mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Documentation/protection-keys: Clean up documentation for User Space pkeys 

The documentation for user space pkeys was a bit dated including things
such as Amazon and distribution testing information which is irrelevant
now.

Update the documentation.  This also streamlines adding the Supervisor
pkey documentation later on.

Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lkml.kernel.org/r/20220419170649.1022246-2-ira.weiny@intel.com
This commit is contained in:
Ira Weiny 2022-04-19 10:06:06 -07:00 committed by Dave Hansen
parent aa44284960
commit f8c1d4ca55
1 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Documentation/core-api/protection-keys.rst
View File

@ -4,31 +4,29 @@
Memory Protection Keys Memory Protection Keys
====================== ======================
Memory Protection Keys for Userspace (PKU aka PKEYs) is a feature Memory Protection Keys provide a mechanism for enforcing page-based
which is found on Intel's Skylake (and later) "Scalable Processor" protections, but without requiring modification of the page tables when an
Server CPUs. It will be available in future non-server Intel parts application changes protection domains.
and future AMD processors.
For anyone wishing to test or use this feature, it is available in Pkeys Userspace (PKU) is a feature which can be found on:
Amazon's EC2 C5 instances and is known to work there using an Ubuntu * Intel server CPUs, Skylake and later
17.04 image. * Intel client CPUs, Tiger Lake (11th Gen Core) and later
* Future AMD CPUs
Memory Protection Keys provides a mechanism for enforcing page-based Pkeys work by dedicating 4 previously Reserved bits in each page table entry to
protections, but without requiring modification of the page tables a "protection key", giving 16 possible keys.
when an application changes protection domains. It works by
dedicating 4 previously ignored bits in each page table entry to a
"protection key", giving 16 possible keys.
There is also a new user-accessible register (PKRU) with two separate Protections for each key are defined with a per-CPU user-accessible register
bits (Access Disable and Write Disable) for each key. Being a CPU (PKRU). Each of these is a 32-bit register storing two bits (Access Disable
register, PKRU is inherently thread-local, potentially giving each and Write Disable) for each of 16 keys.
Being a CPU register, PKRU is inherently thread-local, potentially giving each
thread a different set of protections from every other thread. thread a different set of protections from every other thread.
There are two new instructions (RDPKRU/WRPKRU) for reading and writing There are two instructions (RDPKRU/WRPKRU) for reading and writing to the
to the new register. The feature is only available in 64-bit mode, register. The feature is only available in 64-bit mode, even though there is
even though there is theoretically space in the PAE PTEs. These theoretically space in the PAE PTEs. These permissions are enforced on data
permissions are enforced on data access only and have no effect on access only and have no effect on instruction fetches.
instruction fetches.
Syscalls Syscalls
======== ========