On 7/9/24 18:37, Kevin Brodsky wrote: > On 03/05/2024 15:01, Joey Gouly wrote: >> @@ -267,6 +294,28 @@ static inline unsigned long mm_untag_mask(struct mm_struct *mm) >> return -1UL >> 8; >> } >> >> +/* >> + * We only want to enforce protection keys on the current process >> + * because we effectively have no access to POR_EL0 for other >> + * processes or any way to tell *which * POR_EL0 in a threaded >> + * process we could use. > > I see that this comment is essentially copied from x86, but to me it > misses the main point. Even with only one thread in the target process > and a way to obtain its POR_EL0, it still wouldn't make sense to check > that value. If we take the case of a debugger accessing an inferior via > ptrace(), for instance, the kernel is asked to access some memory in > another mm. However, the debugger's POR_EL0 is tied to its own address > space, and the target's POR_EL0 is relevant to its own execution flow > only. In such situations, there is essentially no user context for the > access, so It fundamentally does not make sense to make checks based on > pkey/POE or similar restrictions to memory accesses (e.g. MTE). Indeed this makes more sense. There is no memory context even if there is access to another POR_EL0. The comment above could be improved describing this limitation.
