> On May 2, 2018, at 4:58 PM, Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > > On 05/02/2018 04:32 PM, Andy Lutomirski wrote: >>> But, where do those come from in this scenario? I'm not getting >>> the secondary mechanism is that *makes* them unsafe. >> pkey_alloc() itself. If someone tries to allocate a key with a given >> default mode, unless there’s already a key that already had that >> value in all threads or pkey_alloc() needs to asynchronously create >> such a key. > > I think you are saying: If a thread calls pkey_alloc(), all threads > should, by default, implicitly get access. No, I’m saying that all threads should get the *requested* access. If I’m protecting the GOT, I want all threads to get RO access. If I’m writing a crypto library, I probably want all threads to have no access. If I’m writing a database, I probably want all threads to get RO by default. If I’m writing some doodad to sandbox some carefully constructed code, I might want all threads to have full access by default. —Andy
