On 11/24/2017 09:35 AM, Florian Weimer wrote: > On 11/24/2017 12:29 AM, Dave Hansen wrote: >> Although weird, the thought here was that pkey_mprotect() callers are >> new and should know about the interactions with PROT_EXEC. They can >> also*get* PROT_EXEC semantics if they want. >> >> The only wart here is if you do: >> >> mprotect(..., PROT_EXEC); // key 10 is now the PROT_EXEC key > > I thought the PROT_EXEC key is always 1? Seems it assigns the first non-allocated one. Can even fail if there's none left, and then there's no PROT_EXEC read protection. In practice I expect PROT_EXEC mapping to be created by ELF loader (?) before the program can even call pkey_alloc() itself, so it would be 1.
