On 11/22/2017 01:46 PM, Vlastimil Babka wrote:

On 11/22/2017 01:15 PM, Florian Weimer wrote:

quoted

On 11/22/2017 09:18 AM, Vlastimil Babka wrote:

quoted

And, was the pkey == -1 internal wiring supposed to be exposed to the
pkey_mprotect() signal, or should there have been a pre-check returning
EINVAL in SYSCALL_DEFINE4(pkey_mprotect), before calling
do_mprotect_pkey())? I assume it's too late to change it now anyway (or
not?), so should we also document it?

I think the -1 case to the set the default key is useful because it
allows you to use a key value of -1 to mean “MPK is not supported”, and
still call pkey_mprotect.

Hmm the current manpage says then when MPK is not supported, pkey has to
be specified 0. Which is a value that doesn't work when MPK *is*
supported. So -1 is more universal indeed.

-1 also chosen a different key if key 0 does not support the requested 
protection flags.

quoted

I plan to document this behavior on the glibc side, and glibc will call
mprotect (not pkey_mprotect) for key -1, so that you won't get ENOSYS
with kernels which do not support pkey_mprotect.

Fair enough. What will you do about pkey_alloc() in that case, emulate
ENOSPC? Oh, the manpage already suggests so. And the return value in
that case is... -1. Makes sense :)

The manual page is incorrect, the kernel actually returns EINVAL. 
Applications should check for EINVAL (and also ENOSYS) and activate 
fallback code.  Using -1 directly would be a bit reckless IMHO.

Thanks
Florian