linux/Documentation/x86/protection-keys.txt

Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature
which will be found on future Intel CPUs.

Memory Protection Keys provides a mechanism for enforcing page-based
protections, but without requiring modification of the page tables
when an application changes protection domains.  It works by
dedicating 4 previously ignored bits in each page table entry to a
"protection key", giving 16 possible keys.

There is also a new user-accessible register (PKRU) with two separate
bits (Access Disable and Write Disable) for each key.  Being a CPU
register, PKRU is inherently thread-local, potentially giving each
thread a different set of protections from every other thread.

There are two new instructions (RDPKRU/WRPKRU) for reading and writing
to the new register.  The feature is only available in 64-bit mode,
even though there is theoretically space in the PAE PTEs.  These
permissions are enforced on data access only and have no effect on
instruction fetches.

=========================== Config Option ===========================

This config option adds approximately 1.5kb of text. and 50 bytes of
data to the executable.  A workload which does large O_DIRECT reads
of holes in XFS files was run to exercise get_user_pages_fast().  No
performance delta was observed with the config option
enabled or disabled.
x86/mm/pkeys: Add missing Documentation Stefan Richter noticed that the X86_INTEL_MEMORY_PROTECTION_KEYS option in arch/x86/Kconfig references Documentation/x86/protection-keys.txt, but the file does not exist. This is a patch merging mishap: the final (v8) version of the pkeys series did not include the documentation patch 32 and v7 included. Add it now. Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave@sr71.net> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/20151214190634.426BEE41@viggo.jf.intel.com [ Added changelog. ] Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> 2015-12-14 19:06:34 +00:00			`Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature`
			`which will be found on future Intel CPUs.`

			`Memory Protection Keys provides a mechanism for enforcing page-based`
			`protections, but without requiring modification of the page tables`
			`when an application changes protection domains. It works by`
			`dedicating 4 previously ignored bits in each page table entry to a`
			`"protection key", giving 16 possible keys.`

			`There is also a new user-accessible register (PKRU) with two separate`
			`bits (Access Disable and Write Disable) for each key. Being a CPU`
			`register, PKRU is inherently thread-local, potentially giving each`
			`thread a different set of protections from every other thread.`

			`There are two new instructions (RDPKRU/WRPKRU) for reading and writing`
			`to the new register. The feature is only available in 64-bit mode,`
			`even though there is theoretically space in the PAE PTEs. These`
			`permissions are enforced on data access only and have no effect on`
			`instruction fetches.`

			`=========================== Config Option ===========================`

			`This config option adds approximately 1.5kb of text. and 50 bytes of`
			`data to the executable. A workload which does large O_DIRECT reads`
			`of holes in XFS files was run to exercise get_user_pages_fast(). No`
			`performance delta was observed with the config option`
			`enabled or disabled.`