From: Ram Pai <linuxram@us.ibm.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
arnd@arndb.de, corbet@lwn.net, mingo@redhat.com,
paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com,
akpm@linux-foundation.org, khandual@linux.vnet.ibm.com
Subject: Re: [RFC v5 12/38] mm: ability to disable execute permission on a key at creation
Date: Tue, 11 Jul 2017 14:51:05 -0700 [thread overview]
Message-ID: <20170711215105.GA5542@ram.oc3035372033.ibm.com> (raw)
In-Reply-To: <1499808577.2865.30.camel@kernel.crashing.org>
On Wed, Jul 12, 2017 at 07:29:37AM +1000, Benjamin Herrenschmidt wrote:
> On Tue, 2017-07-11 at 11:11 -0700, Dave Hansen wrote:
> > On 07/05/2017 02:21 PM, Ram Pai wrote:
> > > Currently sys_pkey_create() provides the ability to disable read
> > > and write permission on the key, at creation. powerpc has the
> > > hardware support to disable execute on a pkey as well.This patch
> > > enhances the interface to let disable execute at key creation
> > > time. x86 does not allow this. Hence the next patch will add
> > > ability in x86 to return error if PKEY_DISABLE_EXECUTE is
> > > specified.
>
> That leads to the question... How do you tell userspace.
>
> (apologies if I missed that in an existing patch in the series)
>
> How do we inform userspace of the key capabilities ? There are at least
> two things userspace may want to know already:
>
> - What protection bits are supported for a key
the userspace is the one which allocates the keys and enables/disables the
protection bits on the key. the kernel is just a facilitator. Now if the
use space wants to know the current permissions on a given key, it can
just read the AMR/PKRU register on powerpc/intel respectively.
>
> - How many keys exist
There is no standard way of finding this other than trying to allocate
as many till you fail. A procfs or sysfs file can be added to expose
this information.
>
> - Which keys are available for use by userspace. On PowerPC, the
> kernel can reserve some keys for itself, so can the hypervisor. In
> fact, they do.
this information can be exposed through /proc or /sysfs
I am sure there will be more demands and requirements as applications
start leveraging these feature.
RP
>
> Cheers,
> Ben.
--
Ram Pai
WARNING: multiple messages have this Message-ID (diff)
From: Ram Pai <linuxram@us.ibm.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
arnd@arndb.de, corbet@lwn.net, mingo@redhat.com,
paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com,
akpm@linux-foundation.org, khandual@linux.vnet.ibm.com
Subject: Re: [RFC v5 12/38] mm: ability to disable execute permission on a key at creation
Date: Tue, 11 Jul 2017 14:51:05 -0700 [thread overview]
Message-ID: <20170711215105.GA5542@ram.oc3035372033.ibm.com> (raw)
In-Reply-To: <1499808577.2865.30.camel@kernel.crashing.org>
On Wed, Jul 12, 2017 at 07:29:37AM +1000, Benjamin Herrenschmidt wrote:
> On Tue, 2017-07-11 at 11:11 -0700, Dave Hansen wrote:
> > On 07/05/2017 02:21 PM, Ram Pai wrote:
> > > Currently sys_pkey_create() provides the ability to disable read
> > > and write permission on the key, at creation. powerpc has the
> > > hardware support to disable execute on a pkey as well.This patch
> > > enhances the interface to let disable execute at key creation
> > > time. x86 does not allow this. Hence the next patch will add
> > > ability in x86 to return error if PKEY_DISABLE_EXECUTE is
> > > specified.
>
> That leads to the question... How do you tell userspace.
>
> (apologies if I missed that in an existing patch in the series)
>
> How do we inform userspace of the key capabilities ? There are at least
> two things userspace may want to know already:
>
> - What protection bits are supported for a key
the userspace is the one which allocates the keys and enables/disables the
protection bits on the key. the kernel is just a facilitator. Now if the
use space wants to know the current permissions on a given key, it can
just read the AMR/PKRU register on powerpc/intel respectively.
>
> - How many keys exist
There is no standard way of finding this other than trying to allocate
as many till you fail. A procfs or sysfs file can be added to expose
this information.
>
> - Which keys are available for use by userspace. On PowerPC, the
> kernel can reserve some keys for itself, so can the hypervisor. In
> fact, they do.
this information can be exposed through /proc or /sysfs
I am sure there will be more demands and requirements as applications
start leveraging these feature.
RP
>
> Cheers,
> Ben.
--
Ram Pai
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-07-11 21:51 UTC|newest]
Thread overview: 191+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-05 21:21 [RFC v5 00/38] powerpc: Memory Protection Keys Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 01/38] powerpc: Free up four 64K PTE bits in 4K backed HPTE pages Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-07 7:25 ` Balbir Singh
2017-07-07 7:25 ` Balbir Singh
2017-07-07 7:25 ` Balbir Singh
2017-07-05 21:21 ` [RFC v5 02/38] powerpc: Free up four 64K PTE bits in 64K " Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 5:59 ` Balbir Singh
2017-07-11 5:59 ` Balbir Singh
2017-07-11 15:44 ` Ram Pai
2017-07-11 15:44 ` Ram Pai
2017-07-12 3:10 ` Balbir Singh
2017-07-12 3:10 ` Balbir Singh
2017-07-13 7:39 ` Ram Pai
2017-07-13 7:39 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 03/38] powerpc: introduce pte_set_hash_slot() helper Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 04/38] powerpc: introduce pte_get_hash_gslot() helper Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 05/38] powerpc: capture the PTE format changes in the dump pte report Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 06/38] powerpc: use helper functions in __hash_page_64K() for 64K PTE Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 07/38] powerpc: use helper functions in __hash_page_huge() " Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 08/38] powerpc: use helper functions in __hash_page_4K() " Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 09/38] powerpc: use helper functions in __hash_page_4K() for 4K PTE Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 10/38] powerpc: use helper functions in flush_hash_page() Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 11/38] mm: introduce an additional vma bit for powerpc pkey Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 18:10 ` Dave Hansen
2017-07-11 18:10 ` Dave Hansen
2017-07-12 22:23 ` Ram Pai
2017-07-12 22:23 ` Ram Pai
2017-07-12 22:40 ` Benjamin Herrenschmidt
2017-07-12 22:40 ` Benjamin Herrenschmidt
2017-07-05 21:21 ` [RFC v5 12/38] mm: ability to disable execute permission on a key at creation Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 18:11 ` Dave Hansen
2017-07-11 18:11 ` Dave Hansen
2017-07-11 21:29 ` Benjamin Herrenschmidt
2017-07-11 21:29 ` Benjamin Herrenschmidt
2017-07-11 21:51 ` Ram Pai [this message]
2017-07-11 21:51 ` Ram Pai
2017-07-11 21:57 ` Dave Hansen
2017-07-11 21:57 ` Dave Hansen
2017-07-11 22:14 ` Ram Pai
2017-07-11 22:14 ` Ram Pai
2017-07-11 22:19 ` Dave Hansen
2017-07-11 22:19 ` Dave Hansen
2017-07-11 22:08 ` Benjamin Herrenschmidt
2017-07-11 22:08 ` Benjamin Herrenschmidt
2017-07-11 22:19 ` Ram Pai
2017-07-11 22:19 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 13/38] x86: disallow pkey creation with PKEY_DISABLE_EXECUTE Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-11 18:12 ` Dave Hansen
2017-07-11 18:12 ` Dave Hansen
2017-07-05 21:21 ` [RFC v5 14/38] powerpc: initial plumbing for key management Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-12 3:28 ` Balbir Singh
2017-07-12 3:28 ` Balbir Singh
2017-07-13 7:45 ` Ram Pai
2017-07-13 7:45 ` Ram Pai
2017-07-13 20:37 ` Ram Pai
2017-07-13 20:37 ` Ram Pai
2017-07-13 21:30 ` Balbir Singh
2017-07-13 21:30 ` Balbir Singh
2017-07-13 21:30 ` Balbir Singh
2017-07-13 21:30 ` Balbir Singh
2017-07-05 21:21 ` [RFC v5 15/38] powerpc: helper function to read,write AMR,IAMR,UAMOR registers Ram Pai
2017-07-05 21:21 ` [RFC v5 15/38] powerpc: helper function to read, write AMR, IAMR, UAMOR registers Ram Pai
2017-07-05 21:21 ` [RFC v5 15/38] powerpc: helper function to read,write AMR,IAMR,UAMOR registers Ram Pai
2017-07-12 5:26 ` Balbir Singh
2017-07-12 5:26 ` Balbir Singh
2017-07-13 7:55 ` Ram Pai
2017-07-13 7:55 ` Ram Pai
2017-07-13 9:49 ` Balbir Singh
2017-07-13 9:49 ` Balbir Singh
2017-07-13 9:49 ` Balbir Singh
2017-07-13 23:29 ` Ram Pai
2017-07-13 23:29 ` Ram Pai
2017-07-13 23:29 ` Ram Pai
2017-07-13 23:29 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 16/38] powerpc: implementation for arch_set_user_pkey_access() Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 17/38] powerpc: sys_pkey_alloc() and sys_pkey_free() system calls Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 18/38] powerpc: store and restore the pkey state across context switches Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 19/38] powerpc: introduce execute-only pkey Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 20/38] powerpc: ability to associate pkey to a vma Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 21/38] powerpc: implementation for arch_override_mprotect_pkey() Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:21 ` [RFC v5 22/38] powerpc: map vma key-protection bits to pte key bits Ram Pai
2017-07-05 21:21 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 23/38] powerpc: sys_pkey_mprotect() system call Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 24/38] powerpc: Program HPTE key protection bits Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 25/38] powerpc: helper to validate key-access permissions of a pte Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 26/38] powerpc: check key protection for user page access Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 27/38] powerpc: Macro the mask used for checking DSI exception Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 28/38] powerpc: implementation for arch_vma_access_permitted() Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 29/38] powerpc: Handle exceptions caused by pkey violation Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 30/38] powerpc: capture AMR register content on " Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 31/38] powerpc: introduce get_pte_pkey() helper Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:11 ` Anshuman Khandual
2017-07-10 3:11 ` Anshuman Khandual
2017-07-10 5:55 ` Ram Pai
2017-07-10 5:55 ` Ram Pai
2017-07-11 11:22 ` Anshuman Khandual
2017-07-11 11:22 ` Anshuman Khandual
2017-07-05 21:22 ` [RFC v5 32/38] powerpc: capture the violated protection key on fault Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:10 ` Anshuman Khandual
2017-07-10 3:10 ` Anshuman Khandual
2017-07-10 5:49 ` Ram Pai
2017-07-10 5:49 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 33/38] powerpc: Deliver SEGV signal on pkey violation Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:08 ` Anshuman Khandual
2017-07-10 3:08 ` Anshuman Khandual
2017-07-05 21:22 ` [RFC v5 34/38] procfs: display the protection-key number associated with a vma Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 6:01 ` Ram Pai
2017-07-10 6:01 ` Ram Pai
2017-07-11 18:13 ` Dave Hansen
2017-07-11 18:13 ` Dave Hansen
2017-07-13 8:03 ` Ram Pai
2017-07-13 8:03 ` Ram Pai
2017-07-13 14:07 ` Dave Hansen
2017-07-13 14:07 ` Dave Hansen
2017-07-13 17:04 ` Ram Pai
2017-07-13 17:04 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 35/38] selftest: Move protecton key selftest to arch neutral directory Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 36/38] selftest: PowerPC specific test updates to memory protection keys Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-11 17:33 ` Dave Hansen
2017-07-11 17:33 ` Dave Hansen
2017-07-12 21:57 ` Ram Pai
2017-07-12 21:57 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 37/38] Documentation: Move protecton key documentation to arch neutral directory Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-05 21:22 ` [RFC v5 38/38] Documentation: PowerPC specific updates to memory protection keys Ram Pai
2017-07-05 21:22 ` Ram Pai
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 3:07 ` Anshuman Khandual
2017-07-10 5:59 ` Ram Pai
2017-07-10 5:59 ` Ram Pai
2017-07-11 18:23 ` Dave Hansen
2017-07-11 18:23 ` Dave Hansen
2017-07-13 19:56 ` Ram Pai
2017-07-13 19:56 ` Ram Pai
2017-07-10 5:43 ` [RFC v5 00/38] powerpc: Memory Protection Keys Anshuman Khandual
2017-07-10 5:43 ` Anshuman Khandual
2017-07-10 6:05 ` Ram Pai
2017-07-10 6:05 ` Ram Pai
2017-07-10 17:15 ` Ram Pai
2017-07-10 17:15 ` Ram Pai
2017-07-11 14:52 ` Michal Hocko
2017-07-11 14:52 ` Michal Hocko
2017-07-11 19:32 ` Ram Pai
2017-07-11 19:32 ` Ram Pai
2017-07-11 21:30 ` Benjamin Herrenschmidt
2017-07-11 21:30 ` Benjamin Herrenschmidt
2017-07-12 7:23 ` Michal Hocko
2017-07-12 7:23 ` Michal Hocko
2017-07-12 7:39 ` Michal Hocko
2017-07-12 7:39 ` Michal Hocko
2017-07-12 22:53 ` Benjamin Herrenschmidt
2017-07-12 22:53 ` Benjamin Herrenschmidt
2017-07-13 6:20 ` Michal Hocko
2017-07-13 6:20 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170711215105.GA5542@ram.oc3035372033.ibm.com \
--to=linuxram@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=khandual@linux.vnet.ibm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=paulus@samba.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.