On Tue, Aug 20, 2024 at 02:54:50PM +0100, Dave Martin wrote: > On Tue, Aug 20, 2024 at 10:54:41AM +0100, Joey Gouly wrote: > > On Mon, Aug 19, 2024 at 06:09:06PM +0100, Catalin Marinas wrote: > > > On Thu, Aug 15, 2024 at 04:09:26PM +0100, Dave P Martin wrote: > > > > On Thu, Aug 15, 2024 at 02:18:15PM +0100, Joey Gouly wrote: > > > > > That's a lot of words to say, or ask, do you agree with the approach of only > > > > > saving POR_EL0 in the signal frame if num_allocated_pkeys() > 1? > > > > > > > > > > Thanks, > > > > > Joey > > > > > > > > ...So..., given all the above, it is perhaps best to go back to > > > > dumping POR_EL0 unconditionally after all, unless we have a mechanism > > > > to determine whether pkeys are in use at all. > > > > > > Ah, I can see why checking for POR_EL0_INIT is useful. Only checking for > > > the allocated keys gets confusing with pkey 0. > > > > > > Not sure what the deal is with pkey 0. Is it considered allocated by > > > default or unallocatable? If the former, it implies that pkeys are > > > already in use (hence the additional check for POR_EL0_INIT). In > > > principle the hardware allows us to use permissions where the pkeys do > > > not apply but we'd run out of indices and PTE bits to encode them, so I > > > think by default we should assume that pkey 0 is pre-allocated. > > > > > > > > > > You can consider pkey 0 allocated by default. You can actually pkey_free(0), there's nothing stopping that. > > Is that intentional? I don't really know? It's intentional from my side in that it, I allow it, because it doesn't look like x86 or PPC block pkey_free(0). I found this code that does pkey_free(0), but obviously it's a bit of a weird test case: https://github.com/ColinIanKing/stress-ng/blob/master/test/test-pkey-free.c#L29 > > You're not supposed to free pkeys that are in use, and it's quasi- > impossible to know whether pkey 0 is in use: all binaries in the > process assume that pkey is available and use it by default for their > pages, plus the stack will be painted with pkey 0, and the vDSO has to > be painted with some pkey. > > Actually, that's a good point, because of the vDSO I think that only > special bits of code with a private ABI (e.g., JITted code etc.) that > definitely don't call into the vDSO can block permissions on pkey 0... > otherwise, stuff will break. > > > > > > So I agree that it's probably best to save it unconditionally. > > > > Alright, will leave it as is! > > Ack, I think the whole discussion around this has shown that there > isn't a _simple_ argument for conditionally dumping POR_EL0... so I'm > prepared to admit defeat here. > > We might still try to slow down the consumption of the remaining space > with a "misc registers" record, instead of dedicating a record to > POR_EL0. I have some thoughts on that, but if nobody cares that much > then this probably isn't worth pursuing. > > Cheers > ---Dave >
