From: Ram Pai <linuxram@us.ibm.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Florian Weimer <fw@deneb.enyo.de>,
linux-arch@vger.kernel.org, x86@kernel.org, arnd@arndb.de,
corbet@lwn.net, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, mhocko@kernel.org,
linux-mm@kvack.org, mingo@redhat.com, paulus@samba.org,
ebiederm@xmission.com, linux-kselftest@vger.kernel.org,
bauerman@linux.vnet.ibm.com, akpm@linux-foundation.org,
khandual@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org,
aneesh.kumar@linux.vnet.ibm.com
Subject: Re: [PATCH v9 00/51] powerpc, mm: Memory Protection Keys
Date: Tue, 7 Nov 2017 15:44:27 -0800 [thread overview]
Message-ID: <20171107234427.GA5659@ram.oc3035372033.ibm.com> (raw)
In-Reply-To: <8b970e5b-50e6-bcc1-e8d3-6e3aa8523f55@intel.com>
On Tue, Nov 07, 2017 at 02:47:10PM -0800, Dave Hansen wrote:
> On 11/07/2017 02:39 PM, Ram Pai wrote:
> >
> > As per the current semantics of sys_pkey_free(); the way I understand it,
> > the calling thread is saying disassociate me from this key.
>
> No. It is saying: "this *process* no longer has any uses of this key,
> it can be reused".
ok, in light of the corrected semantics, I see no bug in the implimentation.
> On Mon, Nov 06, 2017 at 10:28:41PM +0100, Florian Weimer wrote:
...
> The problem is a pkey_alloc/pthread_create/pkey_free/pkey_alloc
> sequence. The pthread_create call makes the new thread inherit the
> access rights of the current thread, but then the key is deallocated.
> Reallocation of the same key will have that thread retain its access
> rights, which is IMHO not correct.
Again.. in light of the corrected semantics --
the child thread or any thread should not free
a key without cleaning up.
(a) disassociate the key from its address space
(b) reset the permission on the key across all the threads of the
process.
Because any such uncleaned bits can cause unexpected behavior if the
same key gets reallocated on sys_pkey_alloc().
--
Ram Pai
next prev parent reply other threads:[~2017-11-07 23:44 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-06 8:56 [PATCH v9 00/51] powerpc, mm: Memory Protection Keys Ram Pai
2017-11-06 8:56 ` [PATCH v9 01/51] mm, powerpc, x86: define VM_PKEY_BITx bits if CONFIG_ARCH_HAS_PKEYS is enabled Ram Pai
2017-11-06 8:56 ` [PATCH v9 02/51] mm, powerpc, x86: introduce an additional vma bit for powerpc pkey Ram Pai
2017-11-06 8:56 ` [PATCH v9 03/51] powerpc: initial pkey plumbing Ram Pai
2017-11-06 8:56 ` [PATCH v9 04/51] powerpc: track allocation status of all pkeys Ram Pai
2017-11-06 8:56 ` [PATCH v9 05/51] powerpc: helper function to read, write AMR, IAMR, UAMOR registers Ram Pai
2017-11-06 8:56 ` [PATCH v9 06/51] powerpc: helper functions to initialize AMR, IAMR and " Ram Pai
2017-11-06 8:56 ` [PATCH v9 07/51] powerpc: cleanup AMR, IAMR when a key is allocated or freed Ram Pai
2017-11-06 8:57 ` [PATCH v9 08/51] powerpc: implementation for arch_set_user_pkey_access() Ram Pai
2017-11-06 8:57 ` [PATCH v9 09/51] powerpc: ability to create execute-disabled pkeys Ram Pai
2017-11-06 8:57 ` [PATCH v9 10/51] powerpc: store and restore the pkey state across context switches Ram Pai
2017-11-06 8:57 ` [PATCH v9 11/51] powerpc: introduce execute-only pkey Ram Pai
2017-11-06 8:57 ` [PATCH v9 12/51] powerpc: ability to associate pkey to a vma Ram Pai
2017-11-06 8:57 ` [PATCH v9 13/51] powerpc: implementation for arch_override_mprotect_pkey() Ram Pai
2017-11-06 8:57 ` [PATCH v9 14/51] powerpc: map vma key-protection bits to pte key bits Ram Pai
2017-11-06 8:57 ` [PATCH v9 15/51] powerpc: Program HPTE key protection bits Ram Pai
2017-11-06 8:57 ` [PATCH v9 16/51] powerpc: helper to validate key-access permissions of a pte Ram Pai
2017-11-06 8:57 ` [PATCH v9 17/51] powerpc: check key protection for user page access Ram Pai
2017-11-06 8:57 ` [PATCH v9 18/51] powerpc: implementation for arch_vma_access_permitted() Ram Pai
2017-11-06 8:57 ` [PATCH v9 19/51] powerpc: Handle exceptions caused by pkey violation Ram Pai
2017-11-06 8:57 ` [PATCH v9 20/51] powerpc: introduce get_mm_addr_key() helper Ram Pai
2017-11-06 8:57 ` [PATCH v9 21/51] powerpc: Deliver SEGV signal on pkey violation Ram Pai
2017-11-06 8:57 ` [PATCH v9 22/51] powerpc/ptrace: Add memory protection key regset Ram Pai
2017-11-06 8:57 ` [PATCH v9 23/51] powerpc: Enable pkey subsystem Ram Pai
2017-11-13 0:54 ` Ram Pai
2017-11-06 8:57 ` [PATCH v9 24/51] powerpc: sys_pkey_alloc() and sys_pkey_free() system calls Ram Pai
2017-11-06 8:57 ` [PATCH v9 25/51] powerpc: sys_pkey_mprotect() system call Ram Pai
2017-11-06 8:57 ` [PATCH v9 26/51] powerpc: add sys_pkey_modify() " Ram Pai
2017-11-06 8:57 ` [PATCH v9 27/51] mm, x86 : introduce arch_pkeys_enabled() Ram Pai
2017-11-06 8:57 ` [PATCH v9 28/51] mm: display pkey in smaps if arch_pkeys_enabled() is true Ram Pai
2017-11-06 8:57 ` [PATCH v9 29/51] mm/mprotect, powerpc/mm/pkeys, x86/mm/pkeys: Add sysfs interface Ram Pai
2017-12-18 18:54 ` Dave Hansen
2017-12-18 22:18 ` Ram Pai
2017-12-18 22:28 ` Dave Hansen
2017-12-18 23:15 ` Ram Pai
2017-12-19 8:31 ` Gabriel Paubert
2017-12-19 16:22 ` Ram Pai
2017-12-19 21:34 ` Benjamin Herrenschmidt
2017-12-20 17:50 ` Ram Pai
2017-12-20 22:49 ` Benjamin Herrenschmidt
2017-12-19 10:50 ` Michael Ellerman
2017-12-19 16:32 ` Ram Pai
2017-11-06 8:57 ` [PATCH v9 30/51] Documentation/x86: Move protecton key documentation to arch neutral directory Ram Pai
2017-11-06 8:57 ` [PATCH v9 31/51] Documentation/vm: PowerPC specific updates to memory protection keys Ram Pai
2017-11-06 8:57 ` [PATCH v9 32/51] selftest/x86: Move protecton key selftest to arch neutral directory Ram Pai
2017-11-06 8:57 ` [PATCH v9 33/51] selftest/vm: rename all references to pkru to a generic name Ram Pai
2017-11-06 8:57 ` [PATCH v9 34/51] selftest/vm: move generic definitions to header file Ram Pai
2017-11-06 8:57 ` [PATCH v9 35/51] selftest/vm: typecast the pkey register Ram Pai
2017-11-06 8:57 ` [PATCH v9 36/51] selftest/vm: generic function to handle shadow key register Ram Pai
2017-11-06 8:57 ` [PATCH v9 37/51] selftest/vm: fix the wrong assert in pkey_disable_set() Ram Pai
2017-11-06 8:57 ` [PATCH v9 38/51] selftest/vm: fixed bugs in pkey_disable_clear() Ram Pai
2017-11-06 8:57 ` [PATCH v9 39/51] selftest/vm: clear the bits in shadow reg when a pkey is freed Ram Pai
2017-11-06 8:57 ` [PATCH v9 40/51] selftest/vm: fix alloc_random_pkey() to make it really random Ram Pai
2017-11-06 8:57 ` [PATCH v9 41/51] selftest/vm: introduce two arch independent abstraction Ram Pai
2017-11-06 8:57 ` [PATCH v9 42/51] selftest/vm: pkey register should match shadow pkey Ram Pai
2017-11-06 8:57 ` [PATCH v9 43/51] selftest/vm: generic cleanup Ram Pai
2017-11-06 8:57 ` [PATCH v9 44/51] selftest/vm: powerpc implementation for generic abstraction Ram Pai
2017-11-09 18:47 ` Breno Leitao
2017-11-09 23:37 ` Ram Pai
2017-11-10 11:36 ` Breno Leitao
2017-11-06 8:57 ` [PATCH v9 45/51] selftest/vm: fix an assertion in test_pkey_alloc_exhaust() Ram Pai
2017-11-06 8:57 ` [PATCH v9 46/51] selftest/vm: associate key on a mapped page and detect access violation Ram Pai
2017-11-06 8:57 ` [PATCH v9 47/51] selftest/vm: associate key on a mapped page and detect write violation Ram Pai
2017-11-06 8:57 ` [PATCH v9 48/51] selftest/vm: detect write violation on a mapped access-denied-key page Ram Pai
2017-11-06 8:57 ` [PATCH v9 49/51] selftest/vm: sub-page allocator Ram Pai
2017-11-06 8:57 ` [PATCH v9 50/51] selftests/powerpc: Add ptrace tests for Protection Key register Ram Pai
2017-11-06 8:57 ` [PATCH v9 51/51] selftests/powerpc: Add core file test " Ram Pai
2017-11-06 21:28 ` [PATCH v9 00/51] powerpc, mm: Memory Protection Keys Florian Weimer
2017-11-07 1:22 ` Ram Pai
2017-11-07 7:32 ` Florian Weimer
2017-11-07 22:39 ` Ram Pai
2017-11-07 22:47 ` Dave Hansen
2017-11-07 23:44 ` Ram Pai [this message]
2017-11-09 22:23 ` Ram Pai
2017-11-10 18:10 ` Christophe LEROY
2017-11-12 20:45 ` Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171107234427.GA5659@ram.oc3035372033.ibm.com \
--to=linuxram@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=arnd@arndb.de \
--cc=bauerman@linux.vnet.ibm.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=ebiederm@xmission.com \
--cc=fw@deneb.enyo.de \
--cc=khandual@linux.vnet.ibm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mhocko@kernel.org \
--cc=mingo@redhat.com \
--cc=paulus@samba.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).