Re: [PATCH v6 01/30] mm: Introduce kpkeys

Next message: Jakub Kicinski: "Re: [PATCH net v2 1/2] bnge: fix initial HWRM sequence"
Previous message: Tom Lendacky: "Re: [PATCH v3 5/7] KVM: SEV: Don't advertise support for unusable VM types"
In reply to: Kevin Brodsky: "Re: [PATCH v6 01/30] mm: Introduce kpkeys"
Next in thread: Kevin Brodsky: "Re: [PATCH v6 01/30] mm: Introduce kpkeys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Fri Apr 17 2026 - 10:44:35 EST

On 2/27/26 18:54, Kevin Brodsky wrote:
> kpkeys is a simple framework to enable the use of protection keys
> (pkeys) to harden the kernel itself. This patch introduces the basic
> API in <linux/kpkeys.h>: a couple of functions to set and restore
> the pkey register and macros to define guard objects.
>
> kpkeys introduces a new concept on top of pkeys: the kpkeys level.
> Each level is associated to a set of permissions for the pkeys
> managed by the kpkeys framework. kpkeys_set_level(lvl) sets those
> permissions according to lvl, and returns the original pkey
> register, to be later restored by kpkeys_restore_pkey_reg(). To
> start with, only KPKEYS_LVL_DEFAULT is available, which is meant
> to grant RW access to KPKEYS_PKEY_DEFAULT (i.e. all memory since
> this is the only available pkey for now).
>
> Because each architecture implementing pkeys uses a different
> representation for the pkey register, and may reserve certain pkeys
> for specific uses, support for kpkeys must be explicitly indicated
> by selecting ARCH_HAS_KPKEYS and defining the following functions in
> <asm/kpkeys.h>, in addition to the macros provided in
> <asm-generic/kpkeys.h>:
>
> - arch_kpkeys_set_level()
> - arch_kpkeys_restore_pkey_reg()
> - arch_kpkeys_enabled()

Another thing: why not simply drop the "arch_" stuff from these helpers?

--
Cheers,

David