On 11/22/2017 05:10 PM, Dave Hansen wrote:
On 11/22/2017 04:15 AM, Florian Weimer wrote:
On 11/22/2017 09:18 AM, Vlastimil Babka wrote:
And, was the pkey == -1 internal wiring supposed to be exposed to the
pkey_mprotect() signal, or should there have been a pre-check returning
EINVAL in SYSCALL_DEFINE4(pkey_mprotect), before calling
do_mprotect_pkey())? I assume it's too late to change it now anyway (or
not?), so should we also document it?
I think the -1 case to the set the default key is useful because it
allows you to use a key value of -1 to mean “MPK is not supported”, and
still call pkey_mprotect.
The behavior to not allow 0 to be set was unintentional and is a bug.
We should fix that.
On the other hand, x86-64 has no single default protection key due to
the PROT_EXEC emulation.
Florian