Re: [PATCH 1/4] pkeys: add API to switch to permissive pkey register

[Dmitry Vyukov]

On Tue, 25 Feb 2025 at 22:56, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
> > >>> +#ifndef CONFIG_ARCH_HAS_PERMISSIVE_PKEY
> > >>> +
> > >>> +/*
> > >>> + * Common name for value of the register that controls access to PKEYs
> > >>> + * (called differently on different arches: PKRU, POR, AMR).
> > >>> + */
> > >>> +typedef int pkey_reg_t;
> > >> Tiny nit: Should this be an unsigned type?
> > >>
> > >> Nobody should be manipulating it, but I'd be surprised if any of the
> > >> architectures have a signed type for it.
> > > Since this is a stub type, can matching the real types do any good
> > > besides masking programming errors?
> > > I've changed it to char in v4 to surface more potential programming errors.
> >
> > I was more worried about copy-and-paste.
> >
> > I agree that 'char' is the most fragile, but it's going to fragile in
> > subtle ways and I'm not sure subtly broken code (whether it's expected
> > to be compiled in or not) is great to have in a code base.
> >
> > Do we have any types in sparse that would be appropriate? Could we mark
> > the pkey_reg_t as being in a different address space when pkeys is
> > compiled out so that sparse knows not to let it interact with other types?
>
> We could typedef it to some fake struct. Such a struct can't be passed
> to any function accepting an integer type (real pkeys), and any
> arithmetic won't work on it.

Dave, how should we proceed? Do you think this is a potential misuse
worth preventing proactively? If yes, I can send v7.