All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Weimer <fweimer@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: Linux-MM <linux-mm@kvack.org>, Ram Pai <linuxram@us.ibm.com>,
	linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
	Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@intel.com>
Subject: Re: pkeys on POWER: Access rights not reset on execve
Date: Fri, 8 Jun 2018 14:57:06 +0200	[thread overview]
Message-ID: <f440aaa4-0a55-3ccd-2df1-2ad595e9e17a@redhat.com> (raw)
In-Reply-To: <20180608145413.393fa245@kitsune.suse.cz>

On 06/08/2018 02:54 PM, Michal SuchA!nek wrote:
> On Fri, 8 Jun 2018 12:44:53 +0200
> Florian Weimer <fweimer@redhat.com> wrote:
> 
>> On 06/08/2018 12:15 PM, Michal SuchA!nek wrote:
>>> On Fri, 8 Jun 2018 07:53:51 +0200
>>> Florian Weimer <fweimer@redhat.com> wrote:
>>>    
>>>> On 06/08/2018 04:34 AM, Ram Pai wrote:
>>>>>>
>>>>>> So the remaining question at this point is whether the Intel
>>>>>> behavior (default-deny instead of default-allow) is preferable.
>>>>>
>>>>> Florian, remind me what behavior needs to fixed?
>>>>
>>>> See the other thread.  The Intel register equivalent to the AMR by
>>>> default disallows access to yet-unallocated keys, so that threads
>>>> which are created before key allocation do not magically gain
>>>> access to a key allocated by another thread.
>>>>   
>>>
>>> That does not make any sense. The threads share the address space so
>>> they should also share the keys.
>>>
>>> Or in other words the keys are supposed to be acceleration of
>>> mprotect() so if mprotect() magically gives access to threads that
>>> did not call it so should pkey functions. If they cannot do that
>>> then they fail the primary purpose.
>>
>> That's not how protection keys work.  The access rights are
>> thread-specific, so that you can change them locally, without
>> synchronization and expensive inter-node communication.
>>
> 
> And the association of a key with part of the address space is
> thread-local as well?

No, that part is still per-process.

Florian

WARNING: multiple messages have this Message-ID (diff)
From: Florian Weimer <fweimer@redhat.com>
To: "Michal Suchánek" <msuchanek@suse.de>
Cc: Linux-MM <linux-mm@kvack.org>, Ram Pai <linuxram@us.ibm.com>,
	linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
	Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@intel.com>
Subject: Re: pkeys on POWER: Access rights not reset on execve
Date: Fri, 8 Jun 2018 14:57:06 +0200	[thread overview]
Message-ID: <f440aaa4-0a55-3ccd-2df1-2ad595e9e17a@redhat.com> (raw)
In-Reply-To: <20180608145413.393fa245@kitsune.suse.cz>

On 06/08/2018 02:54 PM, Michal Suchánek wrote:
> On Fri, 8 Jun 2018 12:44:53 +0200
> Florian Weimer <fweimer@redhat.com> wrote:
> 
>> On 06/08/2018 12:15 PM, Michal Suchánek wrote:
>>> On Fri, 8 Jun 2018 07:53:51 +0200
>>> Florian Weimer <fweimer@redhat.com> wrote:
>>>    
>>>> On 06/08/2018 04:34 AM, Ram Pai wrote:
>>>>>>
>>>>>> So the remaining question at this point is whether the Intel
>>>>>> behavior (default-deny instead of default-allow) is preferable.
>>>>>
>>>>> Florian, remind me what behavior needs to fixed?
>>>>
>>>> See the other thread.  The Intel register equivalent to the AMR by
>>>> default disallows access to yet-unallocated keys, so that threads
>>>> which are created before key allocation do not magically gain
>>>> access to a key allocated by another thread.
>>>>   
>>>
>>> That does not make any sense. The threads share the address space so
>>> they should also share the keys.
>>>
>>> Or in other words the keys are supposed to be acceleration of
>>> mprotect() so if mprotect() magically gives access to threads that
>>> did not call it so should pkey functions. If they cannot do that
>>> then they fail the primary purpose.
>>
>> That's not how protection keys work.  The access rights are
>> thread-specific, so that you can change them locally, without
>> synchronization and expensive inter-node communication.
>>
> 
> And the association of a key with part of the address space is
> thread-local as well?

No, that part is still per-process.

Florian

  reply	other threads:[~2018-06-08 12:57 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-18 14:27 pkeys on POWER: Access rights not reset on execve Florian Weimer
2018-05-19  1:19 ` Ram Pai
2018-05-19  1:50   ` Andy Lutomirski
2018-05-19  5:26     ` Florian Weimer
2018-05-19 20:27     ` Ram Pai
2018-05-19 23:47       ` Andy Lutomirski
2018-05-20  6:04         ` Ram Pai
2018-05-20  6:06           ` Andy Lutomirski
2018-05-20 19:11             ` Ram Pai
2018-05-21 11:29               ` Florian Weimer
2018-06-03 20:18                 ` Ram Pai
2018-06-04 10:12                   ` Florian Weimer
2018-06-04 14:01                     ` Ram Pai
2018-06-04 17:57                       ` Florian Weimer
2018-06-04 19:02                         ` Ram Pai
2018-06-04 19:02                           ` Ram Pai
2018-06-04 21:00                           ` Florian Weimer
2018-06-08  2:34                             ` Ram Pai
2018-06-08  5:53                               ` Florian Weimer
2018-06-08 10:15                                 ` Michal Suchánek
2018-06-08 10:44                                   ` Florian Weimer
2018-06-08 10:44                                     ` Florian Weimer
2018-06-08 12:54                                     ` Michal Suchánek
2018-06-08 12:54                                       ` Michal Suchánek
2018-06-08 12:57                                       ` Florian Weimer [this message]
2018-06-08 12:57                                         ` Florian Weimer
2018-06-08 13:49                                         ` Michal Suchánek
2018-06-08 13:49                                           ` Michal Suchánek
2018-06-08 13:51                                           ` Florian Weimer
2018-06-08 13:51                                             ` Florian Weimer
2018-06-08 14:17                                             ` Michal Suchánek
2018-06-08 14:17                                               ` Michal Suchánek
2018-06-11 17:23                                 ` Ram Pai
2018-06-11 17:29                                   ` Florian Weimer
2018-06-11 20:08                                     ` Ram Pai
2018-06-12 12:17                                       ` Florian Weimer
2018-05-19  5:12   ` Florian Weimer
2018-05-19 11:11   ` Florian Weimer
2018-05-19 11:11     ` Florian Weimer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f440aaa4-0a55-3ccd-2df1-2ad595e9e17a@redhat.com \
    --to=fweimer@redhat.com \
    --cc=dave.hansen@intel.com \
    --cc=linux-mm@kvack.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=linuxram@us.ibm.com \
    --cc=luto@kernel.org \
    --cc=msuchanek@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.