On Sat, 17 Mar 2018, Dave Hansen wrote: > On 03/17/2018 02:12 AM, Thomas Gleixner wrote: > >> This is a bit nicer than what Ram proposed because it is simpler > >> and removes special-casing for pkey 0. On the other hand, it does > >> allow applciations to pkey_free() pkey-0, but that's just a silly > >> thing to do, so we are not going to protect against it. > > What's the consequence of that? Application crashing and burning itself or > > something more subtle? > > You would have to: > > pkey_free(0) > ... later > new_key = pkey_alloc(); > // now new_key=0 > pkey_deny_access(new_key); // or whatever > > At which point most apps would probably croak because its stack is > inaccessible. The free itself does not make the key inaccessible, *but* > we could also do that within the existing ABI if we want. I think I > called out that behavior as undefined in the manpage. As long as its documented and the change only allows people to shoot them more in the foot, we're all good. Thanks, tglx
