Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932628AbdGKSMl (ORCPT ); Tue, 11 Jul 2017 14:12:41 -0400 Received: from mga04.intel.com ([192.55.52.120]:17899 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756107AbdGKSMj (ORCPT ); Tue, 11 Jul 2017 14:12:39 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.40,347,1496127600"; d="scan'208";a="123903828" Subject: Re: [RFC v5 13/38] x86: disallow pkey creation with PKEY_DISABLE_EXECUTE To: Ram Pai , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org References: <1499289735-14220-1-git-send-email-linuxram@us.ibm.com> <1499289735-14220-14-git-send-email-linuxram@us.ibm.com> Cc: benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au, khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com, bsingharora@gmail.com, hbabu@us.ibm.com, arnd@arndb.de, akpm@linux-foundation.org, corbet@lwn.net, mingo@redhat.com From: Dave Hansen Message-ID: <1692f8f5-456c-dc4a-4502-a2ea63ede094@intel.com> Date: Tue, 11 Jul 2017 11:12:37 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <1499289735-14220-14-git-send-email-linuxram@us.ibm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 785 Lines: 21 On 07/05/2017 02:21 PM, Ram Pai wrote: > x86 does not support disabling execute permissions on a pkey. > > Signed-off-by: Ram Pai > --- > arch/x86/kernel/fpu/xstate.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c > index c24ac1e..d582631 100644 > --- a/arch/x86/kernel/fpu/xstate.c > +++ b/arch/x86/kernel/fpu/xstate.c > @@ -900,6 +900,9 @@ int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, > if (!boot_cpu_has(X86_FEATURE_OSPKE)) > return -EINVAL; > > + if (init_val & PKEY_DISABLE_EXECUTE) > + return -EINVAL; I'd really rather that we define a supported mask instead of having each architecture go through and list which ones it supports.