Documentation/protection-keys: Clean up documentation for User Space pkeys
The documentation for user space pkeys was a bit dated including things such as Amazon and distribution testing information which is irrelevant now. Update the documentation. This also streamlines adding the Supervisor pkey documentation later on. Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Link: https://lkml.kernel.org/r/20220419170649.1022246-2-ira.weiny@intel.com
This commit is contained in:
parent
aa44284960
commit
f8c1d4ca55
|
@ -4,31 +4,29 @@
|
||||||
Memory Protection Keys
|
Memory Protection Keys
|
||||||
======================
|
======================
|
||||||
|
|
||||||
Memory Protection Keys for Userspace (PKU aka PKEYs) is a feature
|
Memory Protection Keys provide a mechanism for enforcing page-based
|
||||||
which is found on Intel's Skylake (and later) "Scalable Processor"
|
protections, but without requiring modification of the page tables when an
|
||||||
Server CPUs. It will be available in future non-server Intel parts
|
application changes protection domains.
|
||||||
and future AMD processors.
|
|
||||||
|
|
||||||
For anyone wishing to test or use this feature, it is available in
|
Pkeys Userspace (PKU) is a feature which can be found on:
|
||||||
Amazon's EC2 C5 instances and is known to work there using an Ubuntu
|
* Intel server CPUs, Skylake and later
|
||||||
17.04 image.
|
* Intel client CPUs, Tiger Lake (11th Gen Core) and later
|
||||||
|
* Future AMD CPUs
|
||||||
|
|
||||||
Memory Protection Keys provides a mechanism for enforcing page-based
|
Pkeys work by dedicating 4 previously Reserved bits in each page table entry to
|
||||||
protections, but without requiring modification of the page tables
|
a "protection key", giving 16 possible keys.
|
||||||
when an application changes protection domains. It works by
|
|
||||||
dedicating 4 previously ignored bits in each page table entry to a
|
|
||||||
"protection key", giving 16 possible keys.
|
|
||||||
|
|
||||||
There is also a new user-accessible register (PKRU) with two separate
|
Protections for each key are defined with a per-CPU user-accessible register
|
||||||
bits (Access Disable and Write Disable) for each key. Being a CPU
|
(PKRU). Each of these is a 32-bit register storing two bits (Access Disable
|
||||||
register, PKRU is inherently thread-local, potentially giving each
|
and Write Disable) for each of 16 keys.
|
||||||
|
|
||||||
|
Being a CPU register, PKRU is inherently thread-local, potentially giving each
|
||||||
thread a different set of protections from every other thread.
|
thread a different set of protections from every other thread.
|
||||||
|
|
||||||
There are two new instructions (RDPKRU/WRPKRU) for reading and writing
|
There are two instructions (RDPKRU/WRPKRU) for reading and writing to the
|
||||||
to the new register. The feature is only available in 64-bit mode,
|
register. The feature is only available in 64-bit mode, even though there is
|
||||||
even though there is theoretically space in the PAE PTEs. These
|
theoretically space in the PAE PTEs. These permissions are enforced on data
|
||||||
permissions are enforced on data access only and have no effect on
|
access only and have no effect on instruction fetches.
|
||||||
instruction fetches.
|
|
||||||
|
|
||||||
Syscalls
|
Syscalls
|
||||||
========
|
========
|
||||||
|
|
Loading…
Reference in New Issue