On 11/23/2017 04:25 PM, Dave Hansen wrote:
I don't see a way to do a broadcast PKRU update. But, I'd love to be proven wrong, with code.
I could use the existing setxid broadcast code in glibc to update PKRU on all running threads upon a key allocation (before pkey_alloc returns to the application), but this won't work for the implicit protection key used for PROT_EXEC. I don't see a good way to get its number, and to determine whether a particular mprotect call allocated it. (We obviously don't want to do the broadcast on every mprotect call with PROT_EXEC, just in case.)
What's worse, the setxid broadcast is not async-signal-safe, so we can't use it from mprotect, which should better be async-signal-safe (I know that official, it's not, but it would still be problematic to change that IMHO).
(The setxid broadcast mechanism allows us to run a piece of code on all threads of the process. We could look at %rip and see if the signal arrived during a pkey_set function call, and make sure that this call delivers the right result, by altering the task state before returning.)
Thanks, Florian -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
