Re: pkeys: Support setting access rights for signal handlers

From: Ram Pai <linuxram@us.ibm.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
	linux-mm <linux-mm@kvack.org>,
	x86@kernel.org, linux-arch <linux-arch@vger.kernel.org>,
	linux-x86_64@vger.kernel.org,
	Linux API <linux-api@vger.kernel.org>
Subject: Re: pkeys: Support setting access rights for signal handlers
Date: Sat, 16 Dec 2017 07:09:10 -0800	[thread overview]
Message-ID: <20171216150910.GA5461@ram.oc3035372033.ibm.com> (raw)
In-Reply-To: <cf13f6e0-2405-4c58-4cf1-266e8baae825@redhat.com>

On Thu, Dec 14, 2017 at 12:21:44PM +0100, Florian Weimer wrote:
> On 12/14/2017 01:17 AM, Ram Pai wrote:
> >On Wed, Dec 13, 2017 at 04:40:11PM +0100, Florian Weimer wrote:
> >>On 12/13/2017 04:22 PM, Dave Hansen wrote:
> >>>On 12/13/2017 07:08 AM, Florian Weimer wrote:
> >>>>Okay, this model is really quite different from x86.  Is there a
> >>>>good reason for the difference?
> >>>
> >>>Yes, both implementations are simple and take the "natural" behavior.
> >>>x86 changes XSAVE-controlled register values on entering a signal, so we
> >>>let them be changed (including PKRU).  POWER hardware does not do this
> >>>to its PKRU-equivalent, so we do not force it to.
> >>
> >>Whuy?  Is there a technical reason not have fully-aligned behavior?
> >>Can POWER at least implement the original PKEY_ALLOC_SETSIGNAL
> >>semantics (reset the access rights for certain keys before switching
> >>to the signal handler) in a reasonably efficient manner?
> >
> >This can be done on POWER. I can also change the behavior on POWER
> >to exactly match x86; i.e reset the value to init value before
> >calling the signal handler.
> 
> Maybe we can implement a compromise?
> 
> Assuming I got the attached patch right, it implements PKRU
> inheritance in signal handlers, similar to what you intend to
> implement for POWER.

Ok.

> It still restores the PKRU register value upon
> regular exit from the signal handler, which I think is something we
> should keep.

On x86, the pkru value is restored, on return from the signal handler,
to the value before the signal handler was called. right?

In other words, if 'x' was the value when signal handler was called, it
will be 'x' when return from the signal handler.

If correct, than it is consistent with the behavior on POWER.

> 
> I think we still should add a flag, so that applications can easily
> determine if a kernel has this patch.  Setting up a signal handler,
> sending the signal, and thus checking for inheritance is a bit
> involved, and we'd have to do this in the dynamic linker before we
> can use pkeys to harden lazy binding.  The flag could just be a
> no-op, apart from the lack of an EINVAL failure if it is specified.

Sorry. I am little confused.  What should I implement on POWER? 
PKEY_ALLOC_SETSIGNAL semantics?

Let me know. Thanks for driving this to some consistency.
RP

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>