From: Florian Weimer <fweimer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Ram Pai <linuxram-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Dave Hansen <dave.hansen-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
linux-mm <linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org>,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
linux-arch <linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-x86_64-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: pkeys: Support setting access rights for signal handlers
Date: Wed, 13 Dec 2017 16:08:09 +0100 [thread overview]
Message-ID: <9f86d79e-165a-1b8e-32dd-7e4e8579da59@redhat.com> (raw)
In-Reply-To: <20171213113544.GG5460-LOE2q6NSToAxGrZ80giIafUQ3DHhIser@public.gmane.org>
On 12/13/2017 12:35 PM, Ram Pai wrote:
> On Wed, Dec 13, 2017 at 03:14:36AM +0100, Florian Weimer wrote:
>> On 12/13/2017 12:13 AM, Ram Pai wrote:
>>
>>> On POWER, the value of the pkey_read() i.e contents the AMR
>>> register(pkru equivalent), is always the same regardless of its
>>> context; signal handler or not.
>>>
>>> In other words, the permission of any allocated key will not
>>> reset in a signal handler context.
>>
>> That's certainly the simpler semantics, but I don't like how they
>> differ from x86.
>>
>> Is the AMR register reset to the original value upon (regular)
>> return from the signal handler?
>
> The AMR bits are not touched upon (regular) return from the signal
> handler.
>
> If the signal handler changes the bits in the AMR, they will continue
> to be so, even after return from the signal handler.
>
> To illustrate with an example, lets say AMR value is 'x' and signal
> handler is invoked. The value of AMR will be 'x' in the context of the
> signal handler. On return from the signal handler the value of AMR will
> continue to be 'x'. However if signal handler changes the value of AMR
> to 'y', the value of AMR will be 'y' on return from the signal handler.
Okay, this model is really quite different from x86. Is there a good
reason for the difference? Could we change the x86 implementation to
behave in the same way? Or alternatively, change the POWER
implementation to match the existing x86 behavior?
>>> I was not aware that x86 would reset the key permissions in signal
>>> handler. I think, the proposed behavior for PKEY_ALLOC_SETSIGNAL should
>>> actually be the default behavior.
>>
>> Note that PKEY_ALLOC_SETSIGNAL does something different: It requests
>> that the kernel sets the access rights for the key to the bits
>> specified at pkey_alloc time when the signal handler is invoked. So
>> there is still a reset with PKEY_ALLOC_SETSIGNAL, but to a different
>> value. It did not occur to me that it might be desirable to avoid
>> resetting the value on a per-key basis.
>
> Ah. ok i see the subtle difference proposed by your semantics.
>
> Will the following behavior work?
>
> 'No bits will be reset to its initial value unless the key has been
> allocated with PKEY_ALLOC_*RE*SETSIGNAL flag'.
The existing x86 interface defaults to resetting the bits,
unfortunately. I'm not sure if we can or should change this now.
For my purposes, the POWER semantics would work fine as far as I can
see. The reset-to-default is really problematic. I don't actually need
the configurable behavior, but I implemented it this way to achieve a
maximum of backwards compatibility.
Thanks,
Florian
WARNING: multiple messages have this Message-ID (diff)
From: Florian Weimer <fweimer@redhat.com>
To: Ram Pai <linuxram@us.ibm.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
linux-mm <linux-mm@kvack.org>,
x86@kernel.org, linux-arch <linux-arch@vger.kernel.org>,
linux-x86_64@vger.kernel.org,
Linux API <linux-api@vger.kernel.org>
Subject: Re: pkeys: Support setting access rights for signal handlers
Date: Wed, 13 Dec 2017 16:08:09 +0100 [thread overview]
Message-ID: <9f86d79e-165a-1b8e-32dd-7e4e8579da59@redhat.com> (raw)
Message-ID: <20171213150809.G3ZBLtFQcPjBp0W8jSkoAaUDRvlMI-yD_nxN5FIBua4@z> (raw)
In-Reply-To: <20171213113544.GG5460@ram.oc3035372033.ibm.com>
On 12/13/2017 12:35 PM, Ram Pai wrote:
> On Wed, Dec 13, 2017 at 03:14:36AM +0100, Florian Weimer wrote:
>> On 12/13/2017 12:13 AM, Ram Pai wrote:
>>
>>> On POWER, the value of the pkey_read() i.e contents the AMR
>>> register(pkru equivalent), is always the same regardless of its
>>> context; signal handler or not.
>>>
>>> In other words, the permission of any allocated key will not
>>> reset in a signal handler context.
>>
>> That's certainly the simpler semantics, but I don't like how they
>> differ from x86.
>>
>> Is the AMR register reset to the original value upon (regular)
>> return from the signal handler?
>
> The AMR bits are not touched upon (regular) return from the signal
> handler.
>
> If the signal handler changes the bits in the AMR, they will continue
> to be so, even after return from the signal handler.
>
> To illustrate with an example, lets say AMR value is 'x' and signal
> handler is invoked. The value of AMR will be 'x' in the context of the
> signal handler. On return from the signal handler the value of AMR will
> continue to be 'x'. However if signal handler changes the value of AMR
> to 'y', the value of AMR will be 'y' on return from the signal handler.
Okay, this model is really quite different from x86. Is there a good
reason for the difference? Could we change the x86 implementation to
behave in the same way? Or alternatively, change the POWER
implementation to match the existing x86 behavior?
>>> I was not aware that x86 would reset the key permissions in signal
>>> handler. I think, the proposed behavior for PKEY_ALLOC_SETSIGNAL should
>>> actually be the default behavior.
>>
>> Note that PKEY_ALLOC_SETSIGNAL does something different: It requests
>> that the kernel sets the access rights for the key to the bits
>> specified at pkey_alloc time when the signal handler is invoked. So
>> there is still a reset with PKEY_ALLOC_SETSIGNAL, but to a different
>> value. It did not occur to me that it might be desirable to avoid
>> resetting the value on a per-key basis.
>
> Ah. ok i see the subtle difference proposed by your semantics.
>
> Will the following behavior work?
>
> 'No bits will be reset to its initial value unless the key has been
> allocated with PKEY_ALLOC_*RE*SETSIGNAL flag'.
The existing x86 interface defaults to resetting the bits,
unfortunately. I'm not sure if we can or should change this now.
For my purposes, the POWER semantics would work fine as far as I can
see. The reset-to-default is really problematic. I don't actually need
the configurable behavior, but I implemented it this way to achieve a
maximum of backwards compatibility.
Thanks,
Florian
WARNING: multiple messages have this Message-ID (diff)
From: Florian Weimer <fweimer@redhat.com>
To: Ram Pai <linuxram@us.ibm.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
linux-mm <linux-mm@kvack.org>,
x86@kernel.org, linux-arch <linux-arch@vger.kernel.org>,
linux-x86_64@vger.kernel.org,
Linux API <linux-api@vger.kernel.org>
Subject: Re: pkeys: Support setting access rights for signal handlers
Date: Wed, 13 Dec 2017 16:08:09 +0100 [thread overview]
Message-ID: <9f86d79e-165a-1b8e-32dd-7e4e8579da59@redhat.com> (raw)
In-Reply-To: <20171213113544.GG5460@ram.oc3035372033.ibm.com>
On 12/13/2017 12:35 PM, Ram Pai wrote:
> On Wed, Dec 13, 2017 at 03:14:36AM +0100, Florian Weimer wrote:
>> On 12/13/2017 12:13 AM, Ram Pai wrote:
>>
>>> On POWER, the value of the pkey_read() i.e contents the AMR
>>> register(pkru equivalent), is always the same regardless of its
>>> context; signal handler or not.
>>>
>>> In other words, the permission of any allocated key will not
>>> reset in a signal handler context.
>>
>> That's certainly the simpler semantics, but I don't like how they
>> differ from x86.
>>
>> Is the AMR register reset to the original value upon (regular)
>> return from the signal handler?
>
> The AMR bits are not touched upon (regular) return from the signal
> handler.
>
> If the signal handler changes the bits in the AMR, they will continue
> to be so, even after return from the signal handler.
>
> To illustrate with an example, lets say AMR value is 'x' and signal
> handler is invoked. The value of AMR will be 'x' in the context of the
> signal handler. On return from the signal handler the value of AMR will
> continue to be 'x'. However if signal handler changes the value of AMR
> to 'y', the value of AMR will be 'y' on return from the signal handler.
Okay, this model is really quite different from x86. Is there a good
reason for the difference? Could we change the x86 implementation to
behave in the same way? Or alternatively, change the POWER
implementation to match the existing x86 behavior?
>>> I was not aware that x86 would reset the key permissions in signal
>>> handler. I think, the proposed behavior for PKEY_ALLOC_SETSIGNAL should
>>> actually be the default behavior.
>>
>> Note that PKEY_ALLOC_SETSIGNAL does something different: It requests
>> that the kernel sets the access rights for the key to the bits
>> specified at pkey_alloc time when the signal handler is invoked. So
>> there is still a reset with PKEY_ALLOC_SETSIGNAL, but to a different
>> value. It did not occur to me that it might be desirable to avoid
>> resetting the value on a per-key basis.
>
> Ah. ok i see the subtle difference proposed by your semantics.
>
> Will the following behavior work?
>
> 'No bits will be reset to its initial value unless the key has been
> allocated with PKEY_ALLOC_*RE*SETSIGNAL flag'.
The existing x86 interface defaults to resetting the bits,
unfortunately. I'm not sure if we can or should change this now.
For my purposes, the POWER semantics would work fine as far as I can
see. The reset-to-default is really problematic. I don't actually need
the configurable behavior, but I implemented it this way to achieve a
maximum of backwards compatibility.
Thanks,
Florian
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-12-13 15:08 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-09 21:16 pkeys: Support setting access rights for signal handlers Florian Weimer
[not found] ` <5fee976a-42d4-d469-7058-b78ad8897219-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-12-10 0:17 ` Dave Hansen
2017-12-10 0:17 ` Dave Hansen
2017-12-10 0:17 ` Dave Hansen
2017-12-10 6:42 ` Florian Weimer
2017-12-10 6:42 ` Florian Weimer
2017-12-11 16:13 ` Dave Hansen
2017-12-11 16:13 ` Dave Hansen
2017-12-12 23:13 ` Ram Pai
2017-12-12 23:13 ` Ram Pai
2017-12-13 2:14 ` Florian Weimer
2017-12-13 2:14 ` Florian Weimer
2017-12-13 11:35 ` Ram Pai
2017-12-13 11:35 ` Ram Pai
[not found] ` <20171213113544.GG5460-LOE2q6NSToAxGrZ80giIafUQ3DHhIser@public.gmane.org>
2017-12-13 15:08 ` Florian Weimer [this message]
2017-12-13 15:08 ` Florian Weimer
2017-12-13 15:08 ` Florian Weimer
2017-12-13 15:22 ` Dave Hansen
2017-12-13 15:22 ` Dave Hansen
2017-12-13 15:40 ` Florian Weimer
2017-12-13 15:40 ` Florian Weimer
2017-12-14 0:17 ` Ram Pai
2017-12-14 0:17 ` Ram Pai
2017-12-14 11:21 ` Florian Weimer
2017-12-16 15:09 ` Ram Pai
2017-12-16 15:09 ` Ram Pai
2017-12-16 15:25 ` Florian Weimer
2017-12-16 15:25 ` Florian Weimer
[not found] ` <2eba29f4-804d-b211-1293-52a567739cad-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-12-16 17:20 ` Ram Pai
2017-12-16 17:20 ` Ram Pai
2017-12-16 17:20 ` Ram Pai
2017-12-18 11:00 ` Florian Weimer
2017-12-18 11:00 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9f86d79e-165a-1b8e-32dd-7e4e8579da59@redhat.com \
--to=fweimer-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=dave.hansen-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org \
--cc=linux-x86_64-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linuxram-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.