Re: [PATCH 2/9] mm: implement new pkey_mprotect() system call
From: Dave Hansen <hidden>
Date: 2016-06-13 16:03:40
Also in:
linux-arch, linux-mm, lkml
On 06/11/2016 02:47 AM, Thomas Gleixner wrote:
On Wed, 8 Jun 2016, Dave Hansen wrote:quoted
quoted
Proposed semantics: 1. protection key 0 is special and represents the default, unassigned protection key. It is always allocated. 2. mprotect() never affects a mapping's pkey_mprotect()-assigned protection key. A protection key of 0 (even if set explicitly) represents an unassigned protection key. 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection key may or may not result in a mapping with execute-only properties. pkey_mprotect() plus pkey_set() on all threads should be used to _guarantee_ execute-only semantics. 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The kernel will internally attempt to allocate and dedicate a protection key for the purpose of execute-only mappings. This may not be possible in cases where there are no free protection keys available.Shouldn't we just reserve a protection key for PROT_EXEC unconditionally?
Normal userspace does not do PROT_EXEC today. So, today, we'd effectively lose one of our keys by reserving it. Of the folks I've talked to who really want this feature, and *will* actually use it, one of the most common complaints is that there are too few keys. Folks who actively *want* true PROT_EXEC semantics can use the explicit pkey interfaces.