Received: by 10.213.65.68 with SMTP id h4csp1596107imn; Mon, 26 Mar 2018 10:32:55 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/ZDfoJdpx3WHZYe0cXOR4jXfr6t7zFAGvwNmKBv77WjGLYSBtjl/aD74VCxiy12mS2eY6U X-Received: by 2002:a17:902:850b:: with SMTP id bj11-v6mr1001082plb.35.1522085575883; Mon, 26 Mar 2018 10:32:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522085575; cv=none; d=google.com; s=arc-20160816; b=zD4Rtolb+H6zqgXZv1OUHyu9K8VWAKOVuU1brYEsYx30lF21k0Br6fC4ZT1Nq+9zZK jwkHz646GDaO8hXXxbNNRPidqstBha3dW2qCsef5ypuzMKBK5DVfjWHMKnXpAyIutDV3 k5736ap+/R9JJbClNSbegpxCDkCviIArfz8or9FCg812z8yhAzRfFaeZxugA2AqfVE6O Sx67jmxtQWuMqT0N1acq2lV9wT1SyJcfxuEm+IWC0070+fmEE0pdWYewQMtfilxk4Oux gv6RzWE0+Oyj21unO+HrL4syrZOYTxdAJwPumONtQWzXwLSiBBZlFNvmJP7hbwuTeD7g f5dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:in-reply-to:references:date :from:cc:to:subject:arc-authentication-results; bh=oNYr8wOOgjVkWIrGRs/HZtArZbJB6uYjPbvfSuRxN/I=; b=xnMEvQCaFByZVvipWHirEYJiSPNZY/OqQG43j2zixI56Si0YpipIlOAvbR9ww92vaN 9qh54sEJRO8hvI4GeSf/l/gOxrMn34RbOGkOueF1raknKAJnIR0H430LknRpVcsSQX47 lDvSMYDl+4jJHNy0THvjrsxtuaTsFxZUgeCLaAGDWWGBJdmmxqcRPnqmWj+ypzop/zZ0 O0KNNeEh2QNe7VDiIs3E5sIEqcwAfcduyE/vTn4TZ4kXYAQPhdRlQcFmY4buWV4viJsl 2U0cRqyEKwROF7yxbGPKVA44AUuykMneFn8YrAwG3P1Ceqjr4nNQxGZMvB08PUwRdeCm 1BzA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 44-v6si15589179pla.376.2018.03.26.10.32.40; Mon, 26 Mar 2018 10:32:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752687AbeCZR3h (ORCPT + 99 others); Mon, 26 Mar 2018 13:29:37 -0400 Received: from mga04.intel.com ([192.55.52.120]:25566 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752628AbeCZR3g (ORCPT ); Mon, 26 Mar 2018 13:29:36 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Mar 2018 10:29:35 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,365,1517904000"; d="scan'208";a="45427179" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.39.119]) by orsmga002.jf.intel.com with ESMTP; 26 Mar 2018 10:29:35 -0700 Subject: [PATCH 1/9] x86, pkeys: do not special case protection key 0 To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, Dave Hansen , stable@kernel.org, linuxram@us.ibm.com, tglx@linutronix.de, dave.hansen@intel.com, mpe@ellerman.id.au, mingo@kernel.org, akpm@linux-foundation.org, shuah@kernel.org From: Dave Hansen Date: Mon, 26 Mar 2018 10:27:22 -0700 References: <20180326172721.D5B2CBB4@viggo.jf.intel.com> In-Reply-To: <20180326172721.D5B2CBB4@viggo.jf.intel.com> Message-Id: <20180326172722.8CC08307@viggo.jf.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Hansen mm_pkey_is_allocated() treats pkey 0 as unallocated. That is inconsistent with the manpages, and also inconsistent with mm->context.pkey_allocation_map. Stop special casing it and only disallow values that are actually bad (< 0). The end-user visible effect of this is that you can now use mprotect_pkey() to set pkey=0. This is a bit nicer than what Ram proposed because it is simpler and removes special-casing for pkey 0. On the other hand, it does allow applciations to pkey_free() pkey-0, but that's just a silly thing to do, so we are not going to protect against it. Signed-off-by: Dave Hansen Fixes: 58ab9a088dda ("x86/pkeys: Check against max pkey to avoid overflows") Cc: stable@kernel.org Cc: Ram Pai Cc: Thomas Gleixner Cc: Dave Hansen Cc: Michael Ellermen Cc: Ingo Molnar Cc: Andrew Morton p Cc: Shuah Khan --- b/arch/x86/include/asm/mmu_context.h | 2 +- b/arch/x86/include/asm/pkeys.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff -puN arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated arch/x86/include/asm/mmu_context.h --- a/arch/x86/include/asm/mmu_context.h~x86-pkey-0-default-allocated 2018-03-26 10:22:33.742170197 -0700 +++ b/arch/x86/include/asm/mmu_context.h 2018-03-26 10:22:33.747170197 -0700 @@ -192,7 +192,7 @@ static inline int init_new_context(struc #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS if (cpu_feature_enabled(X86_FEATURE_OSPKE)) { - /* pkey 0 is the default and always allocated */ + /* pkey 0 is the default and allocated implicitly */ mm->context.pkey_allocation_map = 0x1; /* -1 means unallocated or invalid */ mm->context.execute_only_pkey = -1; diff -puN arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated arch/x86/include/asm/pkeys.h --- a/arch/x86/include/asm/pkeys.h~x86-pkey-0-default-allocated 2018-03-26 10:22:33.744170197 -0700 +++ b/arch/x86/include/asm/pkeys.h 2018-03-26 10:22:33.747170197 -0700 @@ -49,10 +49,10 @@ bool mm_pkey_is_allocated(struct mm_stru { /* * "Allocated" pkeys are those that have been returned - * from pkey_alloc(). pkey 0 is special, and never - * returned from pkey_alloc(). + * from pkey_alloc() or pkey 0 which is allocated + * implicitly when the mm is created. */ - if (pkey <= 0) + if (pkey < 0) return false; if (pkey >= arch_max_pkey()) return false; _