On 05/02/2018 06:14 PM, Andy Lutomirski wrote: >> I think you are saying: If a thread calls pkey_alloc(), all >> threads should, by default, implicitly get access. > No, I’m saying that all threads should get the *requested* access. > If I’m protecting the GOT, I want all threads to get RO access. If > I’m writing a crypto library, I probably want all threads to have no > access. If I’m writing a database, I probably want all threads to > get RO by default. If I’m writing some doodad to sandbox some > carefully constructed code, I might want all threads to have full > access by default. OK, fair enough. I totally agree that the current interface (or architecture for that matter) is not amenable to use models where we are implicitly imposing policies on *other* threads. I don't think that means the current stuff is broken for multi-threading, though, just the (admittedly useful) cases you are talking about where you want to poke at a remote thread's PKRU. So, where do we go from here?
