Re: [PATCH] x86, powerpc : pkey-mprotect must allow pkey-0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/14/2018 09:00 AM, Florian Weimer wrote:
On 03/09/2018 09:00 PM, Ram Pai wrote:
On Fri, Mar 09, 2018 at 12:04:49PM +0100, Florian Weimer wrote:
On 03/09/2018 09:12 AM, Ram Pai wrote:
Once an address range is associated with an allocated pkey, it cannot be reverted back to key-0. There is no valid reason for the above behavior.

mprotect without a key does not necessarily use key 0, e.g. if
protection keys are used to emulate page protection flag combination
which is not directly supported by the hardware.

Therefore, it seems to me that filtering out non-allocated keys is
the right thing to do.

I am not sure, what you mean. Do you agree with the patch or otherwise?

I think it's inconsistent to make key 0 allocated, but not the key which is used for PROT_EXEC emulation, which is still reserved.  Even if you change the key 0 behavior, it is still not possible to emulate mprotect behavior faithfully with an allocated key.

Ugh.  Should have read the code first before replying:

        /* Do we need to assign a pkey for mm's execute-only maps? */
        if (execute_only_pkey == -1) {
                /* Go allocate one to use, which might fail */
                execute_only_pkey = mm_pkey_alloc(mm);
                if (execute_only_pkey < 0)
                        return -1;
                need_to_set_mm_pkey = true;
        }

So we do allocate the PROT_EXEC-only key, and I assume it means that the key can be restored using pkey_mprotect. So the key 0 behavior is a true exception after all, and it makes sense to realign the behavior with the other keys.

Thanks,
Florian




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux