On 03/09/2018 09:00 PM, Ram Pai wrote:
On Fri, Mar 09, 2018 at 12:04:49PM +0100, Florian Weimer wrote:
On 03/09/2018 09:12 AM, Ram Pai wrote:
Once an address range is associated with an allocated pkey, it cannot be
reverted back to key-0. There is no valid reason for the above behavior.
mprotect without a key does not necessarily use key 0, e.g. if
protection keys are used to emulate page protection flag combination
which is not directly supported by the hardware.
Therefore, it seems to me that filtering out non-allocated keys is
the right thing to do.
I am not sure, what you mean. Do you agree with the patch or otherwise?
I think it's inconsistent to make key 0 allocated, but not the key which is used for PROT_EXEC emulation, which is still reserved. Even if you change the key 0 behavior, it is still not possible to emulate mprotect behavior faithfully with an allocated key.