From: Ram Pai <linuxram@us.ibm.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
arnd@arndb.de, corbet@lwn.net, mingo@redhat.com,
paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com,
akpm@linux-foundation.org, khandual@linux.vnet.ibm.com
Subject: Re: [RFC v5 12/38] mm: ability to disable execute permission on a key at creation
Date: Tue, 11 Jul 2017 14:51:05 -0700 [thread overview]
Message-ID: <20170711215105.GA5542@ram.oc3035372033.ibm.com> (raw)
In-Reply-To: <1499808577.2865.30.camel@kernel.crashing.org>
On Wed, Jul 12, 2017 at 07:29:37AM +1000, Benjamin Herrenschmidt wrote:
> On Tue, 2017-07-11 at 11:11 -0700, Dave Hansen wrote:
> > On 07/05/2017 02:21 PM, Ram Pai wrote:
> > > Currently sys_pkey_create() provides the ability to disable read
> > > and write permission on the key, at creation. powerpc has the
> > > hardware support to disable execute on a pkey as well.This patch
> > > enhances the interface to let disable execute at key creation
> > > time. x86 does not allow this. Hence the next patch will add
> > > ability in x86 to return error if PKEY_DISABLE_EXECUTE is
> > > specified.
>
> That leads to the question... How do you tell userspace.
>
> (apologies if I missed that in an existing patch in the series)
>
> How do we inform userspace of the key capabilities ? There are at least
> two things userspace may want to know already:
>
> - What protection bits are supported for a key
the userspace is the one which allocates the keys and enables/disables the
protection bits on the key. the kernel is just a facilitator. Now if the
use space wants to know the current permissions on a given key, it can
just read the AMR/PKRU register on powerpc/intel respectively.
>
> - How many keys exist
There is no standard way of finding this other than trying to allocate
as many till you fail. A procfs or sysfs file can be added to expose
this information.
>
> - Which keys are available for use by userspace. On PowerPC, the
> kernel can reserve some keys for itself, so can the hypervisor. In
> fact, they do.
this information can be exposed through /proc or /sysfs
I am sure there will be more demands and requirements as applications
start leveraging these feature.
RP
>
> Cheers,
> Ben.
--
Ram Pai
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Ram Pai <linuxram@us.ibm.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
arnd@arndb.de, corbet@lwn.net, mingo@redhat.com,
paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com,
akpm@linux-foundation.org, khandual@linux.vnet.ibm.com
Subject: Re: [RFC v5 12/38] mm: ability to disable execute permission on a key at creation
Date: Tue, 11 Jul 2017 14:51:05 -0700 [thread overview]
Message-ID: <20170711215105.GA5542@ram.oc3035372033.ibm.com> (raw)
Message-ID: <20170711215105.QN-lO2gCVn9zbZWlrw3qMXaUQMeo_2fQgqOcuI5zvdU@z> (raw)
In-Reply-To: <1499808577.2865.30.camel@kernel.crashing.org>
On Wed, Jul 12, 2017 at 07:29:37AM +1000, Benjamin Herrenschmidt wrote:
> On Tue, 2017-07-11 at 11:11 -0700, Dave Hansen wrote:
> > On 07/05/2017 02:21 PM, Ram Pai wrote:
> > > Currently sys_pkey_create() provides the ability to disable read
> > > and write permission on the key, at creation. powerpc has the
> > > hardware support to disable execute on a pkey as well.This patch
> > > enhances the interface to let disable execute at key creation
> > > time. x86 does not allow this. Hence the next patch will add
> > > ability in x86 to return error if PKEY_DISABLE_EXECUTE is
> > > specified.
>
> That leads to the question... How do you tell userspace.
>
> (apologies if I missed that in an existing patch in the series)
>
> How do we inform userspace of the key capabilities ? There are at least
> two things userspace may want to know already:
>
> - What protection bits are supported for a key
the userspace is the one which allocates the keys and enables/disables the
protection bits on the key. the kernel is just a facilitator. Now if the
use space wants to know the current permissions on a given key, it can
just read the AMR/PKRU register on powerpc/intel respectively.
>
> - How many keys exist
There is no standard way of finding this other than trying to allocate
as many till you fail. A procfs or sysfs file can be added to expose
this information.
>
> - Which keys are available for use by userspace. On PowerPC, the
> kernel can reserve some keys for itself, so can the hypervisor. In
> fact, they do.
this information can be exposed through /proc or /sysfs
I am sure there will be more demands and requirements as applications
start leveraging these feature.
RP
>
> Cheers,
> Ben.
--
Ram Pai
next prev parent reply other threads:[~2017-07-11 21:51 UTC|newest]
Thread overview: 169+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-05 21:21 [RFC v5 00/38] powerpc: Memory Protection Keys Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 01/38] powerpc: Free up four 64K PTE bits in 4K backed HPTE pages Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-07 7:25 ` Balbir Singh
2017-07-07 7:25 ` Balbir Singh
2017-07-05 21:21 ` [RFC v5 02/38] powerpc: Free up four 64K PTE bits in 64K " Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 5:59 ` Balbir Singh
2017-07-11 15:44 ` Ram Pai
2017-07-11 15:44 ` Ram Pai
2017-07-12 3:10 ` Balbir Singh
2017-07-12 3:10 ` Balbir Singh
2017-07-13 7:39 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 03/38] powerpc: introduce pte_set_hash_slot() helper Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 04/38] powerpc: introduce pte_get_hash_gslot() helper Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 05/38] powerpc: capture the PTE format changes in the dump pte report Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 06/38] powerpc: use helper functions in __hash_page_64K() for 64K PTE Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 07/38] powerpc: use helper functions in __hash_page_huge() " Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 08/38] powerpc: use helper functions in __hash_page_4K() " Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 09/38] powerpc: use helper functions in __hash_page_4K() for 4K PTE Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 10/38] powerpc: use helper functions in flush_hash_page() Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 11/38] mm: introduce an additional vma bit for powerpc pkey Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 18:10 ` Dave Hansen
2017-07-11 18:10 ` Dave Hansen
2017-07-12 22:23 ` Ram Pai
2017-07-12 22:23 ` Ram Pai
2017-07-12 22:40 ` Benjamin Herrenschmidt
2017-07-12 22:40 ` Benjamin Herrenschmidt
2017-07-05 21:21 ` [RFC v5 12/38] mm: ability to disable execute permission on a key at creation Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 18:11 ` Dave Hansen
2017-07-11 18:11 ` Dave Hansen
2017-07-11 21:29 ` Benjamin Herrenschmidt
2017-07-11 21:29 ` Benjamin Herrenschmidt
2017-07-11 21:51 ` Ram Pai [this message]
2017-07-11 21:51 ` Ram Pai
2017-07-11 21:57 ` Dave Hansen
2017-07-11 21:57 ` Dave Hansen
2017-07-11 22:14 ` Ram Pai
2017-07-11 22:14 ` Ram Pai
2017-07-11 22:19 ` Dave Hansen
2017-07-11 22:19 ` Dave Hansen
2017-07-11 22:08 ` Benjamin Herrenschmidt
2017-07-11 22:08 ` Benjamin Herrenschmidt
2017-07-11 22:19 ` Ram Pai
2017-07-11 22:19 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 13/38] x86: disallow pkey creation with PKEY_DISABLE_EXECUTE Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 18:12 ` Dave Hansen
2017-07-11 18:12 ` Dave Hansen
2017-07-05 21:21 ` [RFC v5 14/38] powerpc: initial plumbing for key management Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-12 3:28 ` Balbir Singh
2017-07-12 3:28 ` Balbir Singh
2017-07-13 7:45 ` Ram Pai
2017-07-13 20:37 ` Ram Pai
2017-07-13 21:30 ` Balbir Singh
2017-07-13 21:30 ` Balbir Singh
2017-07-05 21:21 ` [RFC v5 15/38] powerpc: helper function to read,write AMR,IAMR,UAMOR registers Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-12 5:26 ` Balbir Singh
2017-07-12 5:26 ` Balbir Singh
2017-07-13 7:55 ` Ram Pai
2017-07-13 7:55 ` Ram Pai
2017-07-13 9:49 ` Balbir Singh
2017-07-13 9:49 ` Balbir Singh
2017-07-13 23:29 ` Ram Pai
2017-07-13 23:29 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 16/38] powerpc: implementation for arch_set_user_pkey_access() Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 17/38] powerpc: sys_pkey_alloc() and sys_pkey_free() system calls Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 18/38] powerpc: store and restore the pkey state across context switches Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 19/38] powerpc: introduce execute-only pkey Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 20/38] powerpc: ability to associate pkey to a vma Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 21/38] powerpc: implementation for arch_override_mprotect_pkey() Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 22/38] powerpc: map vma key-protection bits to pte key bits Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 23/38] powerpc: sys_pkey_mprotect() system call Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 24/38] powerpc: Program HPTE key protection bits Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 25/38] powerpc: helper to validate key-access permissions of a pte Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 26/38] powerpc: check key protection for user page access Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 27/38] powerpc: Macro the mask used for checking DSI exception Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 28/38] powerpc: implementation for arch_vma_access_permitted() Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 29/38] powerpc: Handle exceptions caused by pkey violation Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 30/38] powerpc: capture AMR register content on " Ram Pai
2017-07-05 21:22 ` [RFC v5 31/38] powerpc: introduce get_pte_pkey() helper Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:11 ` Anshuman Khandual
2017-07-10 3:11 ` Anshuman Khandual
2017-07-10 5:55 ` Ram Pai
2017-07-10 5:55 ` Ram Pai
2017-07-11 11:22 ` Anshuman Khandual
2017-07-05 21:22 ` [RFC v5 32/38] powerpc: capture the violated protection key on fault Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:10 ` Anshuman Khandual
2017-07-10 3:10 ` Anshuman Khandual
2017-07-10 5:49 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 33/38] powerpc: Deliver SEGV signal on pkey violation Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:08 ` Anshuman Khandual
2017-07-10 3:08 ` Anshuman Khandual
2017-07-05 21:22 ` [RFC v5 34/38] procfs: display the protection-key number associated with a vma Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 6:01 ` Ram Pai
2017-07-11 18:13 ` Dave Hansen
2017-07-13 8:03 ` Ram Pai
2017-07-13 14:07 ` Dave Hansen
2017-07-13 14:07 ` Dave Hansen
2017-07-13 17:04 ` Ram Pai
2017-07-13 17:04 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 35/38] selftest: Move protecton key selftest to arch neutral directory Ram Pai
2017-07-05 21:22 ` [RFC v5 36/38] selftest: PowerPC specific test updates to memory protection keys Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-11 17:33 ` Dave Hansen
2017-07-11 17:33 ` Dave Hansen
2017-07-12 21:57 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 37/38] Documentation: Move protecton key documentation to arch neutral directory Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 38/38] Documentation: PowerPC specific updates to memory protection keys Ram Pai
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 5:59 ` Ram Pai
2017-07-10 5:59 ` Ram Pai
2017-07-11 18:23 ` Dave Hansen
2017-07-11 18:23 ` Dave Hansen
2017-07-13 19:56 ` Ram Pai
2017-07-13 19:56 ` Ram Pai
2017-07-10 5:43 ` [RFC v5 00/38] powerpc: Memory Protection Keys Anshuman Khandual
2017-07-10 5:43 ` Anshuman Khandual
2017-07-10 6:05 ` Ram Pai
2017-07-10 6:05 ` Ram Pai
2017-07-10 17:15 ` Ram Pai
2017-07-10 17:15 ` Ram Pai
2017-07-11 14:52 ` Michal Hocko
2017-07-11 19:32 ` Ram Pai
2017-07-11 19:32 ` Ram Pai
2017-07-11 21:30 ` Benjamin Herrenschmidt
2017-07-11 21:30 ` Benjamin Herrenschmidt
2017-07-12 7:23 ` Michal Hocko
2017-07-12 7:23 ` Michal Hocko
2017-07-12 7:39 ` Michal Hocko
2017-07-12 7:39 ` Michal Hocko
2017-07-12 22:53 ` Benjamin Herrenschmidt
2017-07-12 22:53 ` Benjamin Herrenschmidt
2017-07-13 6:20 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170711215105.GA5542@ram.oc3035372033.ibm.com \
--to=linuxram@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=khandual@linux.vnet.ibm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=paulus@samba.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).