From: Dave Hansen <dave.hansen@linux.intel.com>
To: Florian Weimer <fweimer@redhat.com>,
Vlastimil Babka <vbabka@suse.cz>,
linux-x86_64@vger.kernel.org, linux-arch@vger.kernel.org
Cc: linux-mm <linux-mm@kvack.org>, Linux API <linux-api@vger.kernel.org>
Subject: Re: MPK: removing a pkey
Date: Thu, 23 Nov 2017 07:09:13 -0800 [thread overview]
Message-ID: <39ea6607-a013-bd18-b478-3f44fb17caa4@linux.intel.com> (raw)
In-Reply-To: <28f6e430-293d-4b30-dce6-018a2b3c03e8@redhat.com>
On 11/23/2017 04:38 AM, Florian Weimer wrote:
> On 11/22/2017 05:32 PM, Dave Hansen wrote:
>> On 11/22/2017 08:21 AM, Florian Weimer wrote:
>>> On 11/22/2017 05:10 PM, Dave Hansen wrote:
>>>> On 11/22/2017 04:15 AM, Florian Weimer wrote:
>>>>> On 11/22/2017 09:18 AM, Vlastimil Babka wrote:
>>>>>> And, was the pkey == -1 internal wiring supposed to be exposed to the
>>>>>> pkey_mprotect() signal, or should there have been a pre-check
>>>>>> returning
>>>>>> EINVAL in SYSCALL_DEFINE4(pkey_mprotect), before calling
>>>>>> do_mprotect_pkey())? I assume it's too late to change it now
>>>>>> anyway (or
>>>>>> not?), so should we also document it?
>>>>>
>>>>> I think the -1 case to the set the default key is useful because it
>>>>> allows you to use a key value of -1 to mean “MPK is not supported”,
>>>>> and
>>>>> still call pkey_mprotect.
>>>>
>>>> The behavior to not allow 0 to be set was unintentional and is a bug.
>>>> We should fix that.
>>>
>>> On the other hand, x86-64 has no single default protection key due to
>>> the PROT_EXEC emulation.
>>
>> No, the default is clearly 0 and documented to be so. The PROT_EXEC
>> emulation one should be inaccessible in all the APIs so does not even
>> show up as *being* a key in the API.
I should have been more explicit: the EXEC pkey does not show up in the
syscall API.
> I see key 1 in /proc for a PROT_EXEC mapping. If I supply an explicit
> protection key, that key is used, and the page ends up having read
> access enabled.
>
> The key is also visible in the siginfo_t argument on read access to a
> PROT_EXEC mapping with the default key, so it's not just /proc:
>
> page 1 (0x7f008242d000): read access denied
> SIGSEGV address: 0x7f008242d000
> SIGSEGV code: 4
> SIGSEGV key: 1
>
> I'm attaching my test.
Yes, it is exposed there. But, as a non-allocated pkey, the intention
in the kernel was to make sure that it could not be passed to the syscalls.
If that behavior is broken, we should probably fix it.
>> The fact that it's implemented
>> with pkeys should be pretty immaterial other than the fact that you
>> can't touch the high bits in PKRU.
>
> I don't see a restriction for PKRU updates. If I write zero to the PKRU
> register, PROT_EXEC implies PROT_READ, as I would expect.
I'll rephrase:
The fact that it's implemented with pkeys should be pretty
immaterial other than the fact that you must not touch the bits
controlling PROT_EXEC in PKRU if you want to keep it working.
There is no restriction which is *enforced*. It's just documented.
prev parent reply other threads:[~2017-11-23 15:09 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-05 10:35 MPK: pkey_free and key reuse Florian Weimer
2017-11-08 20:41 ` Dave Hansen
2017-11-09 14:48 ` Florian Weimer
2017-11-09 16:59 ` Dave Hansen
2017-11-23 12:48 ` Florian Weimer
2017-11-23 13:07 ` Vlastimil Babka
2017-11-23 15:25 ` Dave Hansen
2017-11-24 14:55 ` Florian Weimer
[not found] ` <0f006ef4-a7b5-c0cf-5f58-d0fd1f911a54-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-11-22 8:18 ` MPK: removing a pkey (was: pkey_free and key reuse) Vlastimil Babka
2017-11-22 12:15 ` MPK: removing a pkey Florian Weimer
2017-11-22 12:46 ` Vlastimil Babka
[not found] ` <f0495f01-9821-ec36-56b4-333f109eb761-AlSwsSmVLrQ@public.gmane.org>
2017-11-22 12:49 ` Florian Weimer
2017-11-22 16:10 ` Dave Hansen
2017-11-22 16:21 ` Florian Weimer
[not found] ` <9ec19ff3-86f6-7cfe-1a07-1ab1c5d9882c-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-11-22 16:32 ` Dave Hansen
2017-11-23 8:11 ` Vlastimil Babka
[not found] ` <de93997a-7802-96cf-62e2-e59416e745ca-AlSwsSmVLrQ@public.gmane.org>
2017-11-23 15:00 ` Dave Hansen
2017-11-23 21:42 ` Vlastimil Babka
[not found] ` <2d12777f-615a-8101-2156-cf861ec13aa7-AlSwsSmVLrQ@public.gmane.org>
2017-11-23 23:29 ` Dave Hansen
2017-11-24 8:35 ` Florian Weimer
2017-11-24 8:38 ` Vlastimil Babka
2017-11-23 12:38 ` Florian Weimer
2017-11-23 15:09 ` Dave Hansen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39ea6607-a013-bd18-b478-3f44fb17caa4@linux.intel.com \
--to=dave.hansen@linux.intel.com \
--cc=fweimer@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-x86_64@vger.kernel.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).