Re: pkeys: Support setting access rights for signal handlers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/16/2017 04:09 PM, Ram Pai wrote:

It still restores the PKRU register value upon
regular exit from the signal handler, which I think is something we
should keep.

On x86, the pkru value is restored, on return from the signal handler,
to the value before the signal handler was called. right?

In other words, if 'x' was the value when signal handler was called, it
will be 'x' when return from the signal handler.

If correct, than it is consistent with the behavior on POWER.

That's good to know.  I tended to implement the same semantics on x86.

I think we still should add a flag, so that applications can easily
determine if a kernel has this patch.  Setting up a signal handler,
sending the signal, and thus checking for inheritance is a bit
involved, and we'd have to do this in the dynamic linker before we
can use pkeys to harden lazy binding.  The flag could just be a
no-op, apart from the lack of an EINVAL failure if it is specified.

Sorry. I am little confused.  What should I implement on POWER?
PKEY_ALLOC_SETSIGNAL semantics?

No, we would add a flag, with a different name, and this patch only:

diff --git a/mm/mprotect.c b/mm/mprotect.c
index ec39f73..021f1d4 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -523,14 +523,17 @@ static int do_mprotect_pkey(unsigned long start, size_t l
        return do_mprotect_pkey(start, len, prot, pkey);
 }

+#define PKEY_ALLOC_FLAGS ((unsigned long) (PKEY_ALLOC_SETSIGNAL))
+
 SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val)
 {
        int pkey;
        int ret;

-       /* No flags supported yet. */
-       if (flags)
+       /* check for unsupported flags */
+       if (flags & ~PKEY_ALLOC_FLAGS)
                return -EINVAL;
+
        /* check for unsupported init values */
        if (init_val & ~PKEY_ACCESS_MASK)
                return -EINVAL;


This way, an application can specify the flag during key allocation, and knows that if the allocation succeeds, the kernel implements access rights inheritance in signal handlers. I think we need this so that applications which are incompatible with the earlier x86 implementation of memory protection keys do not use them.

With my second patch (not the first one implementing PKEY_ALLOC_SETSIGNAL), no further changes to architecture=specific code are needed, except for the definition of the flag in the header files.

I'm open to a different way towards conveying this information to userspace. I don't want to probe for the behavior by sending a signal because that is quite involved and would also be visible in debuggers, confusing programmers.

Thanks,
Florian



[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux