2016-09-13 19:44:38 +00:00
|
|
|
.\" Copyright (C) 2016 Intel Corporation
|
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, mtrace.1, pldd.1, sprof.1, time.1, _syscall.2, add_key.2, alloc_hugepages.2, arch_prctl.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chown.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, fanotify_init.2, fcntl.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_console.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_getfsmap.2, ioctl_iflags.2, ioctl_list.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, ipc.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readlink.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, signal.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscall.2, syscalls.2, sysctl.2, sysfs.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2, CPU_SET.3, INFINITY.3, __ppc_get_timebase.3, __ppc_set_ppr_med.3, __ppc_yield.3, __setfpucw.3, acos.3, acosh.3, adjtime.3, aio_fsync.3, aio_init.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, backtrace.3, basename.3, bindresvport.3, bsd_signal.3, bsearch.3, bswap.3, btree.3, byteorder.3, bzero.3, canonicalize_file_name.3, carg.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cfree.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, cmsg.3, confstr.3, copysign.3, cos.3, cosh.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctime.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, drand48.3, drand48_r.3, duplocale.3, encrypt.3, end.3, endian.3, envz_add.3, erf.3, erfc.3, err.3, errno.3, error.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetc.3, fgetgrent.3, fgetpwent.3, finite.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fopen.3, fopencookie.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, frexp.3, fseek.3, fseeko.3, ftime.3, fts.3, ftw.3, futimes.3, gamma.3, gcvt.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getentropy.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getifaddrs.3, getipnodebyname.3, getline.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getsubopt.3, getttyent.3, getumask.3, getutent.3, getwchar.3, glob.3, gnu_get_libc_version.3, grantpt.3, gsignal.3, hash.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, if_nameindex.3, if_nametoindex.3, ilogb.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, initgroups.3, insque.3, intro.3, isalpha.3, isgreater.3, j0.3, key_setsecret.3, killpg.3, ldexp.3, lgamma.3, lio_listio.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, makedev.3, mallinfo.3, malloc.3, malloc_get_state.3, malloc_info.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, mallopt.3, matherr.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mcheck.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, nextafter.3, nextup.3, nl_langinfo.3, ntp_gettime.3, offsetof.3, on_exit.3, open_memstream.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, posix_spawn.3, pow.3, pow10.3, printf.3, profil.3, program_invocation_name.3, psignal.3, pthread_atfork.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_detach.3, pthread_exit.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_self.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_sigqueue.3, pthread_testcancel.3, pthread_tryjoin_np.3, ptsname.3, putgrent.3, putpwent.3, qsort.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, realpath.3, recno.3, regex.3, remainder.3, remove.3, remquo.3, resolver.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, rtime.3, scalb.3, scalbln.3, scandir.3, scanf.3, sched_getcpu.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigvec.3, sin.3, sincos.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stdarg.3, stdin.3, strcasecmp.3, strcat.3, strchr.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfromd.3, strftime.3, strptime.3, strsignal.3, strstr.3, strtod.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, syslog.3, system.3, sysv_signal.3, tan.3, tanh.3, telldir.3, tempnam.3, termios.3, tgamma.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, trunc.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, undocumented.3, unlocked_stdio.3, updwtmp.3, uselocale.3, usleep.3, wcrtomb.3, wcsdup.3, wcsnrtombs.3, wcsrtombs.3, wcstombs.3, wctob.3, wcwidth.3, wordexp.3, wprintf.3, xcrypt.3, xdr.3, y0.3, cciss.4, console_codes.4, dsp56k.4, fuse.4, hd.4, hpsa.4, initrd.4, intro.4, loop.4, random.4, rtc.4, sd.4, sk98lin.4, st.4, wavelan.4, acct.5, core.5, elf.5, filesystems.5, host.conf.5, hosts.5, locale.5, nologin.5, proc.5, resolv.conf.5, rpc.5, slabinfo.5, utmp.5, aio.7, arp.7, bootparam.7, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cpuset.7, ddp.7, environ.7, epoll.7, fanotify.7, feature_test_macros.7, futex.7, inode.7, inotify.7, ip.7, ipv6.7, keyrings.7, locale.7, man-pages.7, man.7, math_error.7, mount_namespaces.7, mq_overview.7, namespaces.7, netdevice.7, netlink.7, packet.7, pipe.7, pkeys.7, pthreads.7, pty.7, raw.7, rtld-audit.7, rtnetlink.7, sched.7, session-keyring.7, signal.7, sock_diag.7, socket.7, spufs.7, suffixes.7, tcp.7, udp.7, udplite.7, unicode.7, units.7, unix.7, uri.7, user_namespaces.7, vdso.7, x25.7, xattr.7, iconvconfig.8, ld.so.8, ldconfig.8, sln.8: Update timestamps
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-09-15 10:44:56 +00:00
|
|
|
.TH PKEYS 7 2017-09-15 "Linux" "Linux Programmer's Manual"
|
2016-09-13 19:44:38 +00:00
|
|
|
.SH NAME
|
|
|
|
pkeys \- overview of Memory Protection Keys
|
|
|
|
.SH DESCRIPTION
|
|
|
|
Memory Protection Keys (pkeys) are an extension to existing
|
|
|
|
page-based memory permissions.
|
|
|
|
Normal page permissions using
|
|
|
|
page tables require expensive system calls and TLB invalidations
|
|
|
|
when changing permissions.
|
|
|
|
Memory Protection Keys provide a mechanism for changing
|
|
|
|
protections without requiring modification of the page tables on
|
|
|
|
every permission change.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
To use pkeys, software must first "tag" a page in the page tables
|
2016-09-13 19:44:38 +00:00
|
|
|
with a pkey.
|
|
|
|
After this tag is in place, an application only has
|
|
|
|
to change the contents of a register in order to remove write
|
|
|
|
access, or all access to a tagged page.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
Protection keys work in conjunction with the existing
|
2016-12-12 09:47:17 +00:00
|
|
|
.BR PROT_READ /
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR PROT_WRITE /
|
|
|
|
.BR PROT_EXEC
|
|
|
|
permissions passed to system calls such as
|
2016-09-13 19:44:38 +00:00
|
|
|
.BR mprotect (2)
|
|
|
|
and
|
|
|
|
.BR mmap (2),
|
|
|
|
but always act to further restrict these traditional permission
|
|
|
|
mechanisms.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:12:09 +00:00
|
|
|
If a process performs an access that violates pkey
|
|
|
|
restrictions, it receives a
|
|
|
|
.BR SIGSEGV
|
|
|
|
signal.
|
|
|
|
See
|
|
|
|
.BR sigaction (2)
|
|
|
|
for details of the information available with that signal.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
To use the pkeys feature, the processor must support it, and the kernel
|
2016-09-13 19:44:38 +00:00
|
|
|
must contain support for the feature on a given processor.
|
|
|
|
As of early 2016 only future Intel x86 processors are supported,
|
|
|
|
and this hardware supports 16 protection keys in each process.
|
|
|
|
However, pkey 0 is used as the default key, so a maximum of 15
|
|
|
|
are available for actual application use.
|
|
|
|
The default key is assigned to any memory region for which a
|
|
|
|
pkey has not been explicitly assigned via
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_mprotect (2).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
Protection keys have the potential to add a layer of security and
|
2016-09-13 19:44:38 +00:00
|
|
|
reliability to applications.
|
2016-10-13 10:04:11 +00:00
|
|
|
But they have not been primarily designed as
|
2016-09-13 19:44:38 +00:00
|
|
|
a security feature.
|
|
|
|
For instance, WRPKRU is a completely unprivileged
|
|
|
|
instruction, so pkeys are useless in any case that an attacker controls
|
|
|
|
the PKRU register or can execute arbitrary instructions.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Applications should be very careful to ensure that they do not "leak"
|
|
|
|
protection keys.
|
2016-10-13 10:04:11 +00:00
|
|
|
For instance, before calling
|
|
|
|
.BR pkey_free (2),
|
2016-09-13 19:44:38 +00:00
|
|
|
the application should be sure that no memory has that pkey assigned.
|
|
|
|
If the application left the freed pkey assigned, a future user of
|
|
|
|
that pkey might inadvertently change the permissions of an unrelated
|
2016-10-13 10:04:11 +00:00
|
|
|
data structure, which could impact security or stability.
|
2016-09-13 19:44:38 +00:00
|
|
|
The kernel currently allows in-use pkeys to have
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_free (2)
|
2016-09-13 19:44:38 +00:00
|
|
|
called on them because it would have processor or memory performance
|
|
|
|
implications to perform the additional checks needed to disallow it.
|
2016-10-13 10:04:11 +00:00
|
|
|
Implementation of the necessary checks is left up to applications.
|
|
|
|
Applications may implement these checks by searching the
|
|
|
|
.IR /proc/[pid]/smaps
|
|
|
|
file for memory regions with the pkey assigned.
|
|
|
|
Further details can be found in
|
|
|
|
.BR proc (5).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Any application wanting to use protection keys needs to be able
|
|
|
|
to function without them.
|
|
|
|
They might be unavailable because the hardware that the
|
|
|
|
application runs on does not support them, the kernel code does
|
|
|
|
not contain support, the kernel support has been disabled, or
|
|
|
|
because the keys have all been allocated, perhaps by a library
|
|
|
|
the application is using.
|
|
|
|
It is recommended that applications wanting to use protection
|
|
|
|
keys should simply call
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_alloc (2)
|
|
|
|
and test whether the call succeeds,
|
2016-09-13 19:44:38 +00:00
|
|
|
instead of attempting to detect support for the
|
2016-10-13 10:04:11 +00:00
|
|
|
feature in any other way.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Although unnecessary, hardware support for protection keys may be
|
2016-10-13 10:04:11 +00:00
|
|
|
enumerated with the
|
|
|
|
.I cpuid
|
|
|
|
instruction.
|
|
|
|
Details of how to do this can be found in the Intel Software
|
2016-09-13 19:44:38 +00:00
|
|
|
Developers Manual.
|
2016-10-13 10:04:11 +00:00
|
|
|
The kernel performs this enumeration and exposes the information in
|
|
|
|
.IR /proc/cpuinfo
|
|
|
|
under the "flags" field.
|
|
|
|
The string "pku" in this field indicates hardware support for protection
|
|
|
|
keys and the string "ospke" indicates that the kernel contains and has
|
2016-09-13 19:44:38 +00:00
|
|
|
enabled protection keys support.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
Applications using threads and protection keys should be especially
|
|
|
|
careful.
|
|
|
|
Threads inherit the protection key rights of the parent at the time
|
|
|
|
of the
|
|
|
|
.BR clone (2),
|
|
|
|
system call.
|
|
|
|
Applications should either ensure that their own permissions are
|
2016-10-13 10:04:11 +00:00
|
|
|
appropriate for child threads at the time when
|
2016-09-13 19:44:38 +00:00
|
|
|
.BR clone (2)
|
2016-10-13 10:04:11 +00:00
|
|
|
is called, or ensure that each child thread can perform its
|
2016-09-13 19:44:38 +00:00
|
|
|
own initialization of protection key rights.
|
2016-10-18 06:00:12 +00:00
|
|
|
.\"
|
2016-10-17 22:07:12 +00:00
|
|
|
.SS Signal Handler Behavior
|
|
|
|
Each time a signal handler is invoked (including nested signals), the
|
|
|
|
thread is temporarily given a new, default set of protection key rights
|
|
|
|
that override the rights from the interrupted context.
|
|
|
|
This means that applications must re-establish their desired protection
|
|
|
|
key rights upon entering a signal handler if the desired rights differ
|
|
|
|
from the defaults.
|
|
|
|
The rights of any interrupted context are restored when the signal
|
|
|
|
handler returns.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-10-17 22:07:12 +00:00
|
|
|
This signal behavior is unusual and is due to the fact that the x86 PKRU
|
|
|
|
register (which stores protection key access rights) is managed with the
|
|
|
|
same hardware mechanism (XSAVE) that manages floating-point registers.
|
2017-01-02 18:41:49 +00:00
|
|
|
The signal behavior is the same as that of floating-point registers.
|
2016-10-18 06:00:12 +00:00
|
|
|
.\"
|
2016-09-13 19:44:38 +00:00
|
|
|
.SS Protection Keys system calls
|
|
|
|
The Linux kernel implements the following pkey-related system calls:
|
|
|
|
.BR pkey_mprotect (2),
|
|
|
|
.BR pkey_alloc (2),
|
|
|
|
and
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR pkey_free (2).
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
The Linux pkey system calls are available only if the kernel was
|
2016-10-13 10:04:11 +00:00
|
|
|
configured and built with the
|
2016-09-13 19:44:38 +00:00
|
|
|
.BR CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
|
|
|
|
option.
|
|
|
|
.SH EXAMPLE
|
|
|
|
.PP
|
2016-10-13 10:04:11 +00:00
|
|
|
The program below allocates a page of memory with read and write permissions.
|
2016-09-13 19:44:38 +00:00
|
|
|
It then writes some data to the memory and successfully reads it
|
|
|
|
back.
|
|
|
|
After that, it attempts to allocate a protection key and
|
2016-10-13 10:04:11 +00:00
|
|
|
disallows access to the page by using the WRPKRU instruction.
|
|
|
|
It then tries to access the page,
|
2016-09-13 19:44:38 +00:00
|
|
|
which we now expect to cause a fatal signal to the application.
|
aio.7, arp.7, attributes.7, boot.7, cgroups.7, cpuset.7, credentials.7, fanotify.7, fifo.7, glob.7, hier.7, hostname.7, icmp.7, inode.7, inotify.7, keyrings.7, libc.7, mailaddr.7, mount_namespaces.7, mq_overview.7, nptl.7, numa.7, path_resolution.7, persistent-keyring.7, pid_namespaces.7, pipe.7, pkeys.7, process-keyring.7, pthreads.7, pty.7, random.7, sched.7, sem_overview.7, session-keyring.7, shm_overview.7, signal-safety.7, signal.7, spufs.7, standards.7, symlink.7, termio.7, thread-keyring.7, time.7, unicode.7, user-keyring.7, user-session-keyring.7, user_namespaces.7, utf-8.7, xattr.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:04 +00:00
|
|
|
.PP
|
2016-09-13 19:44:38 +00:00
|
|
|
.in +4n
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EX
|
2016-09-13 19:44:38 +00:00
|
|
|
.RB "$" " ./a.out"
|
|
|
|
buffer contains: 73
|
|
|
|
about to read buffer again...
|
|
|
|
Segmentation fault (core dumped)
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2016-09-13 19:44:38 +00:00
|
|
|
.in
|
|
|
|
.SS Program source
|
|
|
|
\&
|
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 08:44:33 +00:00
|
|
|
.EX
|
2016-09-13 19:44:38 +00:00
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <sys/syscall.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/mman.h>
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
static inline void
|
|
|
|
wrpkru(unsigned int pkru)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
2016-10-13 09:49:00 +00:00
|
|
|
unsigned int eax = pkru;
|
|
|
|
unsigned int ecx = 0;
|
|
|
|
unsigned int edx = 0;
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
asm volatile(".byte 0x0f,0x01,0xef\\n\\t"
|
|
|
|
: : "a" (eax), "c" (ecx), "d" (edx));
|
2016-09-13 19:44:38 +00:00
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_set(int pkey, unsigned long rights, unsigned long flags)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
2016-10-13 09:49:00 +00:00
|
|
|
unsigned int pkru = (rights << (2 * pkey));
|
2016-09-13 19:44:38 +00:00
|
|
|
return wrpkru(pkru);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_mprotect(void *ptr, size_t size, unsigned long orig_prot,
|
|
|
|
unsigned long pkey)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
return syscall(SYS_pkey_mprotect, ptr, size, orig_prot, pkey);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_alloc(void)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
return syscall(SYS_pkey_alloc, 0, 0);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
int
|
|
|
|
pkey_free(unsigned long pkey)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
return syscall(SYS_pkey_free, pkey);
|
|
|
|
}
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
int
|
|
|
|
main(void)
|
2016-09-13 19:44:38 +00:00
|
|
|
{
|
|
|
|
int status;
|
|
|
|
int pkey;
|
|
|
|
int *buffer;
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
*Allocate one page of memory
|
|
|
|
*/
|
|
|
|
buffer = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE,
|
|
|
|
MAP_ANONYMOUS | MAP_PRIVATE, \-1, 0);
|
2016-09-13 19:44:38 +00:00
|
|
|
if (buffer == MAP_FAILED)
|
2016-10-13 09:49:00 +00:00
|
|
|
errExit("mmap");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
* Put some random data into the page (still OK to touch)
|
|
|
|
*/
|
|
|
|
*buffer = __LINE__;
|
2016-09-13 19:44:38 +00:00
|
|
|
printf("buffer contains: %d\\n", *buffer);
|
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
* Allocate a protection key:
|
|
|
|
*/
|
2016-09-13 19:44:38 +00:00
|
|
|
pkey = pkey_alloc();
|
2016-10-13 09:49:00 +00:00
|
|
|
if (pkey == \-1)
|
|
|
|
errExit("pkey_alloc");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
/*
|
|
|
|
* Disable access to any memory with "pkey" set,
|
|
|
|
* even though there is none right now
|
|
|
|
*/
|
2016-09-13 19:44:38 +00:00
|
|
|
status = pkey_set(pkey, PKEY_DISABLE_ACCESS, 0);
|
|
|
|
if (status)
|
2016-10-13 09:49:00 +00:00
|
|
|
errExit("pkey_set");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
|
|
|
/*
|
2016-10-13 09:49:00 +00:00
|
|
|
* Set the protection key on "buffer".
|
|
|
|
* Note that it is still read/write as far as mprotect() is
|
2016-09-13 19:44:38 +00:00
|
|
|
* concerned and the previous pkey_set() overrides it.
|
|
|
|
*/
|
2016-10-13 09:49:00 +00:00
|
|
|
status = pkey_mprotect(buffer, getpagesize(),
|
|
|
|
PROT_READ | PROT_WRITE, pkey);
|
|
|
|
if (status == -1)
|
|
|
|
errExit("pkey_mprotect");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
|
|
|
printf("about to read buffer again...\\n");
|
2016-10-13 09:49:00 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This will crash, because we have disallowed access
|
|
|
|
*/
|
2016-09-13 19:44:38 +00:00
|
|
|
printf("buffer contains: %d\\n", *buffer);
|
|
|
|
|
|
|
|
status = pkey_free(pkey);
|
2016-10-13 09:49:00 +00:00
|
|
|
if (status == -1)
|
|
|
|
errExit("pkey_free");
|
2016-09-13 19:44:38 +00:00
|
|
|
|
2016-10-13 09:49:00 +00:00
|
|
|
exit(EXIT_SUCCESS);
|
2016-09-13 19:44:38 +00:00
|
|
|
}
|
getgroups.2, getrlimit.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, semop.2, difftime.3, getpw.3, malloc_hook.3, mbrtowc.3, newlocale.3, offsetof.3, pthread_tryjoin_np.3, rand.3, rtnetlink.3, setbuf.3, strtol.3, fuse.4, feature_test_macros.7, pkeys.7: ffix: fix mismatched .EX/.EE tags
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 20:16:47 +00:00
|
|
|
.EE
|
2016-09-13 19:44:38 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR pkey_alloc (2),
|
|
|
|
.BR pkey_free (2),
|
|
|
|
.BR pkey_mprotect (2),
|
2016-10-13 10:04:11 +00:00
|
|
|
.BR sigaction (2)
|