[RFC] aarch64: Add support for memory protection keys
Florian Weimer
fweimer@redhat.com
Wed Jun 12 15:04:57 GMT 2024
* yury khrustalev:
> + /* Only the following mapping between POR permission bits (4 bits)
> + and PKEY flags is guaranteed:
> +
> + -WXR
> + 0010 => PKEY_DISABLE_ACCESS (execute only)
> + 0011 => PKEY_DISABLE_WRITE (read-execute)
> + 0111 => 0 (no restrictions, read-write-execute)
> + otherwise => undefined behavior
> +
> + Note that pkey_set and pkey_alloc would only set these specific
> + values. */
> +
> + if (perm == S1POE_PERM_X)
> + return PKEY_DISABLE_ACCESS;
> + if (perm == S1POE_PERM_RX)
> + return PKEY_DISABLE_WRITE;
> + if (perm == S1POE_PERM_RWX)
> + return 0; // no restrictions
> + return PKEY_DISABLE_ACCESS; // undefined behavior
POWER has the same translation issue. I suggest to get additional
constants defined by the kernel, whether it's PKEY_DISABLE_READ and
PKEY_DISABLE_EXEC or the full set of PKEY_ENABLE_* constant may not
matter.
PKEY_DISABLE_ACCESS really should have been PKEY_DISABLE_READ |
PKEY_DISABLE_WRITE, but unfortunately that's not how the x86 hardware
works.
There are also some concerns that pkey_set/pkey_get are impractical as
an interface because of the function call overhead, but that's a
separate matter.
> + /* Check that unallocated pkey is not accepted by the
> + pkey_mprotect function. */
> + {
> + int pkey = -1;
> + pkey = pkey_alloc (0, PKEY_DISABLE_WRITE);
> + pkey_free (pkey);
> + int *page = xmmap (NULL, pagesize, PROT_NONE,
> + MAP_ANONYMOUS | MAP_PRIVATE, -1);
> + TEST_COMPARE (pkey_mprotect (page, pagesize, PROT_READ, pkey), -1);
> + TEST_COMPARE (errno, EINVAL);
> + xmunmap (page, pagesize);
> + }
Is this really something that the kernel API checks?
When you tested this on x86_64-linux-gnu, did you run it on a machine
with protection key hardware/kernel support?
Thanks,
Florian
More information about the Libc-alpha
mailing list