On 07/09/2016 01:37 AM, Ingo Molnar wrote: > I.e. this pattern: > > ret = pkey_mprotect(NULL, PAGE_SIZE, real_prot, pkey); > > ... would validate the pkey and we'd return -EOPNOTSUPP for pkey that is > not > available? This would allow maximum future flexibility as it would not > define > kernel allocated pkeys as a 'range'.
Isn't this multiplexing an otherwise straightforward system call? In addition to providing pkey assignment to memory, it would also being used to pass pkey allocation information independently from any use for memory assignment. The complexity of the ABI comes from its behavior, not from the raw number of system calls that are needed to implement it. IOW, this makes the ABI *more* complicated.
