On 03/14/2018 09:00 AM, Florian Weimer wrote:
On 03/09/2018 09:00 PM, Ram Pai wrote:
On Fri, Mar 09, 2018 at 12:04:49PM +0100, Florian Weimer wrote:
On 03/09/2018 09:12 AM, Ram Pai wrote:
Once an address range is associated with an allocated pkey, it
cannot be
reverted back to key-0. There is no valid reason for the above
behavior.
mprotect without a key does not necessarily use key 0, e.g. if
protection keys are used to emulate page protection flag combination
which is not directly supported by the hardware.
Therefore, it seems to me that filtering out non-allocated keys is
the right thing to do.
I am not sure, what you mean. Do you agree with the patch or otherwise?
I think it's inconsistent to make key 0 allocated, but not the key which
is used for PROT_EXEC emulation, which is still reserved. Even if you
change the key 0 behavior, it is still not possible to emulate mprotect
behavior faithfully with an allocated key.
Ugh. Should have read the code first before replying:
/* Do we need to assign a pkey for mm's execute-only maps? */
if (execute_only_pkey == -1) {
/* Go allocate one to use, which might fail */
execute_only_pkey = mm_pkey_alloc(mm);
if (execute_only_pkey < 0)
return -1;
need_to_set_mm_pkey = true;
}
So we do allocate the PROT_EXEC-only key, and I assume it means that the
key can be restored using pkey_mprotect. So the key 0 behavior is a
true exception after all, and it makes sense to realign the behavior
with the other keys.
Thanks,
Florian
