On 02/17/2016 01:27 PM, Kees Cook wrote: > Is there a way to detect this feature's availability without userspace > having to set up a segv handler and attempting to read a > PROT_EXEC-only region? (i.e. cpu flag for protection keys, or a way to > check the protection to see if PROT_READ got added automatically, > etc?) You can kinda do it with /proc/$pid/(s)maps. Here's smaps, for instance: > 00401000-00402000 --xp 00001000 08:14 4897479 /root/pkeys/pkey-xonly > Size: 4 kB > Rss: 4 kB ... > KernelPageSize: 4 kB > MMUPageSize: 4 kB > Locked: 0 kB > ProtectionKey: 15 > VmFlags: ex mr mw me dw You can see "--x" and the ProtectionKey itself being nonzero. That's a reasonable indication. There's also the "OSPKE" cpuid bit which only shows up when the kernel has enabled protection keys. This is _separate_ from the bit that says whether the processor support pkeys. I check them in test code like this: > static inline void __cpuid(unsigned int *eax, unsigned int *ebx, > unsigned int *ecx, unsigned int *edx) > { > /* ecx is often an input as well as an output. */ > asm volatile( > "cpuid;" > : "=a" (*eax), > "=b" (*ebx), > "=c" (*ecx), > "=d" (*edx) > : "0" (*eax), "2" (*ecx)); > } > > /* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx) */ > #define X86_FEATURE_PKU (1<<3) /* Protection Keys for Userspace */ > #define X86_FEATURE_OSPKE (1<<4) /* OS Protection Keys Enable */ > > static inline int cpu_has_pku(void) > { > unsigned int eax; > unsigned int ebx; > unsigned int ecx; > unsigned int edx; > eax = 0x7; > ecx = 0x0; > __cpuid(&eax, &ebx, &ecx, &edx); > > if (!(ecx & X86_FEATURE_PKU)) { > dprintf2("cpu does not have PKU\n"); > return 0; > } > if (!(ecx & X86_FEATURE_OSPKE)) { > dprintf2("cpu does not have OSPKE\n"); > return 0; > } > return 1; > } -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>