[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151007071124.GC7837@gmail.com>
Date: Wed, 7 Oct 2015 09:11:24 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Dave Hansen <dave@...1.net>
Cc: Andy Lutomirski <luto@...capital.net>,
Kees Cook <keescook@...gle.com>,
"x86@...nel.org" <x86@...nel.org>,
LKML <linux-kernel@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...en8.de>
Subject: Re: [PATCH 26/26] x86, pkeys: Documentation
* Dave Hansen <dave@...1.net> wrote:
> On 10/03/2015 12:27 AM, Ingo Molnar wrote:
> > - I'd also suggest providing an initial value with the 'alloc' call. It's true
> > that user-space can do this itself in assembly, OTOH there's no reason not to
> > provide a C interface for this.
>
> You mean an initial value for the rights register (PKRU), correct?
>
> So init_val would be something like
>
> PKEY_DENY_ACCESS
> PKEY_DENY_WRITE
>
> and it would refer only to the key that was allocated.
Correct.
> > - Along similar considerations, also add a sys_pkey_query() system call to query
> > the mapping of a specific pkey. (returns -EBADF or so if the key is not mapped
> > at the moment.) This too could be vDSO accelerated in the future.
>
> Do you mean whether the key is being used on a mapping (VMA) or rather
> whether the key is currently allocated (has been returned from
> sys_pkey_alloc() in the past)?
So in my mind 'pkeys' are an array of 16 values. The hardware allows us to map any
'protection key value' to any of the 16 indices.
The query interface would only query this array, i.e. it would tell us what
current protection value a given pkey index has - if it's allocated. So
sys_pkey_query(6) would return the current protection key value for index 6. If
the index has not been allocated yet, it would return -EBADF or so.
This is what 'managed pkeys' means in essence.
Allocation/freeing of pkeys is a relatively rare operation, and pkeys get
inherited across fork()/clone() (which further cuts down on management
activities), but it looks simple in any case.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists