[RFC v5 12/38] mm: ability to disable execute permission on a key at creation
benh at kernel.crashing.org
Wed Jul 12 07:29:37 AEST 2017
On Tue, 2017-07-11 at 11:11 -0700, Dave Hansen wrote:
> On 07/05/2017 02:21 PM, Ram Pai wrote:
> > Currently sys_pkey_create() provides the ability to disable read
> > and write permission on the key, at creation. powerpc has the
> > hardware support to disable execute on a pkey as well.This patch
> > enhances the interface to let disable execute at key creation
> > time. x86 does not allow this. Hence the next patch will add
> > ability in x86 to return error if PKEY_DISABLE_EXECUTE is
> > specified.
That leads to the question... How do you tell userspace.
(apologies if I missed that in an existing patch in the series)
How do we inform userspace of the key capabilities ? There are at least
two things userspace may want to know already:
- What protection bits are supported for a key
- How many keys exist
- Which keys are available for use by userspace. On PowerPC, the
kernel can reserve some keys for itself, so can the hypervisor. In
fact, they do.
More information about the Linuxppc-dev