[PATCH] seccomp: Add pkru into seccomp_data
Florian Weimer
fweimer at redhat.com
Thu Oct 25 20:12:25 AEDT 2018
* Michael Sammler:
> Thank you for the pointer about the POWER implementation. I am not
> familiar with POWER in general and its protection key feature at
> all. Would the AMR register be the correct register to expose here?
Yes, according to my notes, the register is called AMR (special purpose
register 13).
> I understand your concern about exposing the number of protection keys
> in the ABI. One idea would be to state, that the pkru field (which
> should probably be renamed) contains an architecture specific value,
> which could then be the PKRU on x86 and AMR (or another register) on
> POWER. This new field should probably be extended to __u64 and the
> reserved field removed.
POWER also has proper read/write bit separation, not PKEY_DISABLE_ACCESS
(disable read and write) and PKEY_DISABLE_WRITE like Intel. It's
currently translated by the kernel, but I really need a
PKEY_DISABLE_READ bit in glibc to implement pkey_get in case the memory
is write-only.
> Another idea would be to not add a field in the seccomp_data
> structure, but instead provide a new BPF instruction, which reads the
> value of a specified protection key.
I would prefer that if it's possible. We should make sure that the bits
are the same as those returned from pkey_get. I have an implementation
on POWER, but have yet to figure out the implications for 32-bit because
I do not know the AMR register size there.
Thanks,
Florian
More information about the Linuxppc-dev
mailing list