* Michael Sammler: > Thank you for the pointer about the POWER implementation. I am not > familiar with POWER in general and its protection key feature at > all. Would the AMR register be the correct register to expose here? Yes, according to my notes, the register is called AMR (special purpose register 13). > I understand your concern about exposing the number of protection keys > in the ABI. One idea would be to state, that the pkru field (which > should probably be renamed) contains an architecture specific value, > which could then be the PKRU on x86 and AMR (or another register) on > POWER. This new field should probably be extended to __u64 and the > reserved field removed. POWER also has proper read/write bit separation, not PKEY_DISABLE_ACCESS (disable read and write) and PKEY_DISABLE_WRITE like Intel. It's currently translated by the kernel, but I really need a PKEY_DISABLE_READ bit in glibc to implement pkey_get in case the memory is write-only. > Another idea would be to not add a field in the seccomp_data > structure, but instead provide a new BPF instruction, which reads the > value of a specified protection key. I would prefer that if it's possible. We should make sure that the bits are the same as those returned from pkey_get. I have an implementation on POWER, but have yet to figure out the implications for 32-bit because I do not know the AMR register size there. Thanks, Florian
