LLVM Begins Looking At PKU Memory Protection Keys Support
This week mainline LLVM received support for the PKU feature flag as prep work towards supporting the new RDPKRU and WRPKRU instructions for Intel's forthcoming memory protection keys capabilities.
Memory Protection Keys (PKU/PKEYs) are a feature of future Intel CPUs, presumably for Kabylake or Cannonlake. As described by the original patch set for supporting memory protection keys on the kernel-side, "Memory Protection Keys provides a mechanism for enforcing page-based protections, but without requiring modification of the page tables when an application changes protection domains. It works by dedicating 4 previously ignored bits in each page table entry to a 'protection key', giving 16 possible keys...There are two new instructions (RDPKRU/WRPKRU) for reading and writing to the new register. The feature is only available in 64-bit mode, even though there is theoretically space in the PAE PTEs. These permissions are enforced on data access only and have no effect on instruction fetches."
On the kernel side, the big set of memory protection keys work is up to its fifth patch revision and won't be mainlined until at least Linux 4.5 but could still take possibly longer.
With the Linux kernel work continuing, given by this commit it looks like Intel engineers are in the process of beginning work on compiler support for PKU and the other needed user-space changes for this hardware feature of future Intel CPUs.
Memory Protection Keys (PKU/PKEYs) are a feature of future Intel CPUs, presumably for Kabylake or Cannonlake. As described by the original patch set for supporting memory protection keys on the kernel-side, "Memory Protection Keys provides a mechanism for enforcing page-based protections, but without requiring modification of the page tables when an application changes protection domains. It works by dedicating 4 previously ignored bits in each page table entry to a 'protection key', giving 16 possible keys...There are two new instructions (RDPKRU/WRPKRU) for reading and writing to the new register. The feature is only available in 64-bit mode, even though there is theoretically space in the PAE PTEs. These permissions are enforced on data access only and have no effect on instruction fetches."
On the kernel side, the big set of memory protection keys work is up to its fifth patch revision and won't be mainlined until at least Linux 4.5 but could still take possibly longer.
With the Linux kernel work continuing, given by this commit it looks like Intel engineers are in the process of beginning work on compiler support for PKU and the other needed user-space changes for this hardware feature of future Intel CPUs.
1 Comment