Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp93734pxy;
        Tue, 4 May 2021 19:34:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwO4vTHx2aAuiQSWC/dpIziep6pYTAfRuqkheDYG0l0/VhHUA6+KeJ3GE+JBuLLF08Vw6Pv
X-Received: by 2002:aa7:c9cb:: with SMTP id i11mr29827082edt.331.1620182060311;
        Tue, 04 May 2021 19:34:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620182060; cv=none;
        d=google.com; s=arc-20160816;
        b=RfwoBw18KVR4SkE7GySFoOiw1s5wy96S3L7wb2027CdQA6agvkS55lualEvzrq459r
         RSQY+sustn7lp4Yj+dPps9+/nHCYp2K7eQpNy5DqiIHeXLNQpEGTgjglgtWWxzGE0Jqp
         4weEW5jlHx80XH4kd4UL+xpRXQI8tkMFNLsMRlWytP5bjJ9xqRIwFiPPdyMXFiLWIcor
         T+P+NiFN2HsnrKwvsAX28vLPaDrHrHX4lws5UdQEBLXbEYIzB1Z2Ics+YYoOj/JWqoqL
         7FDBLYInKIwbqnROdN9NxUJ1C1jSnTopcvJiGkrWxoIhK+ehJykj507P6VlrrX+3tToq
         yYqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:ironport-sdr:ironport-sdr;
        bh=hNeRy22vkPh/L4e3TSKgAsmC/4W0vqv5mGiFtIW5NxE=;
        b=vOpktUfbVLzTpPMMxQYylkyk8CEVJaoyVsl/NoUXsNcktXlBybrhJP3XQdlXc+jYRU
         WVjnbHAIqKH7cCNV2/mL06B2DKHFuvEUNIS4l87RSTQ+2sKPUui2PiCr/GxQkPaYgDpp
         MFKzHQUUQfWXan147G2TrzLxmEkxD+ok+ojndJxwuToT2vt4f5KIJy5Q7ua4TmJfGzY4
         7ob5RRVb5iKzG06O2QLrkpHAC6ZvnV20nK6mstiKymMBIC2aq0FuNLf6f7G7ejlNK1Ud
         jDseEOxb2y33Si/SvV5teXC57rAlvQo4dfO4KuKi9tn72KbDtC2soY0JQgQwCdnGfXz9
         Kq0A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q18si1511728edi.189.2021.05.04.19.33.54;
        Tue, 04 May 2021 19:34:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231245AbhEECEu (ORCPT <rfc822;liyi.pear@gmail.com> + 99 others);
        Tue, 4 May 2021 22:04:50 -0400
Received: from mga01.intel.com ([192.55.52.88]:30446 "EHLO mga01.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S229694AbhEECEt (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 4 May 2021 22:04:49 -0400
IronPort-SDR: CZouSr/MHCQXzfhxgjf/85Y+DKrA6ZhYFQlqTD1fR76BZt9Fgne261mL5DretI6WEFzlgiQ/wd
 P6Kf0J5P0ezA==
X-IronPort-AV: E=McAfee;i="6200,9189,9974"; a="218952840"
X-IronPort-AV: E=Sophos;i="5.82,273,1613462400"; 
   d="scan'208";a="218952840"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 May 2021 19:03:54 -0700
IronPort-SDR: qmaz3lgwLJOIwgqsyrLKcWH5vSggMksDOP+oksXCm5BbW9SHf3O50ZGo68GJ2/kJ9Eakkp/MM5
 +XVO/SvgJHAw==
X-IronPort-AV: E=Sophos;i="5.82,273,1613462400"; 
   d="scan'208";a="621741505"
Received: from iweiny-desk2.sc.intel.com (HELO localhost) ([10.3.52.147])
  by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 May 2021 19:03:53 -0700
Date:   Tue, 4 May 2021 19:03:53 -0700
From:   Ira Weiny <ira.weiny@intel.com>
To:     Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc:     dave.hansen@intel.com, luto@kernel.org, peterz@infradead.org,
        linux-mm@kvack.org, x86@kernel.org, akpm@linux-foundation.org,
        linux-hardening@vger.kernel.org,
        kernel-hardening@lists.openwall.com, rppt@kernel.org,
        dan.j.williams@intel.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH RFC 0/9] PKS write protected page tables
Message-ID: <20210505020353.GE1904484@iweiny-DESK2.sc.intel.com>
References: <20210505003032.489164-1-rick.p.edgecombe@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20210505003032.489164-1-rick.p.edgecombe@intel.com>
User-Agent: Mutt/1.11.1 (2018-12-01)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 04, 2021 at 05:30:23PM -0700, Rick Edgecombe wrote:
> 
> This is based on V6 [1] of the core PKS infrastructure patches. PKS 
> infrastructure follow-on’s are planned to enable keys to be set to the same 
> permissions globally. Since this usage needs a key to be set globally 
> read-only by default, a small temporary solution is hacked up in patch 8. Long 
> term, PKS protected page tables would use a better and more generic solution 
> to achieve this.

Before you send this out I've been thinking about this more and I think I would
prefer you not call this 'globally' setting the key.  Because you don't really
want to be able to update the key globally like I originally suggested for
kmap().  What is required is to set a different default for the key which gets
used by all threads by 'default'.

What is really missing is how to get the default changed after it may have been
used by some threads...  thus the 'global' nature...  Perhaps I am picking nits
here but I think it may go over better with Thomas and the maintainers.  Or
maybe not...  :-)

Would it be too much trouble to call this a 'default' change?  Because that is
really what you implement?

Ira