Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S965633AbbLRVIQ (ORCPT <rfc822;w@1wt.eu>);
	Fri, 18 Dec 2015 16:08:16 -0500
Received: from mga14.intel.com ([192.55.52.115]:45801 "EHLO mga14.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S965178AbbLRVIM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 18 Dec 2015 16:08:12 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.20,447,1444719600"; 
   d="scan'208";a="844298743"
Subject: Re: Rethinking sigcontext's xfeatures slightly for PKRU's benefit?
To: Andy Lutomirski <luto@amacapital.net>, "H. Peter Anvin" <hpa@zytor.com>
References: <CALCETrVw2V+Ny7=D=_E2m0Qa_v7Bp8GUjhyDXx_bWC35R2ohjg@mail.gmail.com>
 <56736BD1.5080700@linux.intel.com>
 <CALCETrWBjvTiVBPc098cGSH2vdezvdg-i6N4kZjgdcPT7uXoiQ@mail.gmail.com>
 <5673750B.606@linux.intel.com>
 <CALCETrWMofAX8TbZNyPaCWUHqcE85wpehDR05irEPtTYiVMXRA@mail.gmail.com>
 <FEA53E3B-6AE2-4305-82B1-C57451B6E33E@zytor.com>
 <CALCETrU28FoOwR+n8U0Qtt20=ZW6rgc3=M8X4G0QMt1_ZVHY7Q@mail.gmail.com>
 <567453AF.5060808@linux.intel.com>
 <CALCETrU7TnbLSzOuGNmh=xDpa5W729RJSPdap2izXxagfg-biQ@mail.gmail.com>
 <56746774.8000707@linux.intel.com>
 <CA+55aFycMWxCVY1p8n_D8nGz7Ky35uAmZMWm=zE5LBsqModiBg@mail.gmail.com>
 <CALCETrVWgFPTap_DNzP5vnrtyr7jjMwFHyRy=iY0amHrQ_euwg@mail.gmail.com>
 <56747360.3040909@zytor.com>
 <CALCETrVsLX0vBKSRhC8WsbJvDSakPpP9+sPSPfaf22Mrm0a7yw@mail.gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        Oleg Nesterov <oleg@redhat.com>, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>,
        Brian Gerst <brgerst@gmail.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Christoph Hellwig <hch@lst.de>
From: Dave Hansen <dave.hansen@linux.intel.com>
Message-ID: <567475B8.8020800@linux.intel.com>
Date: Fri, 18 Dec 2015 13:08:08 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <CALCETrVsLX0vBKSRhC8WsbJvDSakPpP9+sPSPfaf22Mrm0a7yw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1457
Lines: 29

On 12/18/2015 01:02 PM, Andy Lutomirski wrote:
> On Fri, Dec 18, 2015 at 12:58 PM, H. Peter Anvin <hpa@zytor.com> wrote:
>> > On 12/18/2015 12:49 PM, Andy Lutomirski wrote:
>>> >>
>>> >> IOW, I like my idea in which signal delivery always sets PKRU to the
>>> >> application-requested-by-syscall values and sigreturn restores it.
>>> >> Kinda like sigaltstack, but applies to all signals and affects PKRU
>>> >> instead of RSP.
>>> >>
>> > I think this is the only sensible option, with the default being all zero.
>> >
> Or not quite all zero if we do Dave's experimental PROT_EXEC thing.
> 
> Actually, I want to introduce a set of per-mm "incompatible" bits.  By
> default, they'd be zero.  We can, as needed, define bits that do
> something nice but break old code.  I want one of the bits to turn
> vsyscalls off entirely.  Another bit could say that the kernel is
> allowed to steal a protection key for PROT_EXEC.

That really only makes sense if we have userspace that expects all the
protection keys to be available.  If we go the route of having
pkey_alloc/free() syscalls, then the kernel can easily tell userspace to
keep its mitts off a particular pkey by not ever returning it from a
pkey_alloc().
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/