From: Andy Lutomirski <luto@kernel.org>
To: linuxram@us.ibm.com
Cc: Florian Weimer <fweimer@redhat.com>,
Dave Hansen <dave.hansen@intel.com>,
Linux API <linux-api@vger.kernel.org>,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: pkeys: Reserve PKEY_DISABLE_READ
Date: Wed, 5 Dec 2018 08:21:02 -0800 [thread overview]
Message-ID: <CALCETrXeSQ8T9nvK7WpgPpkraLfg70FoDWvPZeLS3KiDaqXwtw@mail.gmail.com> (raw)
In-Reply-To: <20181203040249.GA11930@ram.oc3035372033.ibm.com>
> On Dec 2, 2018, at 8:02 PM, Ram Pai <linuxram@us.ibm.com> wrote:
>
>> On Thu, Nov 29, 2018 at 12:37:15PM +0100, Florian Weimer wrote:
>> * Dave Hansen:
>>
>>>> On 11/27/18 3:57 AM, Florian Weimer wrote:
>>>> I would have expected something that translates PKEY_DISABLE_WRITE |
>>>> PKEY_DISABLE_READ into PKEY_DISABLE_ACCESS, and also accepts
>>>> PKEY_DISABLE_ACCESS | PKEY_DISABLE_READ, for consistency with POWER.
>>>>
>>>> (My understanding is that PKEY_DISABLE_ACCESS does not disable all
>>>> access, but produces execute-only memory.)
>>>
>>> Correct, it disables all data access, but not execution.
>>
>> So I would expect something like this (completely untested, I did not
>> even compile this):
>
>
> Ok. I re-read through the entire email thread to understand the problem and
> the proposed solution. Let me summarize it below. Lets see if we are on the same
> plate.
>
> So the problem is as follows:
>
> Currently the kernel supports 'disable-write' and 'disable-access'.
>
> On x86, cpu supports 'disable-write' and 'disable-access'. This
> matches with what the kernel supports. All good.
>
> However on power, cpu supports 'disable-read' too. Since userspace can
> program the cpu directly, userspace has the ability to set
> 'disable-read' too. This can lead to inconsistency between the kernel
> and the userspace.
>
> We want the kernel to match userspace on all architectures.
>
> Proposed Solution:
>
> Enhance the kernel to understand 'disable-read', and facilitate architectures
> that understand 'disable-read' to allow it.
>
> Also explicitly define the semantics of disable-access as
> 'disable-read and disable-write'
>
> Did I get this right? Assuming I did, the implementation has to do
> the following --
>
> On power, sys_pkey_alloc() should succeed if the init_val
> is PKEY_DISABLE_READ, PKEY_DISABLE_WRITE, PKEY_DISABLE_ACCESS
> or any combination of the three.
>
> On x86, sys_pkey_alloc() should succeed if the init_val is
> PKEY_DISABLE_WRITE or PKEY_DISABLE_ACCESS or PKEY_DISABLE_READ
> or any combination of the three, except PKEY_DISABLE_READ
> specified all by itself.
>
> On all other arches, none of the flags are supported.
I don’t really love having a situation where you can use different
flag combinations to refer to the same mode.
Also, we should document the effect these flags have on execute permission.
next prev parent reply other threads:[~2018-12-05 16:23 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <877ehnbwqy.fsf@oldenburg.str.redhat.com>
2018-11-08 19:22 ` pkeys: Reserve PKEY_DISABLE_READ Ram Pai
2018-11-12 10:29 ` Florian Weimer
[not found] ` <2d62c9e2-375b-2791-32ce-fdaa7e7664fd@intel.com>
[not found] ` <87bm6zaa04.fsf@oldenburg.str.redhat.com>
[not found] ` <6f9c65fb-ea7e-8217-a4cc-f93e766ed9bb@intel.com>
[not found] ` <87k1ln8o7u.fsf@oldenburg.str.redhat.com>
2018-11-08 20:12 ` Ram Pai
2018-11-08 20:23 ` Florian Weimer
2018-11-09 18:09 ` Ram Pai
2018-11-12 12:00 ` Florian Weimer
2018-11-27 10:23 ` Ram Pai
2018-11-27 11:57 ` Florian Weimer
2018-11-27 15:31 ` Dave Hansen
2018-11-29 11:37 ` Florian Weimer
2018-12-03 4:02 ` Ram Pai
2018-12-03 15:52 ` Florian Weimer
2018-12-04 6:23 ` Ram Pai
2018-12-05 13:00 ` Florian Weimer
2018-12-05 20:23 ` Ram Pai
2018-12-05 16:21 ` Andy Lutomirski [this message]
2018-12-05 20:36 ` Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrXeSQ8T9nvK7WpgPpkraLfg70FoDWvPZeLS3KiDaqXwtw@mail.gmail.com \
--to=luto@kernel.org \
--cc=dave.hansen@intel.com \
--cc=fweimer@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).