Received: by 10.213.65.68 with SMTP id h4csp426822imn; Sat, 17 Mar 2018 09:03:05 -0700 (PDT) X-Google-Smtp-Source: AG47ELvPciEcH2XZITr2dhrMvAloHOd8bSSgNZDUJm+42Uc4NLTF2ULM8P6jR9+xIkvQmbif4lKL X-Received: by 10.101.74.15 with SMTP id s15mr4682509pgq.382.1521302585744; Sat, 17 Mar 2018 09:03:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521302585; cv=none; d=google.com; s=arc-20160816; b=MzSgN0oVkGZ4XNsNWsKsPbnhZE4kqTfD/avOs40z0tfyBd8N1wMN/noBANg00p2lrl 9UhtOmhi1oI+VL4sUWTWcb9KhrexHKStmhysY66/6gdPE2nYymzxjd3vlMsj50BS+tbV smYXz86Afrv+Sa8gFsVdnn4U06c9xgekyKdyUz4K5MUjBN2l8+gqGCQg243mgquMpnyD j8nTKvqOF//7XLBUuQdAqKUAUBCzpmKC75Fdm/CpZ4tGLDu+kPI7z6xjki5NPO+9VN+8 2sxNqXwCxRX1TatYg7gXZj82wS7rjjP4Ewr2KnmoGPaPij8jcHyN5aPNkwJdViuUsuUC HgXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:cc:references:to:subject:arc-authentication-results; bh=akvvmtLZ0mx0r9G8m5zqr9BOEKSwhzxmX+qZjHyOfOA=; b=yLxp7An7aw/b4mwC3iDWbL1XKCz3r6fnPvOwhBGT536Znno4MWPYK/mt+yV7IfS1vv 5zANfd9kvK/Zld6QKst+csI/CLiZGfCqB5jyIqrMaXYnSrLcr/X1Ckd9W2LTSKHFkL6H rgInRYzfipPr4SXvvSUuj/hOGsLMBs9T7y1Ygy0ATFvrC3ebra53Asz6YRg/fxhOUZUM itJXKC1wRUkEPNWx/1oe0Awck3LtH0FoEDEhd64PYQfDL0gpLLem+CgYvCjA9woeZv4k qvWq0dhvr53pB28PIgnZwNjFPwFdG3hgVd9ELmTcooatsuF1Dk/g1fGA26L3zFqjyp29 ifyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z13si7367549pfh.217.2018.03.17.09.02.50; Sat, 17 Mar 2018 09:03:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753317AbeCQQBW (ORCPT + 99 others); Sat, 17 Mar 2018 12:01:22 -0400 Received: from mga09.intel.com ([134.134.136.24]:39557 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751618AbeCQQBV (ORCPT ); Sat, 17 Mar 2018 12:01:21 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Mar 2018 09:01:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,321,1517904000"; d="scan'208";a="42915861" Received: from crbarret-hp820.amr.corp.intel.com (HELO [10.254.101.13]) ([10.254.101.13]) by orsmga002.jf.intel.com with ESMTP; 17 Mar 2018 09:01:20 -0700 Subject: Re: [PATCH 1/3] x86, pkeys: do not special case protection key 0 To: Thomas Gleixner , Dave Hansen References: <20180316214654.895E24EC@viggo.jf.intel.com> <20180316214656.0E059008@viggo.jf.intel.com> Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, linuxram@us.ibm.com, mpe@ellerman.id.au, mingo@kernel.org, akpm@linux-foundation.org, shuah@kernel.org From: Dave Hansen Message-ID: <6e0c687d-f465-5433-10be-db04489278a9@intel.com> Date: Sat, 17 Mar 2018 09:01:20 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/17/2018 02:12 AM, Thomas Gleixner wrote: >> This is a bit nicer than what Ram proposed because it is simpler >> and removes special-casing for pkey 0. On the other hand, it does >> allow applciations to pkey_free() pkey-0, but that's just a silly >> thing to do, so we are not going to protect against it. > What's the consequence of that? Application crashing and burning itself or > something more subtle? You would have to: pkey_free(0) ... later new_key = pkey_alloc(); // now new_key=0 pkey_deny_access(new_key); // or whatever At which point most apps would probably croak because its stack is inaccessible. The free itself does not make the key inaccessible, *but* we could also do that within the existing ABI if we want. I think I called out that behavior as undefined in the manpage.