Re: [RFC PATCH 7/7 v1]powerpc: Deliver SEGV signal on protection key violation.
From: Ram Pai
Date: Thu Jun 22 2017 - 17:42:05 EST
On Sat, Jun 17, 2017 at 08:54:44AM +1000, Benjamin Herrenschmidt wrote:
> On Fri, 2017-06-16 at 12:15 -0700, Ram Pai wrote:
> > gp_regs size is not changed, nor is the layout. A unused field in
> > the gp_regs is used to fill in the AMR contents. Old binaries will not
> > be knowing about this unused field, and hence should not break.
> >
> > New binaries can leverage this already existing but newly defined
> > field; to read the contents of AMR.
> >
> > Is it still a concern?
>
> Calls to sys_swapcontext with a made-up context will end up with a crap
> AMR if done by code who didn't know about that register.
Turns out x86 does not have this problem, because x86 does not implement
sys_swapcontext. However; unlike x86, powerpc lets signal handler
program the AMR(x86 PKRU equivalent), which can persist even after the
signal handler returns to the kernel through sys_sigreturn.
So I am inclined to deviate from the x86 protection-key semantics.
On x86 the persistent way for the signal handler
to change the key register(PKRU) is through a field in the siginfo structure.
And on powerpc the persistent way for the signal handler to change the
key register(AMR) will be to directly program the AMR register.
This should resolve your concern on powerpc, since there is no way
a crap AMR value will change the real AMR register, because the powerpc
kernel will not be letting it happen. Acceptable?
RP