linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@kernel.org>
To: linuxram@us.ibm.com
Cc: Florian Weimer <fweimer@redhat.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Linux API <linux-api@vger.kernel.org>,
	linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
	Linux-MM <linux-mm@kvack.org>
Subject: Re: pkeys: Reserve PKEY_DISABLE_READ
Date: Wed, 5 Dec 2018 08:21:02 -0800	[thread overview]
Message-ID: <CALCETrXeSQ8T9nvK7WpgPpkraLfg70FoDWvPZeLS3KiDaqXwtw@mail.gmail.com> (raw)
In-Reply-To: <20181203040249.GA11930@ram.oc3035372033.ibm.com>

> On Dec 2, 2018, at 8:02 PM, Ram Pai <linuxram@us.ibm.com> wrote:
>
>> On Thu, Nov 29, 2018 at 12:37:15PM +0100, Florian Weimer wrote:
>> * Dave Hansen:
>>
>>>> On 11/27/18 3:57 AM, Florian Weimer wrote:
>>>> I would have expected something that translates PKEY_DISABLE_WRITE |
>>>> PKEY_DISABLE_READ into PKEY_DISABLE_ACCESS, and also accepts
>>>> PKEY_DISABLE_ACCESS | PKEY_DISABLE_READ, for consistency with POWER.
>>>>
>>>> (My understanding is that PKEY_DISABLE_ACCESS does not disable all
>>>> access, but produces execute-only memory.)
>>>
>>> Correct, it disables all data access, but not execution.
>>
>> So I would expect something like this (completely untested, I did not
>> even compile this):
>
>
> Ok. I re-read through the entire email thread to understand the problem and
> the proposed solution. Let me summarize it below. Lets see if we are on the same
> plate.
>
> So the problem is as follows:
>
> Currently the kernel supports  'disable-write'  and 'disable-access'.
>
> On x86, cpu supports 'disable-write' and 'disable-access'. This
> matches with what the kernel supports. All good.
>
> However on power, cpu supports 'disable-read' too. Since userspace can
> program the cpu directly, userspace has the ability to set
> 'disable-read' too.  This can lead to inconsistency between the kernel
> and the userspace.
>
> We want the kernel to match userspace on all architectures.
>
> Proposed Solution:
>
> Enhance the kernel to understand 'disable-read', and facilitate architectures
> that understand 'disable-read' to allow it.
>
> Also explicitly define the semantics of disable-access  as
> 'disable-read and disable-write'
>
> Did I get this right?  Assuming I did, the implementation has to do
> the following --
>
>    On power, sys_pkey_alloc() should succeed if the init_val
>    is PKEY_DISABLE_READ, PKEY_DISABLE_WRITE, PKEY_DISABLE_ACCESS
>    or any combination of the three.
>
>    On x86, sys_pkey_alloc() should succeed if the init_val is
>    PKEY_DISABLE_WRITE or PKEY_DISABLE_ACCESS or PKEY_DISABLE_READ
>    or any combination of the three, except  PKEY_DISABLE_READ
>          specified all by itself.
>
>    On all other arches, none of the flags are supported.

I don’t really love having a situation where you can use different
flag combinations to refer to the same mode.

Also, we should document the effect these flags have on execute permission.

  parent reply	other threads:[~2018-12-05 16:23 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <877ehnbwqy.fsf@oldenburg.str.redhat.com>
2018-11-08 19:22 ` pkeys: Reserve PKEY_DISABLE_READ Ram Pai
2018-11-12 10:29   ` Florian Weimer
     [not found] ` <2d62c9e2-375b-2791-32ce-fdaa7e7664fd@intel.com>
     [not found]   ` <87bm6zaa04.fsf@oldenburg.str.redhat.com>
     [not found]     ` <6f9c65fb-ea7e-8217-a4cc-f93e766ed9bb@intel.com>
     [not found]       ` <87k1ln8o7u.fsf@oldenburg.str.redhat.com>
2018-11-08 20:12         ` Ram Pai
2018-11-08 20:23           ` Florian Weimer
2018-11-09 18:09             ` Ram Pai
2018-11-12 12:00               ` Florian Weimer
2018-11-27 10:23                 ` Ram Pai
2018-11-27 11:57                   ` Florian Weimer
2018-11-27 15:31                     ` Dave Hansen
2018-11-29 11:37                       ` Florian Weimer
2018-12-03  4:02                         ` Ram Pai
2018-12-03 15:52                           ` Florian Weimer
2018-12-04  6:23                             ` Ram Pai
2018-12-05 13:00                               ` Florian Weimer
2018-12-05 20:23                                 ` Ram Pai
2018-12-05 16:21                           ` Andy Lutomirski [this message]
2018-12-05 20:36                             ` Ram Pai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALCETrXeSQ8T9nvK7WpgPpkraLfg70FoDWvPZeLS3KiDaqXwtw@mail.gmail.com \
    --to=luto@kernel.org \
    --cc=dave.hansen@intel.com \
    --cc=fweimer@redhat.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=linuxram@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).