On Thu, Jul 07, 2016 at 05:47:28AM -0700, Dave Hansen wrote: > > From: Dave Hansen <dave.han...@linux.intel.com> > > This establishes two more system calls for protection key management: > > unsigned long pkey_get(int pkey); > int pkey_set(int pkey, unsigned long access_rights); > > The return value from pkey_get() and the 'access_rights' passed > to pkey_set() are the same format: a bitmask containing > PKEY_DENY_WRITE and/or PKEY_DENY_ACCESS, or nothing set at all. > > These can replace userspace's direct use of the new rdpkru/wrpkru > instructions. > > With current hardware, the kernel can not enforce that it has > control over a given key. But, this at least allows the kernel > to indicate to userspace that userspace does not control a given > protection key. This makes it more likely that situations like > using a pkey after sys_pkey_free() can be detected. > > The kernel does _not_ enforce that this interface must be used for > changes to PKRU, whether or not a key has been "allocated". > > This syscall interface could also theoretically be replaced with a > pair of vsyscalls. The vsyscalls would just call WRPKRU/RDPKRU > directly in situations where they are drop-in equivalents for > what the kernel would be doing. >
This one feels like something that can or should be implemented in glibc. There is no real enforcement of the values yet looking them up or setting them takes mmap_sem for write. Applications that frequently get called will get hammed into the ground with serialisation on mmap_sem not to mention the cost of the syscall entry/exit. RIght now, I'm seeing a lot of cost and not much benefit with this specific patch. -- Mel Gorman SUSE Labs
