On 11/05/2017 02:35 AM, Florian Weimer wrote: > I don't think pkey_free, as it is implemented today, is very safe due to > key reuse by a subsequent pkey_alloc. I see two problems: > > (A) pkey_free allows reuse for they key while there are still mappings > that use it. I don't agree with this assessment. Is malloc() unsafe? If someone free()s memory that is still in use, a subsequent malloc() would hand the address out again for reuse. > (B) If a key is reused, existing threads retain their access rights, > while there is an expectation that pkey_alloc denies access for the > threads except the current one. Where does this expectation come from? Using the malloc() analogy, we don't expect that free() in one thread actively takes away references to the memory held by other threads. We define free() as only being called on resources to which there are no active references. If you free() things in use, bad things happen. pkey_free() is only to be called when there is nothing actively using the key. If you pkey_free() an in-use key, bad things happen.