On 07/12/2016 12:13 AM, Ingo Molnar wrote: >> > Remember, PKRU is just a *bitmap*. The only place keys are stored is in >> > the >> > page tables. > A pkey is an index *and* a protection mask. So by representing it as a > bitmask we > lose per thread information. This is what I meant by 'incomplete shadowing' - > for > example the debug code couldn't work: if we cleared a pkey in a task we > wouldn't > know what to restore it to with the current data structures, right?
Right. I actually have some code to do the shadowing that I wrote to explore how to do different PKRU values in signal handlers. The code only shadowed the keys that were currently allocated, and used the (mm-wide) allocation map to figure that out. It did not have a separate per-thread concept of which parts of PKRU need to be shadowed. It essentially populated the shadow value on all pkru_set() calls.
