Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp15794ybi; Fri, 14 Jun 2019 17:31:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqyYaQlmyy3b7uKnsckYRyn+Ce3LmuofQpZ8s7o6CVXGKQNFoWvKIOREqDqs8WmxNtPqBO0i X-Received: by 2002:aa7:8292:: with SMTP id s18mr72865473pfm.111.1560558660894; Fri, 14 Jun 2019 17:31:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560558660; cv=none; d=google.com; s=arc-20160816; b=qmhi4s2XhC/vA85p0EhC/5K7LwF5TCAgr6AJro2wApKQKc0Vr6sJmJ970cNNvfswNy /IxAxNxDinLiMHsyLgkkEFonWWDt41zGsr+VSV6kKZ2j9z9YcboRfTDxrHVccQzfhyt/ d/peAfS5b7P4SRy1WGtvaJkw2Fa4eg6dtF+vFC1xY6OZ6P77qBk6anL7DSe8npel9MOw VSfxIeUjyOxMUXI614qugtkqLwzvvQxldY8rUmHUlEPZCJcOQkd1s4HA+URyJ7WC7NY/ zGhTwp3lMMAdNDsvi7YVFmjRsqbH4VadPvdH0f9cTkcy1hZVMRbo299XrHk76MbeGz4s AjNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=KmfkUDcbXBjuwj5yzcQuQKQgi24UD03tulJmJMc6gMA=; b=e0Pfx567w7vs43Gg0Bmw2U7q+zW1jvZrQHuc15BG0H2KYGW+VDqiwm6ntCTWlhXN7i PWNumpJxlMhMNCzu22w9GiYchJlDfME4XEhgb+z4DmCX+48A7A3Gl9BMIASxsSJZb9f4 c4IE7Ne1NGFuGoftxh/VCd4L1tqc1IuGm+5GputvLK9LAIB48cJ06mPCjdh3F0ZZIrL+ VNl5AUHBAbhdBYutszgBnmGlNLvcfERv/1Nq4LxaM3s8YkG7qVmrDfyEjL2ezKWNi/ic f3BSaQiTPXXfkK2wWOtCYFgHHnU7XcDQQAFKM82XEf6LSZHino417qc/y0qst4mK+G6D Pjlw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7si3871304pgq.405.2019.06.14.17.30.44; Fri, 14 Jun 2019 17:31:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726073AbfFOA31 (ORCPT + 99 others); Fri, 14 Jun 2019 20:29:27 -0400 Received: from mga18.intel.com ([134.134.136.126]:26556 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725825AbfFOA31 (ORCPT ); Fri, 14 Jun 2019 20:29:27 -0400 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Jun 2019 17:29:25 -0700 Received: from alison-desk.jf.intel.com ([10.54.74.53]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Jun 2019 17:29:25 -0700 Date: Fri, 14 Jun 2019 17:32:31 -0700 From: Alison Schofield To: Peter Zijlstra Cc: "Kirill A. Shutemov" , Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Andy Lutomirski , David Howells , Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME Message-ID: <20190615003231.GA15479@alison-desk.jf.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> <20190508144422.13171-46-kirill.shutemov@linux.intel.com> <20190614115137.GF3436@hirez.programming.kicks-ass.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190614115137.GF3436@hirez.programming.kicks-ass.net> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 14, 2019 at 01:51:37PM +0200, Peter Zijlstra wrote: > On Wed, May 08, 2019 at 05:44:05PM +0300, Kirill A. Shutemov wrote: snip > > /* > > - * When pkey==NO_KEY we get legacy mprotect behavior here. > > + * do_mprotect_ext() supports the legacy mprotect behavior plus extensions > > + * for Protection Keys and Memory Encryption Keys. These extensions are > > + * mutually exclusive and the behavior is: > > + * (pkey==NO_KEY && keyid==NO_KEY) ==> legacy mprotect > > + * (pkey is valid) ==> legacy mprotect plus Protection Key extensions > > + * (keyid is valid) ==> legacy mprotect plus Encryption Key extensions > > */ > > static int do_mprotect_ext(unsigned long start, size_t len, > > - unsigned long prot, int pkey) > > + unsigned long prot, int pkey, int keyid) > > { snip > > I've missed the part where pkey && keyid results in a WARN or error or > whatever. > I wasn't so sure about that since do_mprotect_ext() is the call 'behind' the system calls. legacy mprotect always calls with: NO_KEY, NO_KEY pkey_mprotect always calls with: pkey, NO_KEY encrypt_mprotect always calls with NO_KEY, keyid Would a check on those arguments be debug only to future proof this?