From: Andy Lutomirski <luto@kernel.org>
To: linuxram@us.ibm.com
Cc: Andrew Lutomirski <luto@kernel.org>,
Florian Weimer <fweimer@redhat.com>,
Dave Hansen <dave.hansen@intel.com>,
Linux-MM <linux-mm@kvack.org>,
Linux API <linux-api@vger.kernel.org>,
linux-x86_64@vger.kernel.org,
linux-arch <linux-arch@vger.kernel.org>, X86 ML <x86@kernel.org>,
".linuxppc-dev"@lists.ozlabs.org
Subject: Re: [PATCH] pkeys: Introduce PKEY_ALLOC_SIGNALINHERIT and change signal semantics
Date: Thu, 03 May 2018 04:05:08 +0000 [thread overview]
Message-ID: <CALCETrXRQF08exQVZqtTLOKbC8Ywq5x4EYH_1D7r5v9bdOSwbg@mail.gmail.com> (raw)
In-Reply-To: <20180503021058.GA5670@ram.oc3035372033.ibm.com>
On Wed, May 2, 2018 at 7:11 PM Ram Pai <linuxram@us.ibm.com> wrote:
> On Wed, May 02, 2018 at 09:23:49PM +0000, Andy Lutomirski wrote:
> >
> > > If I recall correctly, the POWER maintainer did express a strong
desire
> > > back then for (what is, I believe) their current semantics, which my
> > > PKEY_ALLOC_SIGNALINHERIT patch implements for x86, too.
> >
> > Ram, I really really don't like the POWER semantics. Can you give some
> > justification for them? Does POWER at least have an atomic way for
> > userspace to modify just the key it wants to modify or, even better,
> > special load and store instructions to use alternate keys?
> I wouldn't call it POWER semantics. The way I implemented it on power
> lead to the semantics, given that nothing was explicitly stated
> about how the semantics should work within a signal handler.
I think that this is further evidence that we should introduce a new
pkey_alloc() mode and deprecate the old. To the extent possible, this
thing should work the same way on x86 and POWER.
I think that we, as kernel API designers enabling fancy hardware features,
need to think about them with some care. Our goal isn't just to expose the
hardware feature to userspace and let userspace run wild with it -- our
goal is to figure out what the use cases are and make the API useful for
those use cases without introducing more footguns that necessary. For
pkey, this means realizing that user code consists of various loosely
coupled components and that the purpose of pkeys is to allow some userspace
component to prevent other components from *accidentally* clobbering or
leaking data due to bugs. And I think that the current APIs don't really
achieve this.
next prev parent reply other threads:[~2018-05-03 4:05 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-02 13:26 Florian Weimer
2018-05-02 14:30 ` Dave Hansen
2018-05-02 15:12 ` Florian Weimer
2018-05-02 15:28 ` Dave Hansen
2018-05-02 21:08 ` Florian Weimer
2018-05-02 22:03 ` Dave Hansen
2018-05-07 9:47 ` Florian Weimer
2018-05-02 17:09 ` Andy Lutomirski
2018-05-02 17:17 ` Florian Weimer
2018-05-02 20:41 ` Andy Lutomirski
2018-05-02 21:06 ` Florian Weimer
2018-05-02 21:23 ` Andy Lutomirski
2018-05-02 22:08 ` Dave Hansen
2018-05-02 22:22 ` Andy Lutomirski
2018-05-02 22:32 ` Dave Hansen
2018-05-02 23:32 ` Andy Lutomirski
2018-05-02 23:58 ` Dave Hansen
2018-05-03 1:14 ` Andy Lutomirski
2018-05-03 14:42 ` Dave Hansen
2018-05-03 14:42 ` Florian Weimer
2018-05-03 2:10 ` Ram Pai
2018-05-03 4:05 ` Andy Lutomirski [this message]
2018-05-07 9:48 ` Florian Weimer
2018-05-08 2:49 ` Andy Lutomirski
2018-05-08 12:40 ` Florian Weimer
2018-05-09 14:41 ` Andy Lutomirski
2018-05-14 12:01 ` Florian Weimer
2018-05-14 15:32 ` Andy Lutomirski
2018-05-14 15:34 ` Florian Weimer
2018-05-16 17:01 ` Dave Hansen
2018-05-16 20:52 ` Ram Pai
2018-05-16 20:54 ` Andy Lutomirski
2018-05-16 20:35 ` Ram Pai
2018-05-16 20:37 ` Andy Lutomirski
2018-05-16 21:07 ` Ram Pai
2018-05-17 10:09 ` Florian Weimer
2018-05-17 10:11 ` Florian Weimer
2018-05-03 14:37 ` Florian Weimer
2018-05-02 21:12 ` Ram Pai
2018-05-02 21:18 ` Andy Lutomirski
2018-05-02 23:38 ` Ram Pai
2018-05-07 9:47 ` Florian Weimer
2018-05-07 9:43 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrXRQF08exQVZqtTLOKbC8Ywq5x4EYH_1D7r5v9bdOSwbg@mail.gmail.com \
--to=luto@kernel.org \
--cc=".linuxppc-dev"@lists.ozlabs.org \
--cc=dave.hansen@intel.com \
--cc=fweimer@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-x86_64@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox