Re: pkeys: Support setting access rights for signal handlers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/13/2017 12:35 PM, Ram Pai wrote:
On Wed, Dec 13, 2017 at 03:14:36AM +0100, Florian Weimer wrote:
On 12/13/2017 12:13 AM, Ram Pai wrote:

On POWER, the value of the pkey_read() i.e contents the AMR
register(pkru equivalent), is always the same regardless of its
context; signal handler or not.

In other words, the permission of any allocated key will not
reset in a signal handler context.

That's certainly the simpler semantics, but I don't like how they
differ from x86.

Is the AMR register reset to the original value upon (regular)
return from the signal handler?

The AMR bits are not touched upon (regular) return from the signal
handler.

If the signal handler changes the bits in the AMR, they will continue
to be so, even after return from the signal handler.

To illustrate with an example, lets say AMR value is 'x' and signal
handler is invoked.  The value of AMR will be 'x' in the context of the
signal handler.  On return from the signal handler the value of AMR will
continue to be 'x'. However if signal handler changes the value of AMR
to 'y', the value of AMR will be 'y' on return from the signal handler.

Okay, this model is really quite different from x86. Is there a good reason for the difference? Could we change the x86 implementation to behave in the same way? Or alternatively, change the POWER implementation to match the existing x86 behavior?

I was not aware that x86 would reset the key permissions in signal
handler.  I think, the proposed behavior for PKEY_ALLOC_SETSIGNAL should
actually be the default behavior.

Note that PKEY_ALLOC_SETSIGNAL does something different: It requests
that the kernel sets the access rights for the key to the bits
specified at pkey_alloc time when the signal handler is invoked.  So
there is still a reset with PKEY_ALLOC_SETSIGNAL, but to a different
value.  It did not occur to me that it might be desirable to avoid
resetting the value on a per-key basis.

Ah. ok i see the subtle difference proposed by your semantics.

Will the following behavior work?

'No bits will be reset to its initial value unless the key has been
allocated with PKEY_ALLOC_*RE*SETSIGNAL flag'.

The existing x86 interface defaults to resetting the bits, unfortunately. I'm not sure if we can or should change this now.

For my purposes, the POWER semantics would work fine as far as I can see. The reset-to-default is really problematic. I don't actually need the configurable behavior, but I implemented it this way to achieve a maximum of backwards compatibility.

Thanks,
Florian



[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux