All of lore.kernel.org
 help / color / mirror / Atom feed
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
	"H. Peter Anvin" <hpa@zytor.com>, Oleg Nesterov <oleg@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>,
	Brian Gerst <brgerst@gmail.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Christoph Hellwig <hch@lst.de>
Subject: Re: Rethinking sigcontext's xfeatures slightly for PKRU's benefit?
Date: Fri, 18 Dec 2015 13:45:06 -0800	[thread overview]
Message-ID: <CA+55aFyVJF48-QwZBD++1u8CB7EYrO1rMnwsZFW4rTBFoNXSZw@mail.gmail.com> (raw)
In-Reply-To: <567476CC.8080805@linux.intel.com>

On Fri, Dec 18, 2015 at 1:12 PM, Dave Hansen
<dave.hansen@linux.intel.com> wrote:
>
> But, if we are picking out an execute-only pkey more dynamically, we've
> got to keep the default value for the entire process somewhere.

How dynamic do we want to make this, though?

I haven't looked at the details, and perhaps more importantly, I don't
know what exactly are the requirements you've gotten from the people
who are expected to actually use this.

I think we might want to hardcode a couple of keys as "kernel
reserved". And I'd rather reserve them up-front than have some user
program be unhappy later when we want to use them.

I guess we want to leave key #0 for "normal page", so my suggesting to
use that for the execute-only was probably misguided.

But I do think we might want to have that "no read access" as a real
fixed key too, because I think the kernel itself would want to use it:

 (a) to make sure that it gets the right fault when user space passes
in a execute-only address to a system call.

 (b) for much more efficient PAGEALLOC_DEBUG for kernel mappings.

so I do think that we'd want to reserve two of the 16 keys up front.

Would it be ok for the expected users to have those keys simply be
fixed? With key 0 being used for all default pages, and key 1 being
used for all execute-only pages? And then defaulting PKRU to 4,
disallowing access to that key #1?

I could imagine that some kernel person would want to use even more
keys, but I think two fixed keys are kind of the minimal we'd want to
use.

           Linus

  reply	other threads:[~2015-12-18 21:45 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-18  1:48 Rethinking sigcontext's xfeatures slightly for PKRU's benefit? Andy Lutomirski
2015-12-18  2:13 ` Dave Hansen
2015-12-18  2:32   ` Andy Lutomirski
2015-12-18  2:52     ` Dave Hansen
2015-12-18  5:29       ` Andy Lutomirski
2015-12-18  6:43         ` H. Peter Anvin
2015-12-18 16:04           ` Andy Lutomirski
2015-12-18 16:56             ` Dave Hansen
2015-12-18 18:42             ` Dave Hansen
2015-12-18 19:21               ` Andy Lutomirski
2015-12-18 20:07                 ` Dave Hansen
2015-12-18 20:28                   ` Andy Lutomirski
2015-12-18 20:37                   ` Linus Torvalds
2015-12-18 20:49                     ` Andy Lutomirski
2015-12-18 20:58                       ` H. Peter Anvin
2015-12-18 21:02                         ` Andy Lutomirski
2015-12-18 21:08                           ` Dave Hansen
2015-12-18 21:04                       ` Linus Torvalds
2015-12-18 21:09                         ` Linus Torvalds
2015-12-18 21:12                         ` Dave Hansen
2015-12-18 21:45                           ` Linus Torvalds [this message]
2015-12-18 22:28                             ` Andy Lutomirski
2015-12-18 23:08                               ` Linus Torvalds
2015-12-18 23:16                                 ` Andy Lutomirski
2015-12-18 23:20                                   ` Linus Torvalds
2015-12-21 17:04                                   ` Dave Hansen
2015-12-21 22:52                                     ` Andy Lutomirski
2015-12-21 23:00                                       ` Dave Hansen
2015-12-21 23:02                                         ` Andy Lutomirski
2015-12-21 23:05                                           ` Dave Hansen
2015-12-21 23:04                               ` Dave Hansen
2015-12-21 23:07                                 ` Andy Lutomirski
2016-06-30 17:36                                   ` Andy Lutomirski
2016-06-30 21:25                                     ` Dave Hansen
2016-07-01 16:30                                       ` Andy Lutomirski
2015-12-29 23:48                             ` Dave Hansen
2015-12-18  8:32         ` Ingo Molnar
2015-12-18  8:59 ` Christoph Hellwig
2015-12-18 12:57   ` Borislav Petkov
2016-01-12 13:38     ` Ingo Molnar
2016-01-12 13:42       ` Christoph Hellwig
2016-01-13 10:48         ` Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+55aFyVJF48-QwZBD++1u8CB7EYrO1rMnwsZFW4rTBFoNXSZw@mail.gmail.com \
    --to=torvalds@linux-foundation.org \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hch@lst.de \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@kernel.org \
    --cc=oleg@redhat.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.