Received: by 10.213.65.68 with SMTP id h4csp264264imn; Mon, 26 Mar 2018 21:12:56 -0700 (PDT) X-Google-Smtp-Source: AG47ELtBw8GitVGvqQG2LPdaE65d46RT/K++oVXSANNefJ2w9z0FyzrjieduPsC2fOGVDvHbsuBZ X-Received: by 10.99.107.131 with SMTP id g125mr29901005pgc.16.1522123976074; Mon, 26 Mar 2018 21:12:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522123976; cv=none; d=google.com; s=arc-20160816; b=MYP5lMHZ3lRRixRBXgDD8/hRQgv1XbRbPsAjxNYzHRbB3bf0Xd7NAJy7Ixkrbn+vXC EY+WeX3b6Zkw39zV2XHh4Kk3DozDoP2mMtHRpF+SxeDKhia+Pe//ghknXCV2LfE2Esqt ISgF6kQzJgOO7h9GsEso1kabtbnq8S7J3X3qdVDGY6+ajeKDKeUpwbMhA2kTbvf4VVZf lJtLAV9+1APygq0qmb8klyvKKuN7+spwbi+uqniS1GLMs10rFY5+GIBTZ2RS8yLWa1TQ j0tZFllMhI8FgvNg1ucJJ7huXi752F2As5oNE/VrBfjBuuwwM6c9DAaQ01wUzpqTrefQ BoOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:cc:references:to:subject:arc-authentication-results; bh=PxKNq1IWhIbuAet3N4V4FS/sDGkn6rdg2QyWcNJ2N/E=; b=PeJolg0CLJ4oxCIsVX3+aimwoRQ0Qy+D8snNndsieLhrRLRaQ677N7h1JsAi63NsMq Hk4czJpwj0tyfmJz0chtLhuHZUYOj1gjMxVFoSQAB/WcDmaekQM8XNgzW/SZt+9iHI/5 UoFxKia3Ay55gQOJOIbfqCrUqXSMRhUIk1DarX2UAkksKVSXofNq7/e2vW5pfYDInEMv gVmKDM6dVA9evjIufVeHsrX9qNXxcwm66BC07S4ojs0btwvP4atZrDDxdVKyPz+y2lsz EJ2feWo9RGj/nQ4B8l2isLncirfbeL4MPsEvEDyjxCcaswZio/omqyNQPmaHGk2D2uZM sFvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 196si254886pgb.674.2018.03.26.21.12.41; Mon, 26 Mar 2018 21:12:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750939AbeC0ELu (ORCPT + 99 others); Tue, 27 Mar 2018 00:11:50 -0400 Received: from mga06.intel.com ([134.134.136.31]:56632 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750800AbeC0ELt (ORCPT ); Tue, 27 Mar 2018 00:11:49 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Mar 2018 21:11:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,366,1517904000"; d="scan'208";a="186266653" Received: from amasello-mobl.amr.corp.intel.com (HELO [10.254.112.46]) ([10.254.112.46]) by orsmga004.jf.intel.com with ESMTP; 26 Mar 2018 21:11:48 -0700 Subject: Re: [PATCH 1/9] x86, pkeys: do not special case protection key 0 To: Ram Pai , Dave Hansen References: <20180323180903.33B17168@viggo.jf.intel.com> <20180323180905.B40984E6@viggo.jf.intel.com> <20180327022718.GD5743@ram.oc3035372033.ibm.com> Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, tglx@linutronix.de, mpe@ellerman.id.au, mingo@kernel.org, akpm@linux-foundation.org, shuah@kernel.org From: Dave Hansen Message-ID: <0f990ce6-0eac-bd77-18d8-e2e3fdd5fb43@intel.com> Date: Mon, 26 Mar 2018 21:11:48 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180327022718.GD5743@ram.oc3035372033.ibm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/26/2018 07:27 PM, Ram Pai wrote: >> This is a bit nicer than what Ram proposed because it is simpler >> and removes special-casing for pkey 0. On the other hand, it does >> allow applciations to pkey_free() pkey-0, but that's just a silly >> thing to do, so we are not going to protect against it. > The more I think about this, the more I feel we are opening up a can > of worms. I am ok with a bad application, shooting itself in its feet. > But I am worried about all the bug reports and support requests we > will encounter when applications inadvertently shoot themselves > and blame it on the kernel. > > a warning in dmesg logs indicating a free-of-pkey-0 can help deflect > the blame from the kernel. I think it's OK to leave it. A legit, very careful app could decide not to use pkey 0. It might even be fun to write that in the selftests for sheer entertainment value. Although, it _could_ be a bit more debuggable than it is now. A tracepoint that dumps out the pkey that got faulted on along with the PKRU value at fault time might be nice to have. That's mildly difficult to do from outside the app.