blob: 65bb55c80613a0bd1540c03748fee1515797344e [file] [log] [blame]
Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU
feature which will be found in future Intel CPUs. The work here
was done with the aid of simulators.
Memory Protection Keys provides a mechanism for enforcing
page-based protections, but without requiring modification of the
page tables when an application changes protection domains. It
works by dedicating 4 previously ignored bits in each page table
entry to a “protection key”, giving 16 possible keys.
There is also a new user-accessible register (PKRU) with two
separate bits (Access Disable and Write Disable) for each key.
Being a CPU register, PKRU is inherently thread-local,
potentially giving each thread a different set of protections
from every other thread.
There are two new instructions (RDPKRU/WRPKRU) for reading and
writing to the new register. The feature is only available in
64-bit mode, even though there is theoretically space in the PAE
PTEs. These permissions are enforced on data access only and
have no effect on instruction fetches.