Re: [PATCH] x86, powerpc : pkey-mprotect must allow pkey-0

From: Florian Weimer
Date: Wed Mar 14 2018 - 04:05:41 EST


On 03/14/2018 09:00 AM, Florian Weimer wrote:
On 03/09/2018 09:00 PM, Ram Pai wrote:
On Fri, Mar 09, 2018 at 12:04:49PM +0100, Florian Weimer wrote:
On 03/09/2018 09:12 AM, Ram Pai wrote:
Once an address range is associated with an allocated pkey, it cannot be
reverted back to key-0. There is no valid reason for the above behavior.

mprotect without a key does not necessarily use key 0, e.g. if
protection keys are used to emulate page protection flag combination
which is not directly supported by the hardware.

Therefore, it seems to me that filtering out non-allocated keys is
the right thing to do.

I am not sure, what you mean. Do you agree with the patch or otherwise?

I think it's inconsistent to make key 0 allocated, but not the key which is used for PROT_EXEC emulation, which is still reserved. Even if you change the key 0 behavior, it is still not possible to emulate mprotect behavior faithfully with an allocated key.

Ugh. Should have read the code first before replying:

/* Do we need to assign a pkey for mm's execute-only maps? */
if (execute_only_pkey == -1) {
/* Go allocate one to use, which might fail */
execute_only_pkey = mm_pkey_alloc(mm);
if (execute_only_pkey < 0)
return -1;
need_to_set_mm_pkey = true;
}

So we do allocate the PROT_EXEC-only key, and I assume it means that the key can be restored using pkey_mprotect. So the key 0 behavior is a true exception after all, and it makes sense to realign the behavior with the other keys.

Thanks,
Florian