Hi Szabolcs,
On Fri, May 31, 2024 at 03:57:07PM +0100, Szabolcs Nagy wrote:
> The 05/03/2024 14:01, Joey Gouly wrote:
> > Implement the PKEYS interface, using the Permission Overlay Extension.
> ...
> > +#ifdef CONFIG_ARCH_HAS_PKEYS
> > +int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, unsigned long init_val)
> > +{
> > + u64 new_por = POE_RXW;
> > + u64 old_por;
> > + u64 pkey_shift;
> > +
> > + if (!arch_pkeys_enabled())
> > + return -ENOSPC;
> > +
> > + /*
> > + * This code should only be called with valid 'pkey'
> > + * values originating from in-kernel users. Complain
> > + * if a bad value is observed.
> > + */
> > + if (WARN_ON_ONCE(pkey >= arch_max_pkey()))
> > + return -EINVAL;
> > +
> > + /* Set the bits we need in POR: */
> > + if (init_val & PKEY_DISABLE_ACCESS)
> > + new_por = POE_X;
> > + else if (init_val & PKEY_DISABLE_WRITE)
> > + new_por = POE_RX;
> > +
>
> given that the architecture allows r,w,x permissions to be
> set independently, should we have a 'PKEY_DISABLE_EXEC' or
> similar api flag?
>
> (on other targets it can be some invalid value that fails)
I didn't think about the best way to do that yet. PowerPC has a PKEY_DISABLE_EXECUTE.
We could either make that generic, and X86 has to error if it sees that bit, or
we add a arch-specific PKEY_DISABLE_EXECUTE like PowerPC.
A user can still set it by interacting with the register directly, but I guess
we want something for the glibc interface..
Dave, any thoughts here?
>
> > + /* Shift the bits in to the correct place in POR for pkey: */
> > + pkey_shift = pkey * POR_BITS_PER_PKEY;
> > + new_por <<= pkey_shift;
> > +
> > + /* Get old POR and mask off any old bits in place: */
> > + old_por = read_sysreg_s(SYS_POR_EL0);
> > + old_por &= ~(POE_MASK << pkey_shift);
> > +
> > + /* Write old part along with new part: */
> > + write_sysreg_s(old_por | new_por, SYS_POR_EL0);
> > +
> > + return 0;
> > +}
> > +#endif
Thanks,
Joey
