From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FB6F146D6D for ; Tue, 9 Jul 2024 08:52:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720515156; cv=none; b=iWETWT0cWx72A8JXePte9lCKiW3zKXaDjeWm/VmIq6tmP3pyLaJ8d3E7jyfKe3BnfKYkjbMez1oU6rpQZvwmY5Ckmv1fJyLL4XsM6HInqg8plq1fQNKoEHafIHmI0Vs5yDL177+btBGoAhyywd0LwGVdJGGFmRoUxmNRfT9T/3E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720515156; c=relaxed/simple; bh=aKrbvYatQQa9iqD/RLLmut5wz3BIvGbGeZI4a400mkw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=OAr9zmu/ghAVofZ21QC9TgQAN6ONKa2WmfvJE/utH25lmkRxmQhCDbcluDXwY8RZCaQrVCQmhau7sLkNfDDpU3rmrcVhgAIPX0lt5plWEfxKX/ifpv6lPcTjYphf7Oh68ljPqZ/ssBT60XasYpRZEj8qO5kLV8EUez65Qnlf8UI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=DpExboip; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="DpExboip" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720515154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aKrbvYatQQa9iqD/RLLmut5wz3BIvGbGeZI4a400mkw=; b=DpExboipbpZsb5hA8MZS+pnWqFRlcoGaoyQYP0EmXqb92Oqh1bthLAT1i4B+GL46lOt2dc 18RfoepX6gPzhPmTzkClnv8kcxz+ZIDA6ErWrqjlg1Syawdx9VkHXgJIE7M3Umns2pJ2pG teS5C8LlwjlEiJI/c/WB2A4GMdS9LHs= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-494-95z-6JRaPpWfMZk9MN0rrw-1; Tue, 09 Jul 2024 04:52:30 -0400 X-MC-Unique: 95z-6JRaPpWfMZk9MN0rrw-1 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A13F31958B3D; Tue, 9 Jul 2024 08:52:25 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.45.224.64]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DDBC43000181; Tue, 9 Jul 2024 08:52:15 +0000 (UTC) From: Florian Weimer To: Szabolcs Nagy Cc: Catalin Marinas , Joey Gouly , dave.hansen@linux.intel.com, linux-arm-kernel@lists.infradead.org, akpm@linux-foundation.org, aneesh.kumar@kernel.org, aneesh.kumar@linux.ibm.com, bp@alien8.de, broonie@kernel.org, christophe.leroy@csgroup.eu, hpa@zytor.com, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, maz@kernel.org, mingo@redhat.com, mpe@ellerman.id.au, naveen.n.rao@linux.ibm.com, npiggin@gmail.com, oliver.upton@linux.dev, shuah@kernel.org, tglx@linutronix.de, will@kernel.org, x86@kernel.org, kvmarm@lists.linux.dev Subject: Re: [PATCH v4 17/29] arm64: implement PKEYS support In-Reply-To: (Szabolcs Nagy's message of "Tue, 9 Jul 2024 09:32:21 +0100") References: <20240503130147.1154804-1-joey.gouly@arm.com> <20240503130147.1154804-18-joey.gouly@arm.com> <20240531152138.GA1805682@e124191.cambridge.arm.com> <87a5jj4rhw.fsf@oldenburg.str.redhat.com> Date: Tue, 09 Jul 2024 10:52:12 +0200 Message-ID: <87ikxf0wxv.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Precedence: bulk X-Mailing-List: kvmarm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 * Szabolcs Nagy: >> However, does it matter much? That's only for the initial setup, the >> user can then change the permissions directly via the sysreg. So maybe >> we don't need all those combinations upfront. A PKEY_DISABLE_EXECUTE >> together with the full PKEY_DISABLE_ACCESS would probably suffice. > > this is ok. > > a bit awkward in userspace when the register is directly > set to e.g write-only and pkey_get has to return something, > but we can handle settings outside of valid PKEY_* macros > as unspec, users who want that would use their own register > set/get code. > > i would have designed the permission to use either existing > PROT_* flags or say that it is architectural and written to > the register directly and let the libc wrapper deal with > portable api, i guess it's too late now. We can still define a portable API if we get a few more PKEY_* bits. The last attempt stalled because the kernel does not really need them, it would be for userspace benefit only. For performance-critical code, pkey_get/pkey_set are already too slow, so adding a bit more bit twiddling to it wouldn't be a proble, I think. Applications that want to change protection key bits around a very short code sequence will have to write the architecture-specific register. > (the signal handling behaviour should have a control and it > is possible to fix e.g. via pkey_alloc flags, but that may > not be the best solution and this can be done later.) For glibc, the POWER behavior is much more useful. Thanks, Florian From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E2454C2BD09 for ; Tue, 9 Jul 2024 08:53:25 +0000 (UTC) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HMFIk3ts; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=JEhXjCgZ; dkim-atps=neutral Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4WJFBr1pH0z3dBv for ; Tue, 9 Jul 2024 18:53:24 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HMFIk3ts; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=JEhXjCgZ; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=redhat.com (client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=fweimer@redhat.com; receiver=lists.ozlabs.org) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4WJFB34srMz3cYY for ; Tue, 9 Jul 2024 18:52:41 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720515155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aKrbvYatQQa9iqD/RLLmut5wz3BIvGbGeZI4a400mkw=; b=HMFIk3tsdNgd0G/W3920YvH7HcQntzsRvCWHq8OMy0ZpSDltMfo732lvkKTBa0kWYYlPMf SCt/K4LSNVwhUVU3J8qUMbF54XuW8MeJFuXhx3BbBMd9yGWEoqLCbeRkrOxq0+1hf0o901 7HngYHfeIUSIFiImVeIxH1LTDeFA/KE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1720515156; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=aKrbvYatQQa9iqD/RLLmut5wz3BIvGbGeZI4a400mkw=; b=JEhXjCgZGPKctXO5TbPJ1xt6mItEVYqPxkkN3CtpJtTAeL1qnQKvn7b61jNjR3oZdwr2z/ 9pAampv54O7SMi0cg53unxn2ucFUoSMgdX9MDEpJA+E5RmLlD1imKkQwlIBS7Bgyjcgb5L xbvbMaAjhAmpWpSNkGg43971OYnhhoQ= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-494-95z-6JRaPpWfMZk9MN0rrw-1; Tue, 09 Jul 2024 04:52:30 -0400 X-MC-Unique: 95z-6JRaPpWfMZk9MN0rrw-1 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A13F31958B3D; Tue, 9 Jul 2024 08:52:25 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.45.224.64]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DDBC43000181; Tue, 9 Jul 2024 08:52:15 +0000 (UTC) From: Florian Weimer To: Szabolcs Nagy Subject: Re: [PATCH v4 17/29] arm64: implement PKEYS support In-Reply-To: (Szabolcs Nagy's message of "Tue, 9 Jul 2024 09:32:21 +0100") References: <20240503130147.1154804-1-joey.gouly@arm.com> <20240503130147.1154804-18-joey.gouly@arm.com> <20240531152138.GA1805682@e124191.cambridge.arm.com> <87a5jj4rhw.fsf@oldenburg.str.redhat.com> Date: Tue, 09 Jul 2024 10:52:12 +0200 Message-ID: <87ikxf0wxv.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , dave.hansen@linux.intel.com, Joey Gouly , linux-mm@kvack.org, hpa@zytor.com, shuah@kernel.org, maz@kernel.org, x86@kernel.org, christophe.leroy@csgroup.eu, aneesh.kumar@kernel.org, mingo@redhat.com, aneesh.kumar@linux.ibm.com, naveen.n.rao@linux.ibm.com, will@kernel.org, npiggin@gmail.com, broonie@kernel.org, bp@alien8.de, kvmarm@lists.linux.dev, tglx@linutronix.de, linux-arm-kernel@lists.infradead.org, oliver.upton@linux.dev, linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" * Szabolcs Nagy: >> However, does it matter much? That's only for the initial setup, the >> user can then change the permissions directly via the sysreg. So maybe >> we don't need all those combinations upfront. A PKEY_DISABLE_EXECUTE >> together with the full PKEY_DISABLE_ACCESS would probably suffice. > > this is ok. > > a bit awkward in userspace when the register is directly > set to e.g write-only and pkey_get has to return something, > but we can handle settings outside of valid PKEY_* macros > as unspec, users who want that would use their own register > set/get code. > > i would have designed the permission to use either existing > PROT_* flags or say that it is architectural and written to > the register directly and let the libc wrapper deal with > portable api, i guess it's too late now. We can still define a portable API if we get a few more PKEY_* bits. The last attempt stalled because the kernel does not really need them, it would be for userspace benefit only. For performance-critical code, pkey_get/pkey_set are already too slow, so adding a bit more bit twiddling to it wouldn't be a proble, I think. Applications that want to change protection key bits around a very short code sequence will have to write the architecture-specific register. > (the signal handling behaviour should have a control and it > is possible to fix e.g. via pkey_alloc flags, but that may > not be the best solution and this can be done later.) For glibc, the POWER behavior is much more useful. Thanks, Florian