Memory Protection Keys (MPK) Submitted For Linux 4.6
Support for Memory Protection Keys (PKeys/MPK) that will be found on future Intel CPUs is being proposed for inclusion into Linux 4.6.
Memory Protection Keys were previously described by the Intel developers as "a CPU feature which will be found in future Intel CPUs...Memory Protection Keys provides a mechanism for enforcing page-based protections, but without requiring modification of the page tables when an application changes protection domains. It works by dedicating 4 previously ignored bits in each page table entry to a 'protection key', giving 16 possible keys. There is also a new user-accessible register (PKRU) with two separate bits (Access Disable and Write Disable) for each key. Being a CPU register, PKRU is inherently thread-local, potentially giving each thread a different set of protections from every other thread. There are two new instructions (RDPKRU/WRPKRU) for reading and writing to the new register. The feature is only available in 64-bit mode, even though there is theoretically space in the PAE PTEs. These permissions are enforced on data access only and have no effect on instruction fetches."
The Intel Memory Protection Keys will be added to a future generation of Intel CPUs. There's already been work on the compiler changes for supporting PKU while the kernel-side work is being proposed for the Linux 4.6 kernel.
For those wanting to learn more about this kernel implementation and feature to be found in future Intel CPUs, see the pull request that was mailed in this morning by Ingo Molnar.
Memory Protection Keys were previously described by the Intel developers as "a CPU feature which will be found in future Intel CPUs...Memory Protection Keys provides a mechanism for enforcing page-based protections, but without requiring modification of the page tables when an application changes protection domains. It works by dedicating 4 previously ignored bits in each page table entry to a 'protection key', giving 16 possible keys. There is also a new user-accessible register (PKRU) with two separate bits (Access Disable and Write Disable) for each key. Being a CPU register, PKRU is inherently thread-local, potentially giving each thread a different set of protections from every other thread. There are two new instructions (RDPKRU/WRPKRU) for reading and writing to the new register. The feature is only available in 64-bit mode, even though there is theoretically space in the PAE PTEs. These permissions are enforced on data access only and have no effect on instruction fetches."
The Intel Memory Protection Keys will be added to a future generation of Intel CPUs. There's already been work on the compiler changes for supporting PKU while the kernel-side work is being proposed for the Linux 4.6 kernel.
For those wanting to learn more about this kernel implementation and feature to be found in future Intel CPUs, see the pull request that was mailed in this morning by Ingo Molnar.
3 Comments