Received: by 10.213.65.68 with SMTP id h4csp163323imn;
        Mon, 26 Mar 2018 18:06:49 -0700 (PDT)
X-Google-Smtp-Source: AG47ELucadiY3W5nRgQ3ObO99Zcgep4BvfA0H661RftpkCuwi937oAbb3Nt69jK6pHgvE0yC1qEL
X-Received: by 2002:a17:902:988c:: with SMTP id s12-v6mr27516944plp.318.1522112809137;
        Mon, 26 Mar 2018 18:06:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522112809; cv=none;
        d=google.com; s=arc-20160816;
        b=Qad1ln6O2wUc6mkQ6ojE+Bg0ZEwdYht1Nd8RtRdqWe+bSf5ZEwnXMtRc4V/p5Jxhz+
         UWwAnl2VvsbCcF9tV0rmi7MthreRwIPu9xZEQ9DgmITokqu4iU0rHr10+e0FDe114Oo2
         dgKRADVfLYsn4zaxeyZXdULC6gxFm0qC1xThLU/p7pCCD/hcQeCUcbsqFaC9+WhX0/wf
         Pc8NF+o86ZOQiOqV3fJfgPUDPVHcPiEOlQ2GHYL5wtSIX+q7bDkdOAQNas0ZqDY956Jw
         o4hpDF6kqNbCcc2e19YB5Ug3Io9PgxTL0Sbl6qrYAOIovpkVbOPorXnSuAxM3YeWw8Xu
         Ne1Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=pCIUaHgid71VbnXkzdFxNpzoOQmPK+JSmRIwd2YzPFA=;
        b=BrsbugTA7WEX1bbLiHmFP7gCeUfs8ob33qMPYmf107HuoRVQKo97BkaZ1xqVkwedC+
         dIqREp4Okjo5TqFcgaAH3sn1oLAPCsb9BY/bXDGpa0OcpuciiUcQNdA8ZP+qSjTO28Qh
         D0x0asMw3UKSFwpnFKKnVNDMnkaNDvdQzJ0VDJcp1syQ2JNQKHpqhUjZ6i7j8KvRMBKN
         lYZsc/T4mjPLK/XFWlrBO00Qrg/kfJH+QUODsRACXTaEBypiRJWbkLUs0bHfDpnjy/39
         CgRkbvHkcEE9JHcssww3d4MjIRNRNVbclQkueSV0/fj2y62Cm9CArb/DPXHr85S9kuiS
         8B9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=jNw3fpnU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b9si39575pgn.443.2018.03.26.18.06.34;
        Mon, 26 Mar 2018 18:06:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=jNw3fpnU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752133AbeC0BFS (ORCPT <rfc822;jekfish0@gmail.com> + 99 others);
        Mon, 26 Mar 2018 21:05:18 -0400
Received: from mail-qk0-f194.google.com ([209.85.220.194]:36860 "EHLO
        mail-qk0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751805AbeC0BFR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Mar 2018 21:05:17 -0400
Received: by mail-qk0-f194.google.com with SMTP id o205so10603423qke.3
        for <linux-kernel@vger.kernel.org>; Mon, 26 Mar 2018 18:05:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:to:cc:subject:date:message-id;
        bh=pCIUaHgid71VbnXkzdFxNpzoOQmPK+JSmRIwd2YzPFA=;
        b=jNw3fpnUuQrmFaTKtOILZ5SRT0jCuw4/gIUbKYjU7kAiac1294Cyz6CiMhYW7d9sUE
         Tb9JeMk5BsUBFmDVtNAbkgUQl6qQXaBpxUCuiAD2Vl4eF4OmRBzAMcphTv39oZ5STXMb
         5k2/+cgjOs2uNGD4ksFfwkwOrCGZqLHxSSiD1g3fhbki5y3nZgv4mNeLDI7TRQJ4XYX8
         NKO6EhPb9frERAjnCCxPtbWdk3og7hZPagC9bixpcvdYRzoX1+yXvw20z/EaZ3WVdHIm
         69OO5ov3jeLgvgD95Iz1Q6IlxWizGB510CyVdE8hRrP/vVYckxUkDeafovOrHMrzM70J
         SdDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:to:cc:subject:date:message-id;
        bh=pCIUaHgid71VbnXkzdFxNpzoOQmPK+JSmRIwd2YzPFA=;
        b=Ia1OdK008Gwvz7o650Q4RIE739R/OrO8qieTL0gwoXefDsIUQ1Nk8T5DYARPv/gXzj
         SetlAmApUzRaEG5p9ICDp53w5nhN8bIxEpYL9lx9qbGfKckg8GymJbBrHzpWMYWLIDT1
         rboyEMphT9MGcp6B4/ZpVu1IeJ1MxQ9cGmKSs5EXStHNPcTQh6x3kaX26pz/jJ9wzBHi
         VJQmCeP5aFXn9HCLC8G3ho5d6y864LELgKq3cjMkOmvzdd3Ldto6DNDdLX9ZhXt5tkvp
         qMt7PJ4tOzxq+adVLuYIQpi6J3Fr0TEjLcmg98BePe3poe245Y2QFmAnXkYqvwYxT442
         iD7w==
X-Gm-Message-State: AElRT7F7W5FwCtaBK/P4qJWePXEMvMmv83DO3W+9v9LkAZ5YJwE8IdV0
        CBpc4vyXULm5rIrPFknoZNQ=
X-Received: by 10.233.239.71 with SMTP id d68mr50251592qkg.100.1522112716973;
        Mon, 26 Mar 2018 18:05:16 -0700 (PDT)
Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161])
        by smtp.gmail.com with ESMTPSA id e30sm59195qtg.1.2018.03.26.18.05.14
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 26 Mar 2018 18:05:16 -0700 (PDT)
From:   Ram Pai <linuxram@us.ibm.com>
To:     mpe@ellerman.id.au, mingo@redhat.com, akpm@linux-foundation.org
Cc:     linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
        dave.hansen@intel.com, benh@kernel.crashing.org, paulus@samba.org,
        aneesh.kumar@linux.vnet.ibm.com, bsingharora@gmail.com,
        hbabu@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com,
        linuxram@us.ibm.com, fweimer@redhat.com, msuchanek@suse.com,
        tglx@linutronix.de, shuah@kernel.org
Subject: [PATCH v2] powerpc, pkey: make protection key 0 less special
Date:   Mon, 26 Mar 2018 18:05:02 -0700
Message-Id: <1522112702-27853-1-git-send-email-linuxram@us.ibm.com>
X-Mailer: git-send-email 1.7.1
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Applications need the ability to associate an address-range with some
key and latter revert to its initial default key. Pkey-0 comes close to
providing this function but falls short, because the current
implementation disallows applications to explicitly associate pkey-0 to
the address range.

Lets make pkey-0 less special and treat it almost like any other key.
Thus it can be explicitly associated with any address range, and can be
freed. This gives the application more flexibility and power.  The
ability to free pkey-0 must be used responsibily, since pkey-0 is
associated with almost all address-range by default.

Even with this change pkey-0 continues to be slightly more special
from the following point of view.
(a) it is implicitly allocated.
(b) it is the default key assigned to any address-range.

Tested on powerpc.

cc: Thomas Gleixner <tglx@linutronix.de>
cc: Dave Hansen <dave.hansen@intel.com>
cc: Michael Ellermen <mpe@ellerman.id.au>
cc: Ingo Molnar <mingo@kernel.org>
cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ram Pai <linuxram@us.ibm.com>
---
History:
	v2: mm_pkey_is_allocated() continued to treat pkey-0 special.
	    fixed it.

 arch/powerpc/include/asm/pkeys.h | 20 ++++++++++++++++----
 arch/powerpc/mm/pkeys.c          | 20 ++++++++++++--------
 2 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h
index 0409c80..b598fa9 100644
--- a/arch/powerpc/include/asm/pkeys.h
+++ b/arch/powerpc/include/asm/pkeys.h
@@ -101,10 +101,14 @@ static inline u16 pte_to_pkey_bits(u64 pteflags)
 
 static inline bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey)
 {
-	/* A reserved key is never considered as 'explicitly allocated' */
-	return ((pkey < arch_max_pkey()) &&
-		!__mm_pkey_is_reserved(pkey) &&
-		__mm_pkey_is_allocated(mm, pkey));
+	if (pkey < 0 || pkey >= arch_max_pkey())
+		return false;
+
+	/* Reserved keys are never allocated. */
+	if (__mm_pkey_is_reserved(pkey))
+		return false;
+
+	return __mm_pkey_is_allocated(mm, pkey);
 }
 
 extern void __arch_activate_pkey(int pkey);
@@ -200,6 +204,14 @@ static inline int arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
 {
 	if (static_branch_likely(&pkey_disabled))
 		return -EINVAL;
+
+	/*
+	 * userspace is discouraged from changing permissions of
+	 * pkey-0. powerpc hardware does not support it anyway.
+	 */
+	if (!pkey)
+		return init_val ? -EINVAL : 0;
+
 	return __arch_set_user_pkey_access(tsk, pkey, init_val);
 }
 
diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c
index ba71c54..e7a9e34 100644
--- a/arch/powerpc/mm/pkeys.c
+++ b/arch/powerpc/mm/pkeys.c
@@ -119,19 +119,21 @@ int pkey_initialize(void)
 #else
 	os_reserved = 0;
 #endif
-	/*
-	 * Bits are in LE format. NOTE: 1, 0 are reserved.
-	 * key 0 is the default key, which allows read/write/execute.
-	 * key 1 is recommended not to be used. PowerISA(3.0) page 1015,
-	 * programming note.
-	 */
+	/* Bits are in LE format. */
 	initial_allocation_mask = ~0x0;
 
 	/* register mask is in BE format */
 	pkey_amr_uamor_mask = ~0x0ul;
 	pkey_iamr_mask = ~0x0ul;
 
-	for (i = 2; i < (pkeys_total - os_reserved); i++) {
+	for (i = 0; i < (pkeys_total - os_reserved); i++) {
+	 	/*
+		 * key 1 is recommended not to be used.
+		 * PowerISA(3.0) page 1015,
+		 */
+		if (i == 1)
+			continue;
+
 		initial_allocation_mask &= ~(0x1 << i);
 		pkey_amr_uamor_mask &= ~(0x3ul << pkeyshift(i));
 		pkey_iamr_mask &= ~(0x1ul << pkeyshift(i));
@@ -145,7 +147,9 @@ void pkey_mm_init(struct mm_struct *mm)
 {
 	if (static_branch_likely(&pkey_disabled))
 		return;
-	mm_pkey_allocation_map(mm) = initial_allocation_mask;
+
+	/* allocate key-0 by default */
+	mm_pkey_allocation_map(mm) = initial_allocation_mask | 0x1;
 	/* -1 means unallocated or invalid */
 	mm->context.execute_only_pkey = -1;
 }
-- 
1.8.3.1