Re: Rethinking sigcontext's xfeatures slightly for PKRU's benefit?

[Dave Hansen <dave.hansen@linux.intel.com>]

On 12/18/2015 03:16 PM, Andy Lutomirski wrote:
> Hrm.  We might also want an option to change pkru and/or baseline_pkru
> in all threads in the current mm.  That's optional but it could be
> handy.  Maybe it would be as simple as having the allocate-a-pkey call
> have an option to set an initial baseline value and an option to
> propagate that initial value to pre-existing threads.

Do you mean actively going in and changing PKRU in other threads?  I
fear that will be dangerous.

IMNHO, whatever we do, I think we need to ensure that _raw_ PKRU calls
are allowed (somehow).  Raw in this case would mean a thread calling
WRPKRU without a system call and without checking in with what any other
threads are doing.

Let's say baseline_pkru=0x004 (we're access-disabling PKEY[1] and using
it for execute-only).  Now, a thread is trying to do this:

	pkey2 = sys_pkey_alloc(); // now pkey2=2
	tmp = rdpkru(); // 0x004
	tmp |= 0x10; // set PKRU[2].AD=1
	wrpkru(tmp);

While another thread does:

	pkey4 = pkey_alloc(); // pkey4=4
	sys_pkey_set(pkey4, ACCESS_DISABLE, SET_BASELINE_ALL_THREADS);

Without some kind of locking, that's going to race.  We could do all the
locking in the kernel, but that requires that the kernel do all the PKRU
writing, which I'd really like to avoid.

I think the closest we can get reasonably is to have the kernel track
the baseline_pkru and then allow userspace to query it in case userspace
decides that thread needs to update its thread-local PKRU from the baseline.