2016-09-13 19:44:38 +00:00
|
|
|
.\" Copyright (C) 2016 Intel Corporation
|
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
iconv.1, locale.1, memusage.1, memusagestat.1, pldd.1, sprof.1, _syscall.2, add_key.2, adjtimex.2, bind.2, bpf.2, chown.2, clone.2, close.2, copy_file_range.2, eventfd.2, fanotify_init.2, fanotify_mark.2, fork.2, fsync.2, futex.2, getdents.2, getrlimit.2, getxattr.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, ioctl_fat.2, ioctl_getfsmap.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, kcmp.2, keyctl.2, listen.2, listxattr.2, mbind.2, membarrier.2, memfd_create.2, mkdir.2, move_pages.2, mremap.2, msync.2, nfsservctl.2, open.2, perf_event_open.2, pidfd_send_signal.2, pipe.2, pivot_root.2, pkey_alloc.2, process_vm_readv.2, ptrace.2, readlink.2, readv.2, recv.2, recvmmsg.2, rename.2, request_key.2, s390_runtime_instr.2, sched_setaffinity.2, seccomp.2, send.2, sendmmsg.2, sigaltstack.2, signalfd.2, socket.2, socketpair.2, splice.2, spu_create.2, spu_run.2, statfs.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_getoverrun.2, timer_settime.2, umount.2, userfaultfd.2, utimensat.2, wait4.2, INFINITY.3, __ppc_get_timebase.3, __setfpucw.3, abort.3, aio_cancel.3, aio_error.3, aio_read.3, aio_return.3, atexit.3, backtrace.3, basename.3, bsearch.3, bswap.3, cacos.3, cacosh.3, catan.3, catanh.3, cexp2.3, clock_getcpuclockid.3, clog2.3, cmsg.3, confstr.3, div.3, dl_iterate_phdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, duplocale.3, encrypt.3, end.3, endian.3, envz_add.3, err.3, expm1.3, fdim.3, flockfile.3, fmtmsg.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo_a.3, getauxval.3, getdate.3, getdtablesize.3, getgrent_r.3, getgrouplist.3, gethostbyname.3, getline.3, getnameinfo.3, getopt.3, getprotoent_r.3, getpwent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, getutent.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, insque.3, killpg.3, makecontext.3, mallinfo.3, malloc.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbsnrtowcs.3, mbstowcs.3, mcheck.3, mempcpy.3, mq_getattr.3, mq_notify.3, mtrace.3, newlocale.3, nextafter.3, ntp_gettime.3, offsetof.3, open_memstream.3, pow.3, printf.3, pthread_attr_init.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setstack.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_detach.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_mutex_consistent.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_spin_init.3, pthread_testcancel.3, pthread_tryjoin_np.3, ptsname.3, qsort.3, rand.3, random.3, remainder.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, sem_getvalue.3, sem_wait.3, setaliasent.3, setlogmask.3, sigwait.3, sincos.3, sockatmark.3, stdarg.3, stpcpy.3, strcat.3, strfmon.3, strptime.3, strtod.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, tsearch.3, uselocale.3, wcstok.3, wcstombs.3, wordexp.3, y0.3, loop.4, vcs.4, veth.4, charmap.5, core.5, filesystems.5, gai.conf.5, hosts.5, hosts.equiv.5, locale.5, nss.5, repertoiremap.5, securetty.5, shells.5, ttytype.5, ascii.7, complex.7, cpuset.7, credentials.7, fanotify.7, hier.7, inotify.7, ip.7, mount_namespaces.7, mq_overview.7, netlink.7, network_namespaces.7, pid_namespaces.7, pkeys.7, rtld-audit.7, rtnetlink.7, sem_overview.7, signal-safety.7, sock_diag.7, spufs.7, standards.7, symlink.7, tcp.7, time_namespaces.7, unix.7, user_namespaces.7, xattr.7, ldconfig.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-09 12:43:54 +00:00
|
|
|
.TH PKEYS 7 2020-06-09 "Linux" "Linux Programmer's Manual"
|
2016-09-13 19:44:38 +00:00
|
|
|
.SH NAME
|
|
|
|
pkeys \- overview of Memory Protection Keys
|
|
|
|
.SH DESCRIPTION
|
|
|
|
Memory Protection Keys (pkeys) are an extension to existing
|
|
|
|
page-based memory permissions.
|
|
|
|
Normal page permissions using
|
|
|
|
page tables require expensive system calls and TLB invalidations
|
|
|
|
when changing permissions.
|
|
|
|
Memory Protection Keys provide a mechanism for changing
|
|
|
|
protections without requiring modification of the page tables on
|
|
|
|
every permission change.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
To use pkeys, software must first "tag" a page in the page tables
|
2016-09-13 19:44:38 +00:00
|
|
|
with a pkey.
|
|
|
|
After this tag is in place, an application only has
|
|
|
|
to change the contents of a register in order to remove write
|
|
|
|
access, or all access to a tagged page.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
Protection keys work in conjunction with the existing
|
2016-12-12 09:47:17 +00:00
|
|
|
.BR PROT_READ /
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR PROT_WRITE /
|
|
|
|
.BR PROT_EXEC
|
|
|
|
permissions passed to system calls such as
|
2016-09-13 19:44:38 +00:00
|
|
|
.BR mprotect (2)
|
|
|
|
and
|
|
|
|
.BR mmap (2),
|
|
|
|
but always act to further restrict these traditional permission
|
|
|
|
mechanisms.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:12:09 +00:00
|
|
|
If a process performs an access that violates pkey
|
|
|
|
restrictions, it receives a
|
|
|
|
.BR SIGSEGV
|
|
|
|
signal.
|
|
|
|
See
|
|
|
|
.BR sigaction (2)
|
|
|
|
for details of the information available with that signal.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
To use the pkeys feature, the processor must support it, and the kernel
|
2016-09-13 19:44:38 +00:00
|
|
|
must contain support for the feature on a given processor.
|
|
|
|
As of early 2016 only future Intel x86 processors are supported,
|
|
|
|
and this hardware supports 16 protection keys in each process.
|
|
|
|
However, pkey 0 is used as the default key, so a maximum of 15
|
|
|
|
are available for actual application use.
|
|
|
|
The default key is assigned to any memory region for which a
|
|
|
|
pkey has not been explicitly assigned via
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_mprotect (2).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
Protection keys have the potential to add a layer of security and
|
2016-09-13 19:44:38 +00:00
|
|
|
reliability to applications.
|
2016-10-13 10:04:11 +00:00
|
|
|
But they have not been primarily designed as
|
2016-09-13 19:44:38 +00:00
|
|
|
a security feature.
|
|
|
|
For instance, WRPKRU is a completely unprivileged
|
|
|
|
instruction, so pkeys are useless in any case that an attacker controls
|
|
|
|
the PKRU register or can execute arbitrary instructions.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Applications should be very careful to ensure that they do not "leak"
|
|
|
|
protection keys.
|
2016-10-13 10:04:11 +00:00
|
|
|
For instance, before calling
|
|
|
|
.BR pkey_free (2),
|
2016-09-13 19:44:38 +00:00
|
|
|
the application should be sure that no memory has that pkey assigned.
|
|
|
|
If the application left the freed pkey assigned, a future user of
|
|
|
|
that pkey might inadvertently change the permissions of an unrelated
|
2016-10-13 10:04:11 +00:00
|
|
|
data structure, which could impact security or stability.
|
2016-09-13 19:44:38 +00:00
|
|
|
The kernel currently allows in-use pkeys to have
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_free (2)
|
2016-09-13 19:44:38 +00:00
|
|
|
called on them because it would have processor or memory performance
|
|
|
|
implications to perform the additional checks needed to disallow it.
|
2016-10-13 10:04:11 +00:00
|
|
|
Implementation of the necessary checks is left up to applications.
|
|
|
|
Applications may implement these checks by searching the
|
|
|
|
.IR /proc/[pid]/smaps
|
|
|
|
file for memory regions with the pkey assigned.
|
|
|
|
Further details can be found in
|
|
|
|
.BR proc (5).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Any application wanting to use protection keys needs to be able
|
|
|
|
to function without them.
|
|
|
|
They might be unavailable because the hardware that the
|
|
|
|
application runs on does not support them, the kernel code does
|
|
|
|
not contain support, the kernel support has been disabled, or
|
|
|
|
because the keys have all been allocated, perhaps by a library
|
|
|
|
the application is using.
|
|
|
|
It is recommended that applications wanting to use protection
|
|
|
|
keys should simply call
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_alloc (2)
|
|
|
|
and test whether the call succeeds,
|
2016-09-13 19:44:38 +00:00
|
|
|
instead of attempting to detect support for the
|
2016-10-13 10:04:11 +00:00
|
|
|
feature in any other way.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Although unnecessary, hardware support for protection keys may be
|
2016-10-13 10:04:11 +00:00
|
|
|
enumerated with the
|
|
|
|
.I cpuid
|
|
|
|
instruction.
|
|
|
|
Details of how to do this can be found in the Intel Software
|
2016-09-13 19:44:38 +00:00
|
|
|
Developers Manual.
|
2016-10-13 10:04:11 +00:00
|
|
|
The kernel performs this enumeration and exposes the information in
|
|
|
|
.IR /proc/cpuinfo
|
|
|
|
under the "flags" field.
|
|
|
|
The string "pku" in this field indicates hardware support for protection
|
|
|
|
keys and the string "ospke" indicates that the kernel contains and has
|
2016-09-13 19:44:38 +00:00
|
|
|
enabled protection keys support.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Applications using threads and protection keys should be especially
|
|
|
|
careful.
|
|
|
|
Threads inherit the protection key rights of the parent at the time
|
|
|
|
of the
|
|
|
|
.BR clone (2),
|
|
|
|
system call.
|
|
|
|
Applications should either ensure that their own permissions are
|
2016-10-13 10:04:11 +00:00
|
|
|
appropriate for child threads at the time when
|
2016-09-13 19:44:38 +00:00
|
|
|
.BR clone (2)
|
2016-10-13 10:04:11 +00:00
|
|
|
is called, or ensure that each child thread can perform its
|
2016-09-13 19:44:38 +00:00
|
|
|
own initialization of protection key rights.
|
2016-10-18 06:00:12 +00:00
|
|
|
.\"
|
2016-10-17 22:07:12 +00:00
|
|
|
.SS Signal Handler Behavior
|
|
|
|
Each time a signal handler is invoked (including nested signals), the
|
|
|
|
thread is temporarily given a new, default set of protection key rights
|
|
|
|
that override the rights from the interrupted context.
|
|
|
|
This means that applications must re-establish their desired protection
|
|
|
|
key rights upon entering a signal handler if the desired rights differ
|
|
|
|
from the defaults.
|
|
|
|
The rights of any interrupted context are restored when the signal
|
|
|
|
handler returns.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-17 22:07:12 +00:00
|
|
|
This signal behavior is unusual and is due to the fact that the x86 PKRU
|
|
|
|
register (which stores protection key access rights) is managed with the
|
|
|
|
same hardware mechanism (XSAVE) that manages floating-point registers.
|
2017-01-02 18:41:49 +00:00
|
|
|
The signal behavior is the same as that of floating-point registers.
|
2016-10-18 06:00:12 +00:00
|
|
|
.\"
|
2016-09-13 19:44:38 +00:00
|
|
|
.SS Protection Keys system calls
|
|
|
|
The Linux kernel implements the following pkey-related system calls:
|
|
|
|
.BR pkey_mprotect (2),
|
|
|
|
.BR pkey_alloc (2),
|
|
|
|
and
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_free (2).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
The Linux pkey system calls are available only if the kernel was
|
2016-10-13 10:04:11 +00:00
|
|
|
configured and built with the
|
2016-09-13 19:44:38 +00:00
|
|
|
.BR CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
|
|
|
|
option.
|
2020-05-21 08:00:37 +00:00
|
|
|
.SH EXAMPLES
|
2016-09-13 19:44:38 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
The program below allocates a page of memory with read and write permissions.
|
2016-09-13 19:44:38 +00:00
|
|
|
It then writes some data to the memory and successfully reads it
|
|
|
|
back.
|
|
|
|
After that, it attempts to allocate a protection key and
|
2016-10-13 10:04:11 +00:00
|
|
|
disallows access to the page by using the WRPKRU instruction.
|
|
|
|
It then tries to access the page,
|
2016-09-13 19:44:38 +00:00
|
|
|
which we now expect to cause a fatal signal to the application.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2016-09-13 19:44:38 +00:00
|
|
|
.RB "$" " ./a.out"
|
|
|
|
buffer contains: 73
|
|
|
|
about to read buffer again...
|
|
|
|
Segmentation fault (core dumped)
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2016-09-13 19:44:38 +00:00
|
|
|
.in
|
|
|
|
.SS Program source
|
|
|
|
\&
|
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 08:44:33 +00:00
|
|
|
.EX
|
2016-09-13 19:44:38 +00:00
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/syscall.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/mman.h>
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
static inline void
|
|
|
|
wrpkru(unsigned int pkru)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
2016-10-13 09:49:00 +00:00
|
|
|
unsigned int eax = pkru;
|
|
|
|
unsigned int ecx = 0;
|
|
|
|
unsigned int edx = 0;
|
2016-09-13 19:44:38 +00:00
|
|
|
|
locale.1, memusage.1, pldd.1, _syscall.2, add_key.2, bind.2, bpf.2, chown.2, clone.2, copy_file_range.2, eventfd.2, execve.2, futex.2, getdents.2, getrlimit.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, membarrier.2, memfd_create.2, mmap.2, mprotect.2, msgop.2, open_by_handle_at.2, perf_event_open.2, pipe.2, readdir.2, readlink.2, readv.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, select.2, select_tut.2, sendmmsg.2, setns.2, signalfd.2, spu_run.2, stat.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, wait.2, CPU_SET.3, __ppc_get_timebase.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, confstr.3, ctime.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, fgetws.3, fmemopen.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, iswblank.3, iswspace.3, makecontext.3, mallinfo.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, qsort.3, rand.3, readdir.3, regex.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strftime.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, termios.3, tsearch.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, console_codes.4, dsp56k.4, full.4, initrd.4, loop.4, vcs.4, charmap.5, core.5, elf.5, locale.5, proc.5, repertoiremap.5, sysfs.5, termcap.5, aio.7, bpf-helpers.7, cgroups.7, charsets.7, complex.7, fanotify.7, feature_test_macros.7, inotify.7, locale.7, man-pages.7, man.7, pkeys.7, pthreads.7, rtld-audit.7, sock_diag.7, unix.7, user_namespaces.7, utf-8.7: Use '\e' rather than '\\' to get a backslash
Quoting Branden:
*roff escape sequences may sometimes look like C escapes, but that
is misleading. *roff is in part a macro language and that means
recursive expansion to arbitrary depths.
You can get away with "\\" in a context where no macro expansion
is taking place, but try to spell a literal backslash this way in
the argument to a macro and you will likely be unhappy with
results.
Try viewing the attached file with "man -l".
"\e" is the preferred and portable way to get a portable "escape
literal" going back to CSTR #54, the original Bell Labs troff
paper.
groff(7) discusses the issue:
\\ reduces to a single backslash; useful to delay its
interpretation as escape character in copy mode. For a
printable backslash, use \e, or even better \[rs], to be
independent from the current escape character.
As of groff 1.22.4, groff_man(7) does as well:
\e Widely used in man pages to represent a backslash output
glyph. It works reliably as long as the .ec request is
not used, which should never happen in man pages, and it
is slightly more portable than the more exact ‘\(rs’
(“reverse solidus”) escape sequence.
People not concerned with portability to extremely old troffs should
probably just use \(rs (or \[rs]), as it means "the backslash
glyph", not "the glyph corresponding to whatever the current escape
character is".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-27 11:57:17 +00:00
|
|
|
asm volatile(".byte 0x0f,0x01,0xef\en\et"
|
2016-10-13 09:49:00 +00:00
|
|
|
: : "a" (eax), "c" (ecx), "d" (edx));
|
2016-09-13 19:44:38 +00:00
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_set(int pkey, unsigned long rights, unsigned long flags)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
2016-10-13 09:49:00 +00:00
|
|
|
unsigned int pkru = (rights << (2 * pkey));
|
2016-09-13 19:44:38 +00:00
|
|
|
return wrpkru(pkru);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_mprotect(void *ptr, size_t size, unsigned long orig_prot,
|
|
|
|
unsigned long pkey)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
return syscall(SYS_pkey_mprotect, ptr, size, orig_prot, pkey);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_alloc(void)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
return syscall(SYS_pkey_alloc, 0, 0);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_free(unsigned long pkey)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
return syscall(SYS_pkey_free, pkey);
|
|
|
|
}
|
|
|
|
|
locale.1, memusage.1, pldd.1, _syscall.2, add_key.2, bind.2, bpf.2, chown.2, clone.2, copy_file_range.2, eventfd.2, execve.2, futex.2, getdents.2, getrlimit.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, membarrier.2, memfd_create.2, mmap.2, mprotect.2, msgop.2, open_by_handle_at.2, perf_event_open.2, pipe.2, readdir.2, readlink.2, readv.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, select.2, select_tut.2, sendmmsg.2, setns.2, signalfd.2, spu_run.2, stat.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, wait.2, CPU_SET.3, __ppc_get_timebase.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, confstr.3, ctime.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, fgetws.3, fmemopen.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, iswblank.3, iswspace.3, makecontext.3, mallinfo.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, qsort.3, rand.3, readdir.3, regex.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strftime.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, termios.3, tsearch.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, console_codes.4, dsp56k.4, full.4, initrd.4, loop.4, vcs.4, charmap.5, core.5, elf.5, locale.5, proc.5, repertoiremap.5, sysfs.5, termcap.5, aio.7, bpf-helpers.7, cgroups.7, charsets.7, complex.7, fanotify.7, feature_test_macros.7, inotify.7, locale.7, man-pages.7, man.7, pkeys.7, pthreads.7, rtld-audit.7, sock_diag.7, unix.7, user_namespaces.7, utf-8.7: Use '\e' rather than '\\' to get a backslash
Quoting Branden:
*roff escape sequences may sometimes look like C escapes, but that
is misleading. *roff is in part a macro language and that means
recursive expansion to arbitrary depths.
You can get away with "\\" in a context where no macro expansion
is taking place, but try to spell a literal backslash this way in
the argument to a macro and you will likely be unhappy with
results.
Try viewing the attached file with "man -l".
"\e" is the preferred and portable way to get a portable "escape
literal" going back to CSTR #54, the original Bell Labs troff
paper.
groff(7) discusses the issue:
\\ reduces to a single backslash; useful to delay its
interpretation as escape character in copy mode. For a
printable backslash, use \e, or even better \[rs], to be
independent from the current escape character.
As of groff 1.22.4, groff_man(7) does as well:
\e Widely used in man pages to represent a backslash output
glyph. It works reliably as long as the .ec request is
not used, which should never happen in man pages, and it
is slightly more portable than the more exact ‘\(rs’
(“reverse solidus”) escape sequence.
People not concerned with portability to extremely old troffs should
probably just use \(rs (or \[rs]), as it means "the backslash
glyph", not "the glyph corresponding to whatever the current escape
character is".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-27 11:57:17 +00:00
|
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \e
|
2016-10-13 09:49:00 +00:00
|
|
|
} while (0)
|
|
|
|
|
|
|
|
int
|
|
|
|
main(void)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
int status;
|
|
|
|
int pkey;
|
|
|
|
int *buffer;
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
*Allocate one page of memory
|
|
|
|
*/
|
|
|
|
buffer = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE,
|
|
|
|
MAP_ANONYMOUS | MAP_PRIVATE, \-1, 0);
|
2016-09-13 19:44:38 +00:00
|
|
|
if (buffer == MAP_FAILED)
|
2016-10-13 09:49:00 +00:00
|
|
|
errExit("mmap");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
* Put some random data into the page (still OK to touch)
|
|
|
|
*/
|
|
|
|
*buffer = __LINE__;
|
locale.1, memusage.1, pldd.1, _syscall.2, add_key.2, bind.2, bpf.2, chown.2, clone.2, copy_file_range.2, eventfd.2, execve.2, futex.2, getdents.2, getrlimit.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, membarrier.2, memfd_create.2, mmap.2, mprotect.2, msgop.2, open_by_handle_at.2, perf_event_open.2, pipe.2, readdir.2, readlink.2, readv.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, select.2, select_tut.2, sendmmsg.2, setns.2, signalfd.2, spu_run.2, stat.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, wait.2, CPU_SET.3, __ppc_get_timebase.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, confstr.3, ctime.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, fgetws.3, fmemopen.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, iswblank.3, iswspace.3, makecontext.3, mallinfo.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, qsort.3, rand.3, readdir.3, regex.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strftime.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, termios.3, tsearch.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, console_codes.4, dsp56k.4, full.4, initrd.4, loop.4, vcs.4, charmap.5, core.5, elf.5, locale.5, proc.5, repertoiremap.5, sysfs.5, termcap.5, aio.7, bpf-helpers.7, cgroups.7, charsets.7, complex.7, fanotify.7, feature_test_macros.7, inotify.7, locale.7, man-pages.7, man.7, pkeys.7, pthreads.7, rtld-audit.7, sock_diag.7, unix.7, user_namespaces.7, utf-8.7: Use '\e' rather than '\\' to get a backslash
Quoting Branden:
*roff escape sequences may sometimes look like C escapes, but that
is misleading. *roff is in part a macro language and that means
recursive expansion to arbitrary depths.
You can get away with "\\" in a context where no macro expansion
is taking place, but try to spell a literal backslash this way in
the argument to a macro and you will likely be unhappy with
results.
Try viewing the attached file with "man -l".
"\e" is the preferred and portable way to get a portable "escape
literal" going back to CSTR #54, the original Bell Labs troff
paper.
groff(7) discusses the issue:
\\ reduces to a single backslash; useful to delay its
interpretation as escape character in copy mode. For a
printable backslash, use \e, or even better \[rs], to be
independent from the current escape character.
As of groff 1.22.4, groff_man(7) does as well:
\e Widely used in man pages to represent a backslash output
glyph. It works reliably as long as the .ec request is
not used, which should never happen in man pages, and it
is slightly more portable than the more exact ‘\(rs’
(“reverse solidus”) escape sequence.
People not concerned with portability to extremely old troffs should
probably just use \(rs (or \[rs]), as it means "the backslash
glyph", not "the glyph corresponding to whatever the current escape
character is".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-27 11:57:17 +00:00
|
|
|
printf("buffer contains: %d\en", *buffer);
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
* Allocate a protection key:
|
|
|
|
*/
|
2016-09-13 19:44:38 +00:00
|
|
|
pkey = pkey_alloc();
|
2016-10-13 09:49:00 +00:00
|
|
|
if (pkey == \-1)
|
|
|
|
errExit("pkey_alloc");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
* Disable access to any memory with "pkey" set,
|
|
|
|
* even though there is none right now
|
|
|
|
*/
|
2016-09-13 19:44:38 +00:00
|
|
|
status = pkey_set(pkey, PKEY_DISABLE_ACCESS, 0);
|
|
|
|
if (status)
|
2016-10-13 09:49:00 +00:00
|
|
|
errExit("pkey_set");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
|
|
|
/*
|
2016-10-13 09:49:00 +00:00
|
|
|
* Set the protection key on "buffer".
|
|
|
|
* Note that it is still read/write as far as mprotect() is
|
2016-09-13 19:44:38 +00:00
|
|
|
* concerned and the previous pkey_set() overrides it.
|
|
|
|
*/
|
2016-10-13 09:49:00 +00:00
|
|
|
status = pkey_mprotect(buffer, getpagesize(),
|
|
|
|
PROT_READ | PROT_WRITE, pkey);
|
|
|
|
if (status == -1)
|
|
|
|
errExit("pkey_mprotect");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
locale.1, memusage.1, pldd.1, _syscall.2, add_key.2, bind.2, bpf.2, chown.2, clone.2, copy_file_range.2, eventfd.2, execve.2, futex.2, getdents.2, getrlimit.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, membarrier.2, memfd_create.2, mmap.2, mprotect.2, msgop.2, open_by_handle_at.2, perf_event_open.2, pipe.2, readdir.2, readlink.2, readv.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, select.2, select_tut.2, sendmmsg.2, setns.2, signalfd.2, spu_run.2, stat.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, wait.2, CPU_SET.3, __ppc_get_timebase.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, confstr.3, ctime.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, fgetws.3, fmemopen.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, iswblank.3, iswspace.3, makecontext.3, mallinfo.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, qsort.3, rand.3, readdir.3, regex.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strftime.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, termios.3, tsearch.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, console_codes.4, dsp56k.4, full.4, initrd.4, loop.4, vcs.4, charmap.5, core.5, elf.5, locale.5, proc.5, repertoiremap.5, sysfs.5, termcap.5, aio.7, bpf-helpers.7, cgroups.7, charsets.7, complex.7, fanotify.7, feature_test_macros.7, inotify.7, locale.7, man-pages.7, man.7, pkeys.7, pthreads.7, rtld-audit.7, sock_diag.7, unix.7, user_namespaces.7, utf-8.7: Use '\e' rather than '\\' to get a backslash
Quoting Branden:
*roff escape sequences may sometimes look like C escapes, but that
is misleading. *roff is in part a macro language and that means
recursive expansion to arbitrary depths.
You can get away with "\\" in a context where no macro expansion
is taking place, but try to spell a literal backslash this way in
the argument to a macro and you will likely be unhappy with
results.
Try viewing the attached file with "man -l".
"\e" is the preferred and portable way to get a portable "escape
literal" going back to CSTR #54, the original Bell Labs troff
paper.
groff(7) discusses the issue:
\\ reduces to a single backslash; useful to delay its
interpretation as escape character in copy mode. For a
printable backslash, use \e, or even better \[rs], to be
independent from the current escape character.
As of groff 1.22.4, groff_man(7) does as well:
\e Widely used in man pages to represent a backslash output
glyph. It works reliably as long as the .ec request is
not used, which should never happen in man pages, and it
is slightly more portable than the more exact ‘\(rs’
(“reverse solidus”) escape sequence.
People not concerned with portability to extremely old troffs should
probably just use \(rs (or \[rs]), as it means "the backslash
glyph", not "the glyph corresponding to whatever the current escape
character is".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-27 11:57:17 +00:00
|
|
|
printf("about to read buffer again...\en");
|
2016-10-13 09:49:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This will crash, because we have disallowed access
|
|
|
|
*/
|
locale.1, memusage.1, pldd.1, _syscall.2, add_key.2, bind.2, bpf.2, chown.2, clone.2, copy_file_range.2, eventfd.2, execve.2, futex.2, getdents.2, getrlimit.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, membarrier.2, memfd_create.2, mmap.2, mprotect.2, msgop.2, open_by_handle_at.2, perf_event_open.2, pipe.2, readdir.2, readlink.2, readv.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, select.2, select_tut.2, sendmmsg.2, setns.2, signalfd.2, spu_run.2, stat.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, wait.2, CPU_SET.3, __ppc_get_timebase.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, confstr.3, ctime.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, fgetws.3, fmemopen.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, iswblank.3, iswspace.3, makecontext.3, mallinfo.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, qsort.3, rand.3, readdir.3, regex.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strftime.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, termios.3, tsearch.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, console_codes.4, dsp56k.4, full.4, initrd.4, loop.4, vcs.4, charmap.5, core.5, elf.5, locale.5, proc.5, repertoiremap.5, sysfs.5, termcap.5, aio.7, bpf-helpers.7, cgroups.7, charsets.7, complex.7, fanotify.7, feature_test_macros.7, inotify.7, locale.7, man-pages.7, man.7, pkeys.7, pthreads.7, rtld-audit.7, sock_diag.7, unix.7, user_namespaces.7, utf-8.7: Use '\e' rather than '\\' to get a backslash
Quoting Branden:
*roff escape sequences may sometimes look like C escapes, but that
is misleading. *roff is in part a macro language and that means
recursive expansion to arbitrary depths.
You can get away with "\\" in a context where no macro expansion
is taking place, but try to spell a literal backslash this way in
the argument to a macro and you will likely be unhappy with
results.
Try viewing the attached file with "man -l".
"\e" is the preferred and portable way to get a portable "escape
literal" going back to CSTR #54, the original Bell Labs troff
paper.
groff(7) discusses the issue:
\\ reduces to a single backslash; useful to delay its
interpretation as escape character in copy mode. For a
printable backslash, use \e, or even better \[rs], to be
independent from the current escape character.
As of groff 1.22.4, groff_man(7) does as well:
\e Widely used in man pages to represent a backslash output
glyph. It works reliably as long as the .ec request is
not used, which should never happen in man pages, and it
is slightly more portable than the more exact ‘\(rs’
(“reverse solidus”) escape sequence.
People not concerned with portability to extremely old troffs should
probably just use \(rs (or \[rs]), as it means "the backslash
glyph", not "the glyph corresponding to whatever the current escape
character is".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-27 11:57:17 +00:00
|
|
|
printf("buffer contains: %d\en", *buffer);
|
2016-09-13 19:44:38 +00:00
|
|
|
|
|
|
|
status = pkey_free(pkey);
|
2016-10-13 09:49:00 +00:00
|
|
|
if (status == -1)
|
|
|
|
errExit("pkey_free");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
exit(EXIT_SUCCESS);
|
2016-09-13 19:44:38 +00:00
|
|
|
}
|
getgroups.2, getrlimit.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, semop.2, difftime.3, getpw.3, malloc_hook.3, mbrtowc.3, newlocale.3, offsetof.3, pthread_tryjoin_np.3, rand.3, rtnetlink.3, setbuf.3, strtol.3, fuse.4, feature_test_macros.7, pkeys.7: ffix: fix mismatched .EX/.EE tags
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 20:16:47 +00:00
|
|
|
.EE
|
2016-09-13 19:44:38 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR pkey_alloc (2),
|
|
|
|
.BR pkey_free (2),
|
|
|
|
.BR pkey_mprotect (2),
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR sigaction (2)
|