularity.net \
--to=mgorman@techsingularity.net \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=dave.hansen@linux.intel.com \
--cc=dave@sr71.net \
--cc=hughd@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.