| Dave Hansen | 591b1d8 | 2015-12-14 11:06:34 -0800 | [diff] [blame] | 1 | Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature |
| 2 | which will be found on future Intel CPUs. |
| 3 | |
| 4 | Memory Protection Keys provides a mechanism for enforcing page-based |
| 5 | protections, but without requiring modification of the page tables |
| 6 | when an application changes protection domains. It works by |
| 7 | dedicating 4 previously ignored bits in each page table entry to a |
| 8 | "protection key", giving 16 possible keys. |
| 9 | |
| 10 | There is also a new user-accessible register (PKRU) with two separate |
| 11 | bits (Access Disable and Write Disable) for each key. Being a CPU |
| 12 | register, PKRU is inherently thread-local, potentially giving each |
| 13 | thread a different set of protections from every other thread. |
| 14 | |
| 15 | There are two new instructions (RDPKRU/WRPKRU) for reading and writing |
| 16 | to the new register. The feature is only available in 64-bit mode, |
| 17 | even though there is theoretically space in the PAE PTEs. These |
| 18 | permissions are enforced on data access only and have no effect on |
| 19 | instruction fetches. |
| 20 | |
| 21 | =========================== Config Option =========================== |
| 22 | |
| 23 | This config option adds approximately 1.5kb of text. and 50 bytes of |
| 24 | data to the executable. A workload which does large O_DIRECT reads |
| 25 | of holes in XFS files was run to exercise get_user_pages_fast(). No |
| 26 | performance delta was observed with the config option |
| 27 | enabled or disabled. |