On 12/15/2017 05:10 PM, Linus Torvalds wrote: > Because *if* we want to check protection keys, I think we should do > that at the vma layer, partly exactly because the exact implementation > of protection keys is so architecture-specific, and partly because I > don't think it makes sense to check them for every page anyway.
So, there are VMA checks against protection keys. The problem _here_ is that we are checking against the VMA (and correctly skipping the PKRU checks) and then _mistakenly_ applying the PTE checks against PKRU. I think the reason we needed VMA and PTE checks was the get_user_pages_fast() path not having a VMA. I need to go re-read the commits, though.
