aboutsummaryrefslogtreecommitdiff
path: root/Documentation/x86/protection-keys.txt
blob: c281ded1ba16e0ec436988d8d37d9bfd202ac871 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature
which will be found on future Intel CPUs.

Memory Protection Keys provides a mechanism for enforcing page-based
protections, but without requiring modification of the page tables
when an application changes protection domains.  It works by
dedicating 4 previously ignored bits in each page table entry to a
"protection key", giving 16 possible keys.

There is also a new user-accessible register (PKRU) with two separate
bits (Access Disable and Write Disable) for each key.  Being a CPU
register, PKRU is inherently thread-local, potentially giving each
thread a different set of protections from every other thread.

There are two new instructions (RDPKRU/WRPKRU) for reading and writing
to the new register.  The feature is only available in 64-bit mode,
even though there is theoretically space in the PAE PTEs.  These
permissions are enforced on data access only and have no effect on
instruction fetches.

=========================== Config Option ===========================

This config option adds approximately 1.5kb of text. and 50 bytes of
data to the executable.  A workload which does large O_DIRECT reads
of holes in XFS files was run to exercise get_user_pages_fast().  No
performance delta was observed with the config option
enabled or disabled.