Received: by 10.213.65.68 with SMTP id h4csp1124283imn;
        Wed, 14 Mar 2018 10:16:12 -0700 (PDT)
X-Google-Smtp-Source: AG47ELtJ00kkkSjh78y9JBnhEbmfwvS3PZepgNAr9PBYvD3B2tRzBP8fUh3m9O81qEsVrK6FgQzp
X-Received: by 10.98.7.129 with SMTP id 1mr4994149pfh.133.1521047772838;
        Wed, 14 Mar 2018 10:16:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521047772; cv=none;
        d=google.com; s=arc-20160816;
        b=syC7QBPpFbUrN2EXLdhRAFkTAOvBrQdGlwt7Y05wNlGE4sfQWu2kKwa6AO45bsrmYa
         rIJ11mAVEr+J6Gx0/8iqN1+mQWrWwopHP8czdOw7upLBjIFYa8RAwwoDinRrbo/DnVfu
         XuDbr6sKHWNa+cVTxprbx2KYcava3fOwlhuBQgiEkCMsgytluJSGvDk7KafAD7PYCK7m
         DB3APTIYJquZ56hcwMHjKphY4UK23y5X9CrK9tw5GDL0j8gfbbvVo8JmeWZzAzlCELOi
         2Q4nwN58Ey1T1SxkbGoZf0pV1qmW+OvK6rw84FCkBhBYqLzEbcstO+p8p57z9m3HHL7P
         oiiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:user-agent:in-reply-to
         :content-disposition:mime-version:references:reply-to:subject:cc:to
         :from:date:arc-authentication-results;
        bh=PUiIwrqxhm7zAPGLsFEmjwaPiDQBZ907h7bVLJOTeks=;
        b=NgkuL7ZL63/pf8OrIH6zm1b3aAG49v1RqIuVas6eIx5NM/JeGK1UcyaUtVu0xQcy6F
         ZiczTbDMV7EaT2askpajm16uAULEQWtMEhkzjZ1DGITLGPd2zyrZB2Jp9R6fgXh4vvF0
         8bgpCb1NOno1nPPh7T3v+hP1yZAeKdCtCYzWJGqsYlk/bPdU+kdfE5Jofz/DziV051c7
         gmSwrTHpKvQkAx9zfzutYozPTgme9f4kur4QqLqmgUSDxeN62DypbS3VFmTWCOTfzI6n
         rgtR1yOpb+YuwFaKd9fdcgR87ctwkXshL8bSyOpsVJCSa/6CtzO3/a1xXX8Q1FTK1vRB
         LryA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n128si2082526pgn.827.2018.03.14.10.15.58;
        Wed, 14 Mar 2018 10:16:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751880AbeCNRPG (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Wed, 14 Mar 2018 13:15:06 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:47884 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1751362AbeCNRPF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Mar 2018 13:15:05 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2EHEAu2110558
        for <linux-kernel@vger.kernel.org>; Wed, 14 Mar 2018 13:15:04 -0400
Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2gq4phsscb-1
        (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Wed, 14 Mar 2018 13:15:04 -0400
Received: from localhost
        by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <linuxram@us.ibm.com>;
        Wed, 14 Mar 2018 17:15:02 -0000
Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197)
        by e06smtp13.uk.ibm.com (192.168.101.143) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Wed, 14 Mar 2018 17:14:57 -0000
Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2EHEvau48824354;
        Wed, 14 Mar 2018 17:14:57 GMT
Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 83CD542045;
        Wed, 14 Mar 2018 17:07:11 +0000 (GMT)
Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 2DB4C42047;
        Wed, 14 Mar 2018 17:07:06 +0000 (GMT)
Received: from ram.oc3035372033.ibm.com (unknown [9.85.168.17])
        by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTPS;
        Wed, 14 Mar 2018 17:07:05 +0000 (GMT)
Date:   Wed, 14 Mar 2018 10:14:48 -0700
From:   Ram Pai <linuxram@us.ibm.com>
To:     Dave Hansen <dave.hansen@intel.com>
Cc:     mingo@redhat.com, mpe@ellerman.id.au,
        linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, x86@kernel.org,
        linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
        akpm@linux-foundation.org, benh@kernel.crashing.org,
        paulus@samba.org, khandual@linux.vnet.ibm.com,
        aneesh.kumar@linux.vnet.ibm.com, bsingharora@gmail.com,
        hbabu@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com,
        ebiederm@xmission.com, corbet@lwn.net, arnd@arndb.de,
        fweimer@redhat.com, msuchanek@suse.com
Subject: Re: [PATCH 1/1 v2] x86: pkey-mprotect must allow pkey-0
Reply-To: Ram Pai <linuxram@us.ibm.com>
References: <1521013574-27041-1-git-send-email-linuxram@us.ibm.com>
 <18b155e3-07e9-5a4b-1f95-e1667078438c@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <18b155e3-07e9-5a4b-1f95-e1667078438c@intel.com>
User-Agent: Mutt/1.5.20 (2009-12-10)
X-TM-AS-GCONF: 00
x-cbid: 18031417-0012-0000-0000-000005BE77A4
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18031417-0013-0000-0000-0000193A7D78
Message-Id: <20180314171448.GA1060@ram.oc3035372033.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-14_09:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=2 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1803140192
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Mar 14, 2018 at 07:19:23AM -0700, Dave Hansen wrote:
> On 03/14/2018 12:46 AM, Ram Pai wrote:
> > Once an address range is associated with an allocated pkey, it cannot be
> > reverted back to key-0. There is no valid reason for the above behavior.  On
> > the contrary applications need the ability to do so.
> 
> I'm trying to remember why we cared in the first place. :)
> 
> Could you add that to the changelog, please?
> 
> > @@ -92,7 +92,8 @@ int mm_pkey_alloc(struct mm_struct *mm)
> >  static inline
> >  int mm_pkey_free(struct mm_struct *mm, int pkey)
> >  {
> > -	if (!mm_pkey_is_allocated(mm, pkey))
> > +	/* pkey 0 is special and can never be freed */
> > +	if (!pkey || !mm_pkey_is_allocated(mm, pkey))
> >  		return -EINVAL;
> 
> If an app was being really careful, couldn't it free up all of the
> implicitly-pkey-0-assigned memory so that it is not in use at all?  In
> that case, we might want to allow this.
> 
> On the other hand, nobody is likely to _ever_ actually do this so this
> is good shoot-yourself-in-the-foot protection.

I look at key-0 as 'the key'. It has special status. 
(a) It always exist.
(b) it cannot be freed.
(c) it is assigned by default.
(d) its permissions cannot be modified.
(e) it bypasses key-permission checks when assigned.

An arch need not necessarily map 'the key-0' to its key-0.  It could
internally map it to any of its internal key of its choice, transparent
to the application.

Do you see a problem to this view point?

RP