Received: by 10.213.65.68 with SMTP id h4csp298676imn;
        Fri, 16 Mar 2018 03:35:08 -0700 (PDT)
X-Google-Smtp-Source: AG47ELv8pumSXkxHgCE6TdWLUn6WR4vtju09pim98mRN73Scvmq68CZWMEwG0fjk8jK8gWCPHOEX
X-Received: by 2002:a17:902:20ca:: with SMTP id v10-v6mr1604051plg.9.1521196508456;
        Fri, 16 Mar 2018 03:35:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521196508; cv=none;
        d=google.com; s=arc-20160816;
        b=c4WzVnqObM8CPDiG0D6roeJclOrB81ZtGveTEnRTcoI7owk9euLphJKEUdu5bDyQRc
         NJya7hD/6b7l9vulBQ72lKF0LSNk3TF5pgqjq33kXZWcFSghs7Pz+kiocnBdxAg/5l3b
         7NXcDtt5mgjadtuNfhRfQpbsG3bw0pGmrEjkLFzMupzfgE99OJV/Qw/6+zX3cJ6EvLFu
         vMo0LeG/u7FLIIeXnt6Te39C5Kh/AQOnRXAGCP/EWBFx7vy/1eAJ50ZC8VtnJpQEdCn8
         HQiyVuIJySHUEJKdxkf91bMpCTnvhwnkVObZ3/3v0IC39oZW2uhtzOYuo5JB6u+WQc2q
         Ilew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=GZcHTaaz4a6VgiZmTgfzEuET2XQoIfuoGwyANB3wLPo=;
        b=WN7mpoO6gFFF/oyaK8pzTsemni0/p/A271Idrt3M8ZEEi/XumUa2sbP3bsJFAJZHjf
         w7/1MGttQr3SxqC+Ryf4Fk22flpL8tHG9Y9Vx9F2+ftNmBfGutDuu3jWMUD48fKlDk0V
         zAkh4igLYBe9SmSQb0rOS+V6ljEJKpMpAAqO+X3HX+ZPRIQ2LsmQyMJxnK+ePtkmAQZB
         IVT3TonD3apTmwQMtHNdjOAeKQdmeGwLsVCMbkL1i0f6mE4jbwGLfssU8JVkWHg4m4vL
         1T9tMRT5qnoeJnPZI3BiheagfWXHgt+HNYtOxWkuuPSkn7d1WP8or0fuss08tFTt669/
         V9FQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=jg0DcoRo;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d8si4847053pgt.246.2018.03.16.03.34.53;
        Fri, 16 Mar 2018 03:35:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=jg0DcoRo;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753181AbeCPKd5 (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Fri, 16 Mar 2018 06:33:57 -0400
Received: from mail-qk0-f193.google.com ([209.85.220.193]:34992 "EHLO
        mail-qk0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752544AbeCPKdy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Mar 2018 06:33:54 -0400
Received: by mail-qk0-f193.google.com with SMTP id s188so10464986qkb.2;
        Fri, 16 Mar 2018 03:33:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id;
        bh=GZcHTaaz4a6VgiZmTgfzEuET2XQoIfuoGwyANB3wLPo=;
        b=jg0DcoRoq2zJ/yp/JPyzau0A3nY0A3Fc5EuSAHx3f4Ji/J6aVZs7n63Z/9NelhfQrl
         swAKinq0XhkxIcUWE3pyyaLpMOQBceeSv0y2iNxW94NsiumwlDPLwSPTVYF9R6YMsN5E
         k7tXtZrAQjJDmOV17bYwvv8BIjVMdZx6OoFqOdCP8NGeh2x3SKD4c9PcOfq/oynr3lJW
         RhwiCCphazPzvs7Z2ait2IG8lDDq7P0uzrCoIchfTFF6iMibxDEd3psklA4drvwziyDz
         5Mdt3Gi3tqp8QER994UsrzhcfdzkHR3J9VJjIvIftvbb4KffYrn1P4Vi+UjR4wWse1Gr
         mjEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:cc:subject:date:message-id;
        bh=GZcHTaaz4a6VgiZmTgfzEuET2XQoIfuoGwyANB3wLPo=;
        b=nsVyDnHCyioNz1w1UlQei0OcWc2zGApk8EoS+QN6vxQAUJsVG88SdqevkUy5tgTR5x
         ik1DdzD0d9VtdCZhz5Md3UUGh0E09v0G+Hb2FBVflsMoM2EZSbcRskTYasP1dAjwxJsY
         6WR1WHlChucFJupYSXO8JAF2FzBSYQK0LWYcpoiAxau6p8RIVBkK9elpOUMgFlxwemcD
         KVSMuEvnZ2cwMFHGZ4UrO5xnSoSDJk90hpsCX+Lahcv1YJ7c7ynfUJBBCQgJi9TIuW5y
         SAcIsqC/Z7MBKoZGJ59ON8t5xvL9Y2UZM9pH1Im64Nu6RkkGcSBlr6feyT36ikACp++J
         Omhw==
X-Gm-Message-State: AElRT7GZnX5E3GE1mMtPDCjJNy2xspB99BCUwA4cY9pazG7lrr9ucLOA
        ynmpxWM9SMxOKKwY/uLc1h0=
X-Received: by 10.55.133.7 with SMTP id h7mr1825921qkd.130.1521196433943;
        Fri, 16 Mar 2018 03:33:53 -0700 (PDT)
Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161])
        by smtp.gmail.com with ESMTPSA id e3sm1133509qkm.51.2018.03.16.03.33.50
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 16 Mar 2018 03:33:53 -0700 (PDT)
From:   Ram Pai <linuxram@us.ibm.com>
To:     mpe@ellerman.id.au, mingo@redhat.com, akpm@linux-foundation.org
Cc:     linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, x86@kernel.org,
        linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
        dave.hansen@intel.com, benh@kernel.crashing.org, paulus@samba.org,
        khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com,
        bsingharora@gmail.com, hbabu@us.ibm.com, mhocko@kernel.org,
        bauerman@linux.vnet.ibm.com, ebiederm@xmission.com,
        linuxram@us.ibm.com, corbet@lwn.net, arnd@arndb.de,
        fweimer@redhat.com, msuchanek@suse.com, tglx@linutronix.de,
        Ulrich.Weigand@de.ibm.com, ram.n.pai@gmail.com
Subject: [PATCH v4] mm, pkey: treat pkey-0 special
Date:   Fri, 16 Mar 2018 03:33:36 -0700
Message-Id: <1521196416-18157-1-git-send-email-linuxram@us.ibm.com>
X-Mailer: git-send-email 1.7.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Applications need the ability to associate an address-range with some
key and latter revert to its initial default key. Pkey-0 comes close to
providing this function but falls short, because the current
implementation disallows applications to explicitly associate pkey-0 to
the address range.

Clarify the semantics of pkey-0 and provide the corresponding
implementation.

Pkey-0 is special with the following semantics.
(a) it is implicitly allocated and can never be freed. It always exists.
(b) it is the default key assigned to any address-range.
(c) it can be explicitly associated with any address-range.

Tested on powerpc only. Could not test on x86.

cc: Thomas Gleixner <tglx@linutronix.de>
cc: Dave Hansen <dave.hansen@intel.com>
cc: Michael Ellermen <mpe@ellerman.id.au>
cc: Ingo Molnar <mingo@kernel.org>
cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ram Pai <linuxram@us.ibm.com>
---
 History:
     v4 : (1) moved the code entirely in arch-independent location.
     	  (2) fixed comments -- suggested by Thomas Gliexner
     v3 : added clarification of the semantics of pkey0.
               -- suggested by Dave Hansen
     v2 : split the patch into two, one for x86 and one for powerpc
               -- suggested by Michael Ellermen

 Documentation/x86/protection-keys.txt |    8 ++++++++
 mm/mprotect.c                         |   25 ++++++++++++++++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/Documentation/x86/protection-keys.txt b/Documentation/x86/protection-keys.txt
index ecb0d2d..92802c4 100644
--- a/Documentation/x86/protection-keys.txt
+++ b/Documentation/x86/protection-keys.txt
@@ -88,3 +88,11 @@ with a read():
 The kernel will send a SIGSEGV in both cases, but si_code will be set
 to SEGV_PKERR when violating protection keys versus SEGV_ACCERR when
 the plain mprotect() permissions are violated.
+
+====================== pkey 0 ==================================
+
+Pkey-0 is special. It is implicitly allocated. Applications cannot allocate or
+free that key. This key is the default key that gets associated with a
+addres-space. It can be explicitly associated with any address-space.
+
+================================================================
diff --git a/mm/mprotect.c b/mm/mprotect.c
index e3309fc..2c779fa 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -430,7 +430,13 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
 	 * them use it here.
 	 */
 	error = -EINVAL;
-	if ((pkey != -1) && !mm_pkey_is_allocated(current->mm, pkey))
+
+	/*
+	 * pkey-0 is special. It always exists. No need to check if it is
+	 * allocated. Check allocation status of all other keys. pkey=-1
+	 * is not realy a key, it means; use any available key.
+	 */
+	if (pkey && pkey != -1 && !mm_pkey_is_allocated(current->mm, pkey))
 		goto out;
 
 	vma = find_vma(current->mm, start);
@@ -549,6 +555,12 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
 	if (pkey == -1)
 		goto out;
 
+	if (!pkey) {
+		mm_pkey_free(current->mm, pkey);
+		printk("Internal error, cannot explicitly allocate key-0");
+		goto out;
+	}
+
 	ret = arch_set_user_pkey_access(current, pkey, init_val);
 	if (ret) {
 		mm_pkey_free(current->mm, pkey);
@@ -564,13 +576,20 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
 {
 	int ret;
 
+	/*
+	 * pkey-0 is special. Userspace can never allocate or free it. It is
+	 * allocated by default. It always exists.
+	 */
+	if (!pkey)
+		return -EINVAL;
+
 	down_write(&current->mm->mmap_sem);
 	ret = mm_pkey_free(current->mm, pkey);
 	up_write(&current->mm->mmap_sem);
 
 	/*
-	 * We could provie warnings or errors if any VMA still
-	 * has the pkey set here.
+	 * We could provide warnings or errors if any VMA still has the pkey
+	 * set here.
 	 */
 	return ret;
 }
-- 
1.7.1