Re: [RFC v6 19/62] powerpc: ability to create execute-disabled pkeys

[RFC v6 00/62] powerpc: Memory Protection Keys · Ram Pai <hidden> · 2017-07-16
[RFC v6 02/62] powerpc: Free up four 64K PTE bits in 64K backed HPTE pages · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 02/62] powerpc: Free up four 64K PTE bits in 64K backed HPTE pages · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 04/62] powerpc: introduce pte_get_hash_gslot() helper · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 04/62] powerpc: introduce pte_get_hash_gslot() helper · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 06/62] powerpc: use helper functions in __hash_page_64K() for 64K PTE · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 06/62] powerpc: use helper functions in __hash_page_64K() for 64K PTE · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 10/62] powerpc: use helper functions in flush_hash_page() · Ram Pai <hidden> · 2017-07-16
[RFC v6 11/62] powerpc: initial pkey plumbing · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 11/62] powerpc: initial pkey plumbing · Aneesh Kumar K.V <hidden> · 2017-07-20
Re: [RFC v6 11/62] powerpc: initial pkey plumbing · Ram Pai <hidden> · 2017-07-20
[RFC v6 13/62] powerpc: track allocation status of all pkeys · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 13/62] powerpc: track allocation status of all pkeys · Thiago Jung Bauermann <hidden> · 2017-07-27
Re: [RFC v6 13/62] powerpc: track allocation status of all pkeys · Ram Pai <hidden> · 2017-07-29
Re: [RFC v6 13/62] powerpc: track allocation status of all pkeys · Thiago Jung Bauermann <hidden> · 2017-07-31
[RFC v6 15/62] powerpc: helper functions to initialize AMR, IAMR and UMOR registers · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 15/62] powerpc: helper functions to initialize AMR, IAMR and UMOR registers · Thiago Jung Bauermann <hidden> · 2017-07-27
Re: [RFC v6 15/62] powerpc: helper functions to initialize AMR, IAMR and UMOR registers · Ram Pai <hidden> · 2017-07-30
[RFC v6 17/62] powerpc: implementation for arch_set_user_pkey_access() · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 17/62] powerpc: implementation for arch_set_user_pkey_access() · Thiago Jung Bauermann <hidden> · 2017-07-27
Re: [RFC v6 17/62] powerpc: implementation for arch_set_user_pkey_access() · Ram Pai <hidden> · 2017-07-29
[RFC v6 19/62] powerpc: ability to create execute-disabled pkeys · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 19/62] powerpc: ability to create execute-disabled pkeys · Thiago Jung Bauermann <hidden> · 2017-07-27
Re: [RFC v6 19/62] powerpc: ability to create execute-disabled pkeys · Thiago Jung Bauermann <hidden> · 2017-07-27
Re: [RFC v6 19/62] powerpc: ability to create execute-disabled pkeys · Ram Pai <hidden> · 2017-07-29
Re: [RFC v6 19/62] powerpc: ability to create execute-disabled pkeys · Michael Ellerman <mpe@ellerman.id.au> · 2017-07-31
[RFC v6 22/62] powerpc: ability to associate pkey to a vma · Ram Pai <hidden> · 2017-07-16
[RFC v6 23/62] powerpc: implementation for arch_override_mprotect_pkey() · Ram Pai <hidden> · 2017-07-16
[RFC v6 26/62] powerpc: Program HPTE key protection bits · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 26/62] powerpc: Program HPTE key protection bits · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 29/62] powerpc: Macro the mask used for checking DSI exception · Ram Pai <hidden> · 2017-07-16
[RFC v6 31/62] powerpc: Handle exceptions caused by pkey violation · Ram Pai <hidden> · 2017-07-16
[RFC v6 33/62] powerpc: introduce get_pte_pkey() helper · Ram Pai <hidden> · 2017-07-16
[RFC v6 37/62] x86: implementation for arch_pkeys_enabled() · Ram Pai <hidden> · 2017-07-16
[RFC v6 36/62] mm: introduce arch_pkeys_enabled() · Ram Pai <hidden> · 2017-07-16
[RFC v6 35/62] powerpc: Deliver SEGV signal on pkey violation · Ram Pai <hidden> · 2017-07-16
[RFC v6 41/62] selftest/x86: Move protecton key selftest to arch neutral directory · Ram Pai <hidden> · 2017-07-16
[RFC v6 42/62] selftest/vm: rename all references to pkru to a generic name · Ram Pai <hidden> · 2017-07-16
[RFC v6 43/62] selftest/vm: move generic definitions to header file · Ram Pai <hidden> · 2017-07-16
[RFC v6 46/62] selftest/vm: fix the wrong assert in pkey_disable_set() · Ram Pai <hidden> · 2017-07-16
[RFC v6 47/62] selftest/vm: fixed bugs in pkey_disable_clear() · Ram Pai <hidden> · 2017-07-16
[RFC v6 49/62] selftest/vm: fix alloc_random_pkey() to make it really random · Ram Pai <hidden> · 2017-07-16
[RFC v6 51/62] selftest/vm: pkey register should match shadow pkey · Ram Pai <hidden> · 2017-07-16
[RFC v6 54/62] selftest/vm: fix an assertion in test_pkey_alloc_exhaust() · Ram Pai <hidden> · 2017-07-16
[RFC v6 53/62] selftest/vm: powerpc implementation for generic abstraction · Ram Pai <hidden> · 2017-07-16
[RFC v6 56/62] selftest/vm: detect no key violation on a freed key · Ram Pai <hidden> · 2017-07-16
[RFC v6 59/62] selftest/vm: detect write violation on a mapped access-denied-key page · Ram Pai <hidden> · 2017-07-16
[RFC v6 61/62] Documentation/x86: Move protecton key documentation to arch neutral directory · Ram Pai <hidden> · 2017-07-16
[RFC v6 62/62] Documentation/vm: PowerPC specific updates to memory protection keys · Ram Pai <hidden> · 2017-07-16
[RFC v6 60/62] selftest/vm: sub-page allocator · Ram Pai <hidden> · 2017-07-16
[RFC v6 58/62] selftest/vm: detect no write key-violation on a freed key · Ram Pai <hidden> · 2017-07-16
[RFC v6 57/62] selftest/vm: associate key on a mapped page and detect write violation · Ram Pai <hidden> · 2017-07-16
[RFC v6 55/62] selftest/vm: associate key on a mapped page and detect access violation · Ram Pai <hidden> · 2017-07-16
[RFC v6 52/62] selftest/vm: generic cleanup · Ram Pai <hidden> · 2017-07-16
[RFC v6 50/62] selftest/vm: introduce two arch independent abstraction · Ram Pai <hidden> · 2017-07-16
[RFC v6 48/62] selftest/vm: clear the bits in shadow reg when a pkey is freed. · Ram Pai <hidden> · 2017-07-16
[RFC v6 45/62] selftest/vm: generics function to handle shadow key register · Ram Pai <hidden> · 2017-07-16
[RFC v6 44/62] selftest/vm: typecast the pkey register · Ram Pai <hidden> · 2017-07-16
[RFC v6 40/62] x86: delete arch_show_smap() · Ram Pai <hidden> · 2017-07-16
[RFC v6 39/62] mm: display pkey in smaps if arch_pkeys_enabled() is true · Ram Pai <hidden> · 2017-07-16
[RFC v6 38/62] powerpc: implementation for arch_pkeys_enabled() · Ram Pai <hidden> · 2017-07-16
[RFC v6 34/62] powerpc: capture the violated protection key on fault · Ram Pai <hidden> · 2017-07-16
[RFC v6 32/62] powerpc: capture AMR register content on pkey violation · Ram Pai <hidden> · 2017-07-16
[RFC v6 30/62] powerpc: implementation for arch_vma_access_permitted() · Ram Pai <hidden> · 2017-07-16
[RFC v6 28/62] powerpc: check key protection for user page access · Ram Pai <hidden> · 2017-07-16
[RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Aneesh Kumar K.V <hidden> · 2017-07-20
Re: [RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Ram Pai <hidden> · 2017-07-20
Re: [RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Aneesh Kumar K.V <hidden> · 2017-07-21
Re: [RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Ram Pai <hidden> · 2017-07-21
Re: [RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Thiago Jung Bauermann <hidden> · 2017-07-28
Re: [RFC v6 27/62] powerpc: helper to validate key-access permissions of a pte · Ram Pai <hidden> · 2017-07-30
[RFC v6 25/62] powerpc: sys_pkey_mprotect() system call · Ram Pai <hidden> · 2017-07-16
[RFC v6 24/62] powerpc: map vma key-protection bits to pte key bits. · Ram Pai <hidden> · 2017-07-16
[RFC v6 21/62] powerpc: introduce execute-only pkey · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 21/62] powerpc: introduce execute-only pkey · Thiago Jung Bauermann <hidden> · 2017-07-28
Re: [RFC v6 21/62] powerpc: introduce execute-only pkey · Ram Pai <hidden> · 2017-07-30
Re: [RFC v6 21/62] powerpc: introduce execute-only pkey · Thiago Jung Bauermann <hidden> · 2017-07-31
Re: [RFC v6 21/62] powerpc: introduce execute-only pkey · Michael Ellerman <mpe@ellerman.id.au> · 2017-08-01
Re: [RFC v6 21/62] powerpc: introduce execute-only pkey · Thiago Jung Bauermann <hidden> · 2017-08-01
Re: [RFC v6 21/62] powerpc: introduce execute-only pkey · Michael Ellerman <mpe@ellerman.id.au> · 2017-08-02
[RFC v6 20/62] powerpc: store and restore the pkey state across context switches · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 20/62] powerpc: store and restore the pkey state across context switches · Thiago Jung Bauermann <hidden> · 2017-07-27
Re: [RFC v6 20/62] powerpc: store and restore the pkey state across context switches · Ram Pai <hidden> · 2017-07-29
Re: [RFC v6 20/62] powerpc: store and restore the pkey state across context switches · Michael Ellerman <mpe@ellerman.id.au> · 2017-07-31
[RFC v6 18/62] powerpc: sys_pkey_alloc() and sys_pkey_free() system calls · Ram Pai <hidden> · 2017-07-16
[RFC v6 16/62] powerpc: cleaup AMR,iAMR when a key is allocated or freed · Ram Pai <hidden> · 2017-07-16
[RFC v6 14/62] powerpc: helper function to read,write AMR,IAMR,UAMOR registers · Ram Pai <hidden> · 2017-07-16
[RFC v6 12/62] mm: introduce an additional vma bit for powerpc pkey · Ram Pai <hidden> · 2017-07-16
[RFC v6 09/62] powerpc: use helper functions in __hash_page_4K() for 4K PTE · Ram Pai <hidden> · 2017-07-16
[RFC v6 07/62] powerpc: use helper functions in __hash_page_huge() for 64K PTE · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 07/62] powerpc: use helper functions in __hash_page_huge() for 64K PTE · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 08/62] powerpc: use helper functions in __hash_page_4K() for 64K PTE · Ram Pai <hidden> · 2017-07-16
[RFC v6 05/62] powerpc: capture the PTE format changes in the dump pte report · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 05/62] powerpc: capture the PTE format changes in the dump pte report · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 03/62] powerpc: introduce pte_set_hash_slot() helper · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 03/62] powerpc: introduce pte_set_hash_slot() helper · Aneesh Kumar K.V <hidden> · 2017-07-20
[RFC v6 01/62] powerpc: Free up four 64K PTE bits in 4K backed HPTE pages · Ram Pai <hidden> · 2017-07-16
Re: [RFC v6 01/62] powerpc: Free up four 64K PTE bits in 4K backed HPTE pages · Aneesh Kumar K.V <hidden> · 2017-07-20
Re: [RFC v6 01/62] powerpc: Free up four 64K PTE bits in 4K backed HPTE pages · Ram Pai <hidden> · 2017-07-20

From: Thiago Jung Bauermann <hidden>
Date: 2017-07-27 14:54:51
Also in: linux-mm, linuxppc-dev, lkml
Subsystem: generic include/asm header files, linux for powerpc (32-bit and 64-bit), memory mapping - madvise (memory advice), the rest · Maintainers: Arnd Bergmann, Madhavan Srinivasan, Michael Ellerman, Andrew Morton, Liam R. Howlett, Lorenzo Stoakes, David Hildenbrand, Linus Torvalds

Ram Pai [off-list ref] writes:

quoted hunk ↗ jump to hunk

--- a/arch/powerpc/include/asm/pkeys.h
+++ b/arch/powerpc/include/asm/pkeys.h

@@ -2,6 +2,18 @@
 #define _ASM_PPC64_PKEYS_H

 extern bool pkey_inited;
+/* override any generic PKEY Permission defines */
+#undef  PKEY_DISABLE_ACCESS
+#define PKEY_DISABLE_ACCESS    0x1
+#undef  PKEY_DISABLE_WRITE
+#define PKEY_DISABLE_WRITE     0x2
+#undef  PKEY_DISABLE_EXECUTE
+#define PKEY_DISABLE_EXECUTE   0x4
+#undef  PKEY_ACCESS_MASK
+#define PKEY_ACCESS_MASK       (PKEY_DISABLE_ACCESS |\
+				PKEY_DISABLE_WRITE  |\
+				PKEY_DISABLE_EXECUTE)
+

Is it ok to #undef macros from another header? Especially since said
header is in uapi (include/uapi/asm-generic/mman-common.h).

Also, it's unnecessary to undef the _ACCESS and _WRITE macros since they
are identical to the original definition. And since these macros are
originally defined in an uapi header, the powerpc-specific ones should
be in an uapi header as well, if I understand it correctly.

An alternative solution is to define only PKEY_DISABLE_EXECUTE in
arch/powerpc/include/uapi/asm/mman.h and then test for its existence to
properly define PKEY_ACCESS_MASK in
include/uapi/asm-generic/mman-common.h. What do you think of the code
below?

diff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h
index e31f5ee8e81f..67e6a3a343ae 100644
--- a/arch/powerpc/include/asm/pkeys.h
+++ b/arch/powerpc/include/asm/pkeys.h

@@ -4,17 +4,6 @@
 #include <asm/firmware.h>
 
 extern bool pkey_inited;
-/* override any generic PKEY Permission defines */
-#undef  PKEY_DISABLE_ACCESS
-#define PKEY_DISABLE_ACCESS    0x1
-#undef  PKEY_DISABLE_WRITE
-#define PKEY_DISABLE_WRITE     0x2
-#undef  PKEY_DISABLE_EXECUTE
-#define PKEY_DISABLE_EXECUTE   0x4
-#undef  PKEY_ACCESS_MASK
-#define PKEY_ACCESS_MASK       (PKEY_DISABLE_ACCESS |\
-				PKEY_DISABLE_WRITE  |\
-				PKEY_DISABLE_EXECUTE)
 
 #define ARCH_VM_PKEY_FLAGS (VM_PKEY_BIT0 | VM_PKEY_BIT1 | VM_PKEY_BIT2 | \
 				VM_PKEY_BIT3 | VM_PKEY_BIT4)

diff --git a/arch/powerpc/include/uapi/asm/mman.h b/arch/powerpc/include/uapi/asm/mman.h
index ab45cc2f3101..dee43feb7c53 100644
--- a/arch/powerpc/include/uapi/asm/mman.h
+++ b/arch/powerpc/include/uapi/asm/mman.h

@@ -45,4 +45,6 @@
 #define MAP_HUGE_1GB	(30 << MAP_HUGE_SHIFT)	/* 1GB   HugeTLB Page */
 #define MAP_HUGE_16GB	(34 << MAP_HUGE_SHIFT)	/* 16GB  HugeTLB Page */
 
+#define PKEY_DISABLE_EXECUTE   0x4
+
 #endif /* _UAPI_ASM_POWERPC_MMAN_H */

diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c
index 72eb9a1bde79..777f8f8dff47 100644
--- a/arch/powerpc/mm/pkeys.c
+++ b/arch/powerpc/mm/pkeys.c

@@ -12,7 +12,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  * more details.
  */
-#include <uapi/asm-generic/mman-common.h>
+#include <asm/mman.h>
 #include <linux/pkeys.h>                /* PKEY_*                       */
 
 bool pkey_inited;

diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h
index 8c27db0c5c08..93e3841d9ada 100644
--- a/include/uapi/asm-generic/mman-common.h
+++ b/include/uapi/asm-generic/mman-common.h

@@ -74,7 +74,15 @@
 
 #define PKEY_DISABLE_ACCESS	0x1
 #define PKEY_DISABLE_WRITE	0x2
+
+/* The arch-specific code may define PKEY_DISABLE_EXECUTE */
+#ifdef PKEY_DISABLE_EXECUTE
+#define PKEY_ACCESS_MASK       (PKEY_DISABLE_ACCESS |	\
+				PKEY_DISABLE_WRITE  |	\
+				PKEY_DISABLE_EXECUTE)
+#else
 #define PKEY_ACCESS_MASK	(PKEY_DISABLE_ACCESS |\
 				 PKEY_DISABLE_WRITE)
+#endif
 
 #endif /* __ASM_GENERIC_MMAN_COMMON_H */

quoted hunk ↗ jump to hunk

diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c
index 98d0391..b9ad98d 100644
--- a/arch/powerpc/mm/pkeys.c
+++ b/arch/powerpc/mm/pkeys.c

@@ -73,6 +73,7 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
 		unsigned long init_val)
 {
 	u64 new_amr_bits = 0x0ul;
+	u64 new_iamr_bits = 0x0ul;

 	if (!is_pkey_enabled(pkey))
 		return -1;

@@ -85,5 +86,14 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey,

 	init_amr(pkey, new_amr_bits);

+	/*
+	 * By default execute is disabled.
+	 * To enable execute, PKEY_ENABLE_EXECUTE
+	 * needs to be specified.
+	 */
+	if ((init_val & PKEY_DISABLE_EXECUTE))
+		new_iamr_bits |= IAMR_EX_BIT;
+
+	init_iamr(pkey, new_iamr_bits);
 	return 0;
 }

The comment seems to be from an earlier version which has the logic
inverted, and there is no PKEY_ENABLE_EXECUTE. Should the comment be
updated to the following?

    By default execute is enabled.
    To disable execute, PKEY_DISABLE_EXECUTE needs to be specified.

-- 
Thiago Jung Bauermann
IBM Linux Technology Center

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help