On 06/11/2016 02:47 AM, Thomas Gleixner wrote: > On Wed, 8 Jun 2016, Dave Hansen wrote: >> > Proposed semantics: >> > 1. protection key 0 is special and represents the default, >> > unassigned protection key. It is always allocated. >> > 2. mprotect() never affects a mapping's pkey_mprotect()-assigned >> > protection key. A protection key of 0 (even if set explicitly) >> > represents an unassigned protection key. >> > 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection >> > key may or may not result in a mapping with execute-only >> > properties. pkey_mprotect() plus pkey_set() on all threads >> > should be used to _guarantee_ execute-only semantics. >> > 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The >> > kernel will internally attempt to allocate and dedicate a >> > protection key for the purpose of execute-only mappings. This >> > may not be possible in cases where there are no free protection >> > keys available. > Shouldn't we just reserve a protection key for PROT_EXEC unconditionally?
Normal userspace does not do PROT_EXEC today. So, today, we'd effectively lose one of our keys by reserving it. Of the folks I've talked to who really want this feature, and *will* actually use it, one of the most common complaints is that there are too few keys. Folks who actively *want* true PROT_EXEC semantics can use the explicit pkey interfaces.
