From: Vlastimil Babka <vbabka@suse.cz>
To: Florian Weimer <fweimer@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-x86_64@vger.kernel.org, linux-arch@vger.kernel.org
Cc: linux-mm <linux-mm@kvack.org>, Linux API <linux-api@vger.kernel.org>
Subject: Re: MPK: removing a pkey (was: pkey_free and key reuse)
Date: Wed, 22 Nov 2017 09:18:44 +0100 [thread overview]
Message-ID: <8741e4d6-6ac0-9c07-99f3-95d8d04940b4@suse.cz> (raw)
In-Reply-To: <0f006ef4-a7b5-c0cf-5f58-d0fd1f911a54@redhat.com>
On 11/05/2017 11:35 AM, Florian Weimer wrote:
> I'm working on adding memory protection key support to glibc.
>
> I don't think pkey_free, as it is implemented today, is very safe due to
> key reuse by a subsequent pkey_alloc. I see two problems:
>
> (A) pkey_free allows reuse for they key while there are still mappings
> that use it.
>
> (B) If a key is reused, existing threads retain their access rights,
> while there is an expectation that pkey_alloc denies access for the
> threads except the current one.
I have a somewhat related question to API/documentation of pkeys, that
came up from a customer interested in using the feature. The man page of
mprotect/pkey_mprotect doesn't say how to remove a pkey from a set of
pages, i.e. reset it to the default 0 (or the exec-only pkey), so
initially they thought there's no way to do that.
Calling pkey_mprotect() with pkey==0 will fail with EINVAL, because 0
was not allocated by pkey_alloc(). That's fair I guess.
What seems to work to reset the pkey is either calling plain mprotect(),
or calling pkey_mprotect() with pkey == -1, as the former is just wired
to the latter.
So, is plain mprotect() the intended way to reset a pkey and should it
be explicitly documented in the man page?
And, was the pkey == -1 internal wiring supposed to be exposed to the
pkey_mprotect() signal, or should there have been a pre-check returning
EINVAL in SYSCALL_DEFINE4(pkey_mprotect), before calling
do_mprotect_pkey())? I assume it's too late to change it now anyway (or
not?), so should we also document it?
Thanks,
Vlastimil
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-11-22 8:18 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-05 10:35 MPK: pkey_free and key reuse Florian Weimer
2017-11-08 20:41 ` Dave Hansen
2017-11-09 14:48 ` Florian Weimer
2017-11-09 16:59 ` Dave Hansen
2017-11-23 12:48 ` Florian Weimer
2017-11-23 13:07 ` Vlastimil Babka
2017-11-23 15:25 ` Dave Hansen
2017-11-24 14:55 ` Florian Weimer
2017-11-22 8:18 ` Vlastimil Babka [this message]
2017-11-22 12:15 ` MPK: removing a pkey Florian Weimer
2017-11-22 12:46 ` Vlastimil Babka
2017-11-22 12:49 ` Florian Weimer
2017-11-22 16:10 ` Dave Hansen
2017-11-22 16:21 ` Florian Weimer
2017-11-22 16:32 ` Dave Hansen
2017-11-23 8:11 ` Vlastimil Babka
2017-11-23 15:00 ` Dave Hansen
2017-11-23 21:42 ` Vlastimil Babka
2017-11-23 23:29 ` Dave Hansen
2017-11-24 8:35 ` Florian Weimer
2017-11-24 8:38 ` Vlastimil Babka
2017-11-23 12:38 ` Florian Weimer
2017-11-23 15:09 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8741e4d6-6ac0-9c07-99f3-95d8d04940b4@suse.cz \
--to=vbabka@suse.cz \
--cc=dave.hansen@linux.intel.com \
--cc=fweimer@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-x86_64@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).