From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail-pf0-f198.google.com (mail-pf0-f198.google.com [209.85.192.198])
	by kanga.kvack.org (Postfix) with ESMTP id E5D4C6B0007
	for <linux-mm@kvack.org>; Wed,  2 May 2018 21:14:14 -0400 (EDT)
Received: by mail-pf0-f198.google.com with SMTP id s3so14209463pfh.0
        for <linux-mm@kvack.org>; Wed, 02 May 2018 18:14:14 -0700 (PDT)
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])
        by mx.google.com with SMTPS id z186-v6sor2968198pgd.230.2018.05.02.18.14.13
        for <linux-mm@kvack.org>
        (Google Transport Security);
        Wed, 02 May 2018 18:14:13 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT and change signal semantics
From: Andy Lutomirski <luto@amacapital.net>
In-Reply-To: <cf71c470-9712-ce7c-a84a-f78468ebb4a8@intel.com>
Date: Wed, 2 May 2018 18:14:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <AE502DA2-5B8E-4144-937F-E39DCCC57540@amacapital.net>
References: <20180502132751.05B9F401F3041@oldenburg.str.redhat.com> <248faadb-e484-806f-1485-c34a72a9ca0b@intel.com> <822a28c9-5405-68c2-11bf-0c282887466d@redhat.com> <57459C6F-C8BA-4E2D-99BA-64F35C11FC05@amacapital.net> <6286ba0a-7e09-b4ec-e31f-bd091f5940ff@redhat.com> <CALCETrVrm6yGiv6_z7RqdeB-324RoeMmjpf1EHsrGOh+iKb7+A@mail.gmail.com> <b2df1386-9df9-2db8-0a25-51bf5ff63592@redhat.com> <CALCETrW_Dt-HoG4keFJd8DSD=tvyR+bBCFrBDYdym4GQbfng4A@mail.gmail.com> <a37b7deb-7f5a-3dfa-f360-956cab8a813a@intel.com> <CALCETrUM7wWZh55gaLiAoPqtxLLUJ4QC8r8zj62E9avJ6ZVu0w@mail.gmail.com> <f9f7edc5-6426-91aa-f279-2f9f4671957a@intel.com> <2BE03B9A-B1E0-4707-8705-203F88B62A1C@amacapital.net> <cf71c470-9712-ce7c-a84a-f78468ebb4a8@intel.com>
Sender: owner-linux-mm@kvack.org
List-ID: <linux-mm.kvack.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>, Florian Weimer <fweimer@redhat.com>, Linux-MM <linux-mm@kvack.org>, Linux API <linux-api@vger.kernel.org>, linux-x86_64@vger.kernel.org, linux-arch <linux-arch@vger.kernel.org>, X86 ML <x86@kernel.org>, linuxram@us.ibm.com



> On May 2, 2018, at 4:58 PM, Dave Hansen <dave.hansen@intel.com> wrote:
>=20
> On 05/02/2018 04:32 PM, Andy Lutomirski wrote:
>>> But, where do those come from in this scenario?  I'm not getting
>>> the secondary mechanism is that *makes* them unsafe.
>> pkey_alloc() itself.  If someone tries to allocate a key with a given
>> default mode, unless there=E2=80=99s already a key that already had that
>> value in all threads or pkey_alloc() needs to asynchronously create
>> such a key.
>=20
> I think you are saying: If a thread calls pkey_alloc(), all threads
> should, by default, implicitly get access.

No, I=E2=80=99m saying that all threads should get the *requested* access.  I=
f I=E2=80=99m protecting the GOT, I want all threads to get RO access. If I=E2=
=80=99m writing a crypto library, I probably want all threads to have no acc=
ess.  If I=E2=80=99m writing a database, I probably want all threads to get R=
O by default.  If I=E2=80=99m writing some doodad to sandbox some carefully c=
onstructed code, I might want all threads to have full access by default.

=E2=80=94Andy=