On Wed, May 2, 2018 at 7:11 PM Ram Pai <linuxram@xxxxxxxxxx> wrote: > On Wed, May 02, 2018 at 09:23:49PM +0000, Andy Lutomirski wrote: > > > > > If I recall correctly, the POWER maintainer did express a strong desire > > > back then for (what is, I believe) their current semantics, which my > > > PKEY_ALLOC_SIGNALINHERIT patch implements for x86, too. > > > > Ram, I really really don't like the POWER semantics. Can you give some > > justification for them? Does POWER at least have an atomic way for > > userspace to modify just the key it wants to modify or, even better, > > special load and store instructions to use alternate keys? > I wouldn't call it POWER semantics. The way I implemented it on power > lead to the semantics, given that nothing was explicitly stated > about how the semantics should work within a signal handler. I think that this is further evidence that we should introduce a new pkey_alloc() mode and deprecate the old. To the extent possible, this thing should work the same way on x86 and POWER. I think that we, as kernel API designers enabling fancy hardware features, need to think about them with some care. Our goal isn't just to expose the hardware feature to userspace and let userspace run wild with it -- our goal is to figure out what the use cases are and make the API useful for those use cases without introducing more footguns that necessary. For pkey, this means realizing that user code consists of various loosely coupled components and that the purpose of pkeys is to allow some userspace component to prevent other components from *accidentally* clobbering or leaking data due to bugs. And I think that the current APIs don't really achieve this.