Received: by 10.213.65.68 with SMTP id h4csp833171imn;
        Wed, 14 Mar 2018 01:06:44 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsgHneO6NsdjVwCdkRKG7rarfz837nKsKmbHv5dFa089UVr2jjOXPqXzA4TtvvdZFRuK/fQ
X-Received: by 2002:a17:902:d03:: with SMTP id 3-v6mr3250908plu.245.1521014804925;
        Wed, 14 Mar 2018 01:06:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521014804; cv=none;
        d=google.com; s=arc-20160816;
        b=veNKCOV3nO9icJkLJWd9x7WzMEeLVoql88H89VYUur42BYEqWO6BxRuc+bJNrGd5M+
         e7ktQT1+lre8N86zOAAuBasUzjBdNr78HQWR6DhbFyZnZveGyaDAQE5iQ9aqveKs9/uY
         C10QiOb2yHsoBWe7zxph25Nw8tMFpzWYEHZWJYliqTMoSSebDfb2eloKkdFvQW5M7PtL
         iRdbI5Gjf6WxHAA4ft7ZRx5Y9jtiNvQAzzksAecAfObx3XevKwn37ANtx1bHLKj1Tha5
         9RS+mh/2j5QqV1VeGO4Tovf8rYq92AN3nzqRADgWUNXBsgbzITJLWkiy8myCPsaqKkHO
         S92w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:references:cc:to:from:subject:arc-authentication-results;
        bh=0zvnZEzaOarQXEcNWUeBHClhyjp7LaUSX8DGzxx9RBc=;
        b=Vda++OrznHHoAl4PtMrrZg0HYRd/ld3jy14/49ZpFltvbo7cx9iZvteWgvBYZ07fpD
         rDAUo5kQaHcepvXr62Kc0WwNrz6zyEZ8DxXZCtEQB1fksBZuMX/Jlu4JdPPE9BBUa3I/
         yZ/vCIuWC/ZPUuUWEKgK+Ln+LGhnzBJt7fuqTfrbmWsvuo92f8xMpNPo3GsorqMAVFp4
         MroNA61u5M5pSd0yS3H7/NUaAFBZt0hBSrvLZCPGuA/kYsqmuI8SUZLsWWDEXWgRxCvs
         yPE2XIFX7MVbQGRTT6WDrQ+go7zQicXc3F1uFSWMvsrMplZl3t9dmiXHegFBdAmHx/7d
         2KJg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b9-v6si1542472pls.108.2018.03.14.01.06.30;
        Wed, 14 Mar 2018 01:06:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753391AbeCNIFh (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Wed, 14 Mar 2018 04:05:37 -0400
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:47674 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1753221AbeCNIFf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Mar 2018 04:05:35 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 3703A4040070;
        Wed, 14 Mar 2018 08:05:34 +0000 (UTC)
Received: from oldenburg.str.redhat.com (ovpn-116-145.ams2.redhat.com [10.36.116.145])
        by smtp.corp.redhat.com (Postfix) with ESMTP id D3BF22026DFD;
        Wed, 14 Mar 2018 08:05:30 +0000 (UTC)
Subject: Re: [PATCH] x86, powerpc : pkey-mprotect must allow pkey-0
From:   Florian Weimer <fweimer@redhat.com>
To:     Ram Pai <linuxram@us.ibm.com>
Cc:     mpe@ellerman.id.au, mingo@redhat.com, akpm@linux-foundation.org,
        linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, x86@kernel.org,
        linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
        dave.hansen@intel.com, benh@kernel.crashing.org, paulus@samba.org,
        khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com,
        bsingharora@gmail.com, hbabu@us.ibm.com, mhocko@kernel.org,
        bauerman@linux.vnet.ibm.com, ebiederm@xmission.com, corbet@lwn.net,
        arnd@arndb.de, msuchanek@suse.com, Ulrich.Weigand@de.ibm.com
References: <1520583161-11741-1-git-send-email-linuxram@us.ibm.com>
 <ec90ed75-2810-bcc3-8439-8dc85a6b46ac@redhat.com>
 <20180309200017.GR1060@ram.oc3035372033.ibm.com>
 <f71b583f-2b66-e9ed-b08b-fddff228a5a7@redhat.com>
Message-ID: <0a6981b3-dcd2-4dce-3209-7f8055d8548f@redhat.com>
Date:   Wed, 14 Mar 2018 09:05:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <f71b583f-2b66-e9ed-b08b-fddff228a5a7@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 14 Mar 2018 08:05:34 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 14 Mar 2018 08:05:34 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'fweimer@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 03/14/2018 09:00 AM, Florian Weimer wrote:
> On 03/09/2018 09:00 PM, Ram Pai wrote:
>> On Fri, Mar 09, 2018 at 12:04:49PM +0100, Florian Weimer wrote:
>>> On 03/09/2018 09:12 AM, Ram Pai wrote:
>>>> Once an address range is associated with an allocated pkey, it 
>>>> cannot be
>>>> reverted back to key-0. There is no valid reason for the above 
>>>> behavior.
>>>
>>> mprotect without a key does not necessarily use key 0, e.g. if
>>> protection keys are used to emulate page protection flag combination
>>> which is not directly supported by the hardware.
>>>
>>> Therefore, it seems to me that filtering out non-allocated keys is
>>> the right thing to do.
>>
>> I am not sure, what you mean. Do you agree with the patch or otherwise?
> 
> I think it's inconsistent to make key 0 allocated, but not the key which 
> is used for PROT_EXEC emulation, which is still reserved.  Even if you 
> change the key 0 behavior, it is still not possible to emulate mprotect 
> behavior faithfully with an allocated key.

Ugh.  Should have read the code first before replying:

         /* Do we need to assign a pkey for mm's execute-only maps? */
         if (execute_only_pkey == -1) {
                 /* Go allocate one to use, which might fail */
                 execute_only_pkey = mm_pkey_alloc(mm);
                 if (execute_only_pkey < 0)
                         return -1;
                 need_to_set_mm_pkey = true;
         }

So we do allocate the PROT_EXEC-only key, and I assume it means that the 
key can be restored using pkey_mprotect.  So the key 0 behavior is a 
true exception after all, and it makes sense to realign the behavior 
with the other keys.

Thanks,
Florian