From: Dave Hansen <dave-gkUM19QKKo4@public.gmane.org>
To: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org,
torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
dave.hansen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org
Subject: Re: [PATCH 2/9] mm: implement new pkey_mprotect() system call
Date: Mon, 13 Jun 2016 09:03:36 -0700 [thread overview]
Message-ID: <575ED958.5060209@sr71.net> (raw)
In-Reply-To: <alpine.DEB.2.11.1606111147000.5839@nanos>
On 06/11/2016 02:47 AM, Thomas Gleixner wrote:
> On Wed, 8 Jun 2016, Dave Hansen wrote:
>> > Proposed semantics:
>> > 1. protection key 0 is special and represents the default,
>> > unassigned protection key. It is always allocated.
>> > 2. mprotect() never affects a mapping's pkey_mprotect()-assigned
>> > protection key. A protection key of 0 (even if set explicitly)
>> > represents an unassigned protection key.
>> > 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection
>> > key may or may not result in a mapping with execute-only
>> > properties. pkey_mprotect() plus pkey_set() on all threads
>> > should be used to _guarantee_ execute-only semantics.
>> > 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The
>> > kernel will internally attempt to allocate and dedicate a
>> > protection key for the purpose of execute-only mappings. This
>> > may not be possible in cases where there are no free protection
>> > keys available.
> Shouldn't we just reserve a protection key for PROT_EXEC unconditionally?
Normal userspace does not do PROT_EXEC today. So, today, we'd
effectively lose one of our keys by reserving it. Of the folks I've
talked to who really want this feature, and *will* actually use it, one
of the most common complaints is that there are too few keys.
Folks who actively *want* true PROT_EXEC semantics can use the explicit
pkey interfaces.
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave@sr71.net>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
linux-mm@kvack.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, dave.hansen@linux.intel.com
Subject: Re: [PATCH 2/9] mm: implement new pkey_mprotect() system call
Date: Mon, 13 Jun 2016 09:03:36 -0700 [thread overview]
Message-ID: <575ED958.5060209@sr71.net> (raw)
Message-ID: <20160613160336.1lCpVqZrWGBSCunL2mg2WRPQx1v9AilW8_FyTOf5mhM@z> (raw)
In-Reply-To: <alpine.DEB.2.11.1606111147000.5839@nanos>
On 06/11/2016 02:47 AM, Thomas Gleixner wrote:
> On Wed, 8 Jun 2016, Dave Hansen wrote:
>> > Proposed semantics:
>> > 1. protection key 0 is special and represents the default,
>> > unassigned protection key. It is always allocated.
>> > 2. mprotect() never affects a mapping's pkey_mprotect()-assigned
>> > protection key. A protection key of 0 (even if set explicitly)
>> > represents an unassigned protection key.
>> > 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection
>> > key may or may not result in a mapping with execute-only
>> > properties. pkey_mprotect() plus pkey_set() on all threads
>> > should be used to _guarantee_ execute-only semantics.
>> > 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The
>> > kernel will internally attempt to allocate and dedicate a
>> > protection key for the purpose of execute-only mappings. This
>> > may not be possible in cases where there are no free protection
>> > keys available.
> Shouldn't we just reserve a protection key for PROT_EXEC unconditionally?
Normal userspace does not do PROT_EXEC today. So, today, we'd
effectively lose one of our keys by reserving it. Of the folks I've
talked to who really want this feature, and *will* actually use it, one
of the most common complaints is that there are too few keys.
Folks who actively *want* true PROT_EXEC semantics can use the explicit
pkey interfaces.
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave@sr71.net>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
linux-mm@kvack.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, dave.hansen@linux.intel.com
Subject: Re: [PATCH 2/9] mm: implement new pkey_mprotect() system call
Date: Mon, 13 Jun 2016 09:03:36 -0700 [thread overview]
Message-ID: <575ED958.5060209@sr71.net> (raw)
In-Reply-To: <alpine.DEB.2.11.1606111147000.5839@nanos>
On 06/11/2016 02:47 AM, Thomas Gleixner wrote:
> On Wed, 8 Jun 2016, Dave Hansen wrote:
>> > Proposed semantics:
>> > 1. protection key 0 is special and represents the default,
>> > unassigned protection key. It is always allocated.
>> > 2. mprotect() never affects a mapping's pkey_mprotect()-assigned
>> > protection key. A protection key of 0 (even if set explicitly)
>> > represents an unassigned protection key.
>> > 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection
>> > key may or may not result in a mapping with execute-only
>> > properties. pkey_mprotect() plus pkey_set() on all threads
>> > should be used to _guarantee_ execute-only semantics.
>> > 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The
>> > kernel will internally attempt to allocate and dedicate a
>> > protection key for the purpose of execute-only mappings. This
>> > may not be possible in cases where there are no free protection
>> > keys available.
> Shouldn't we just reserve a protection key for PROT_EXEC unconditionally?
Normal userspace does not do PROT_EXEC today. So, today, we'd
effectively lose one of our keys by reserving it. Of the folks I've
talked to who really want this feature, and *will* actually use it, one
of the most common complaints is that there are too few keys.
Folks who actively *want* true PROT_EXEC semantics can use the explicit
pkey interfaces.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-06-13 16:03 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-09 0:01 [PATCH 0/9] [v3] System Calls for Memory Protection Keys Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 1/9] x86, pkeys: add fault handling for PF_PK page fault bit Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 2/9] mm: implement new pkey_mprotect() system call Dave Hansen
2016-06-09 0:01 ` Dave Hansen
[not found] ` <20160609000120.A3DD5140-LXbPSdftPKxrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2016-06-11 9:47 ` Thomas Gleixner
2016-06-11 9:47 ` Thomas Gleixner
2016-06-13 16:03 ` Dave Hansen [this message]
2016-06-13 16:03 ` Dave Hansen
2016-06-13 16:03 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 3/9] x86, pkeys: make mprotect_key() mask off additional vm_flags Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 4/9] x86: wire up mprotect_key() system call Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 5/9] x86, pkeys: allocation/free syscalls Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 6/9] x86, pkeys: add pkey set/get syscalls Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 7/9] generic syscalls: wire up memory protection keys syscalls Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` [PATCH 8/9] pkeys: add details of system call use to Documentation/ Dave Hansen
2016-06-09 0:01 ` Dave Hansen
[not found] ` <20160609000117.71AC7623-LXbPSdftPKxrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2016-06-09 0:01 ` [PATCH 9/9] x86, pkeys: add self-tests Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-09 0:01 ` Dave Hansen
2016-06-30 9:41 ` [PATCH 0/9] [v3] System Calls for Memory Protection Keys Ingo Molnar
2016-06-30 9:41 ` Ingo Molnar
[not found] ` <20160630094123.GA29268-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2016-06-30 16:46 ` Dave Hansen
2016-06-30 16:46 ` Dave Hansen
2016-06-30 16:46 ` Dave Hansen
2016-06-30 17:40 ` Andy Lutomirski
2016-06-30 17:40 ` Andy Lutomirski
-- strict thread matches above, loose matches on Subject: below --
2016-07-07 12:47 [PATCH 0/9] [REVIEW-REQUEST] [v4] " Dave Hansen
2016-07-07 12:47 ` [PATCH 2/9] mm: implement new pkey_mprotect() system call Dave Hansen
2016-07-07 12:47 ` Dave Hansen
2016-07-07 14:40 ` Mel Gorman
2016-07-07 14:40 ` Mel Gorman
2016-07-07 16:51 ` Dave Hansen
2016-07-07 16:51 ` Dave Hansen
2016-07-08 10:15 ` Mel Gorman
2016-07-08 10:15 ` Mel Gorman
2016-06-07 20:47 [PATCH 0/9] [v2] System Calls for Memory Protection Keys Dave Hansen
2016-06-07 20:47 ` [PATCH 2/9] mm: implement new pkey_mprotect() system call Dave Hansen
2016-06-07 20:47 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=575ED958.5060209@sr71.net \
--to=dave-gkum19qkko4@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=dave.hansen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.