Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2289251ybi; Mon, 17 Jun 2019 02:09:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqx7oO9QIFKxGoKkfgzC1VuMgenpOKjHBQzBI4p8xwteXcSPqfKUWS5xkQ3DHfCOT7BuWqPv X-Received: by 2002:a17:90a:8d09:: with SMTP id c9mr25609882pjo.131.1560762566847; Mon, 17 Jun 2019 02:09:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560762566; cv=none; d=google.com; s=arc-20160816; b=tXxlj311Szite/mD8sXCBJ1JVVhNjdiQwQYw0dA+eESh3hUQypXlNA8qVx2trKDvE4 /cU9wJJplEd3RqZtjurHQXVsawE1GZ6HdOzh0xNSVimBoUJYJ+qT/JKB8vtJRmu6jNd5 UIku3RbInmQPj4LrlYhN4Zt0EmyRd1U4uYFK3iuQU0ZqbXTaAVd/wD9HUY1125ike/wn pnnu3kX44/UxP0Wzar8UGjag5IT0CAbqLl0ctDgrUBESnDiIEkHGsWXNOSRJPYvaUGcd JAu4hS/j1QagFpEy//7n5XOz6dffEmPPTfTyTGV+554Ewjv9LA++k+lfRmjr6bU6ITI7 q0zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=wRdvOfPDETJvARv+zW+J5HAlYTlZLHmPl7FzG8lv1Ps=; b=lkm9slfHWc2ajEF/dxC2k9l9qEiBFDExZ3/w4COgPdrz/A7E8LxhTPg0a3XDe+JELI 02QFeZnxQzTGLMzj0ElGnB4iLz00tVRLsY8TimbyGSav93YVmp5vKQrP9Dij9LObG0X7 4+87elvLj+dJ7WKZszbI6wbrzwtB7N+vzb64ighm4RGSnSlITH6DKepIqPPN6SvPZ0J2 gB4wnvR9kWYBnVut/CfzMpfIo3bhx7tRzJc+zqQbCxRJqDfPd+sAvPGuylf+JmsBTmVP RkPQWK5JCuNYZAIQ7Fq8zeRPvlU+mzvRr4W0Z6xbsPwfgtY/KvECF430CicObAxRjiQM lx7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=1SzaizZl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f193si10803232pgc.144.2019.06.17.02.09.10; Mon, 17 Jun 2019 02:09:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=1SzaizZl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727853AbfFQJIn (ORCPT + 99 others); Mon, 17 Jun 2019 05:08:43 -0400 Received: from merlin.infradead.org ([205.233.59.134]:58920 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725962AbfFQJIn (ORCPT ); Mon, 17 Jun 2019 05:08:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wRdvOfPDETJvARv+zW+J5HAlYTlZLHmPl7FzG8lv1Ps=; b=1SzaizZlFZrcso1vWkqcGDQl+ 3GTCltkdhp6F4a07txN0iCkbOsUS3i2IcD+SBI6D6d9SwZsu4Oycx+PvZZikN/HOdKTZel19mOF2J +peAXjqfCZilEMVgF0K7ZJwWBaqoYufu0uC0+iuDeKKct2mo+pCFPu/C1lPHumKWDgt7haPR9GIgQ TBo8KuIZVoi+uAFMs/Z1tHQ3wg+4yhY5/sfjUYVByRFDQ9XvfpYTwgHraXRrjLA1aP+Bk0x0UN4An y0z13wfIJsgXhGdYqGoUMe0nZyQTlF1QGFr2mKt6F9CN05mSKBVY3Glim/3cO/Ed3NCdpaqW/QkYQ ElKV/y6YQ==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92 #3 (Red Hat Linux)) id 1hcncs-0005vu-7b; Mon, 17 Jun 2019 09:08:30 +0000 Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id D430F2025A803; Mon, 17 Jun 2019 11:08:27 +0200 (CEST) Date: Mon, 17 Jun 2019 11:08:27 +0200 From: Peter Zijlstra To: Alison Schofield Cc: "Kirill A. Shutemov" , Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Andy Lutomirski , David Howells , Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME Message-ID: <20190617090827.GY3436@hirez.programming.kicks-ass.net> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> <20190508144422.13171-46-kirill.shutemov@linux.intel.com> <20190614115137.GF3436@hirez.programming.kicks-ass.net> <20190615003231.GA15479@alison-desk.jf.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190615003231.GA15479@alison-desk.jf.intel.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 14, 2019 at 05:32:31PM -0700, Alison Schofield wrote: > On Fri, Jun 14, 2019 at 01:51:37PM +0200, Peter Zijlstra wrote: > > On Wed, May 08, 2019 at 05:44:05PM +0300, Kirill A. Shutemov wrote: > snip > > > /* > > > - * When pkey==NO_KEY we get legacy mprotect behavior here. > > > + * do_mprotect_ext() supports the legacy mprotect behavior plus extensions > > > + * for Protection Keys and Memory Encryption Keys. These extensions are > > > + * mutually exclusive and the behavior is: Well, here it states that the extentions are mutually exclusive. > > > + * (pkey==NO_KEY && keyid==NO_KEY) ==> legacy mprotect > > > + * (pkey is valid) ==> legacy mprotect plus Protection Key extensions > > > + * (keyid is valid) ==> legacy mprotect plus Encryption Key extensions > > > */ > > > static int do_mprotect_ext(unsigned long start, size_t len, > > > - unsigned long prot, int pkey) > > > + unsigned long prot, int pkey, int keyid) > > > { > > snip > > > > > I've missed the part where pkey && keyid results in a WARN or error or > > whatever. > > > I wasn't so sure about that since do_mprotect_ext() > is the call 'behind' the system calls. > > legacy mprotect always calls with: NO_KEY, NO_KEY > pkey_mprotect always calls with: pkey, NO_KEY > encrypt_mprotect always calls with NO_KEY, keyid > > Would a check on those arguments be debug only > to future proof this? But you then don't check that, anywhere, afaict.