From: Dave Hansen <dave@sr71.net>
To: Ingo Molnar <mingo@kernel.org>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Andy Lutomirski <luto@kernel.org>, Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH 26/26] x86, pkeys: Documentation
Date: Sun, 20 Sep 2015 21:34:02 -0700 [thread overview]
Message-ID: <55FF88BA.6080006@sr71.net> (raw)
In-Reply-To: <20150920085554.GA21906@gmail.com>
On 09/20/2015 01:55 AM, Ingo Molnar wrote:
> * Dave Hansen <dave@sr71.net> wrote:
>> +Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature
>> +which will be found on future Intel CPUs.
>> +
>> +Memory Protection Keys provides a mechanism for enforcing page-based
>> +protections, but without requiring modification of the page tables
>> +when an application changes protection domains. It works by
>> +dedicating 4 previously ignored bits in each page table entry to a
>> +"protection key", giving 16 possible keys.
>
> Wondering how user-space is supposed to discover the number of protection keys,
> is that CPUID leaf based, or hardcoded on the CPU feature bit?
The 16 keys are essentially hard-coded from the cpuid bit.
>> +There is also a new user-accessible register (PKRU) with two separate
>> +bits (Access Disable and Write Disable) for each key. Being a CPU
>> +register, PKRU is inherently thread-local, potentially giving each
>> +thread a different set of protections from every other thread.
>> +
>> +There are two new instructions (RDPKRU/WRPKRU) for reading and writing
>> +to the new register. The feature is only available in 64-bit mode,
>> +even though there is theoretically space in the PAE PTEs. These
>> +permissions are enforced on data access only and have no effect on
>> +instruction fetches.
>
> Another question, related to enumeration as well: I'm wondering whether there's
> any way for the kernel to allocate a bit or two for its own purposes - such as
> protecting crypto keys? Or is the facility fundamentally intended for user-space
> use only?
No, that's not possible with the current setup.
Userspace has complete control over the contents of the PKRU register
with unprivileged instructions. So the kernel can not practically
protect any of its own data with this.
> Similarly, the pmem (persistent memory) driver could employ protection keys to
> keep terabytes of data 'masked out' most of the time - protecting data from kernel
> space memory corruption bugs.
I wish we could do this, but we can not with the current implementation.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-09-21 4:34 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-16 17:49 [PATCH 00/26] [RFCv2] x86: Memory Protection Keys Dave Hansen
2015-09-16 17:49 ` [PATCH 04/26] x86, pku: define new CR4 bit Dave Hansen
2015-09-16 17:49 ` [PATCH 03/26] x86, pkeys: cpuid bit definition Dave Hansen
2015-09-16 17:49 ` [PATCH 01/26] x86, fpu: add placeholder for Processor Trace XSAVE state Dave Hansen
2015-09-16 17:49 ` [PATCH 02/26] x86, pkeys: Add Kconfig option Dave Hansen
2015-09-16 17:49 ` [PATCH 06/26] x86, pkeys: PTE bits for storing protection key Dave Hansen
2015-09-16 17:49 ` [PATCH 05/26] x86, pkey: add PKRU xsave fields and data structure(s) Dave Hansen
2015-09-22 19:53 ` Thomas Gleixner
2015-09-22 19:58 ` Dave Hansen
2015-09-16 17:49 ` [PATCH 07/26] x86, pkeys: new page fault error code bit: PF_PK Dave Hansen
2015-09-16 17:49 ` [PATCH 11/26] x86, pkeys: add functions for set/fetch PKRU Dave Hansen
2015-09-22 20:05 ` Thomas Gleixner
2015-09-22 20:22 ` Dave Hansen
2015-09-16 17:49 ` [PATCH 10/26] x86, pkeys: notify userspace about protection key faults Dave Hansen
2015-09-22 20:03 ` Thomas Gleixner
2015-09-22 20:21 ` Dave Hansen
2015-09-22 20:27 ` Thomas Gleixner
2015-09-22 20:29 ` Dave Hansen
2015-09-23 8:05 ` Ingo Molnar
2015-09-24 9:23 ` Ingo Molnar
2015-09-24 9:30 ` Ingo Molnar
2015-09-24 17:41 ` Dave Hansen
2015-09-25 7:11 ` Ingo Molnar
2015-09-25 23:18 ` Dave Hansen
2015-09-26 6:20 ` Ingo Molnar
2015-09-27 22:39 ` Dave Hansen
2015-09-28 5:59 ` Ingo Molnar
2015-09-24 17:15 ` Dave Hansen
2015-09-28 19:25 ` Christian Borntraeger
2015-09-28 19:32 ` Dave Hansen
2015-09-16 17:49 ` [PATCH 08/26] x86, pkeys: store protection in high VMA flags Dave Hansen
2015-09-16 17:49 ` [PATCH 09/26] x86, pkeys: arch-specific protection bits Dave Hansen
2015-09-16 17:49 ` [PATCH 12/26] mm: factor out VMA fault permission checking Dave Hansen
2015-09-16 17:49 ` [PATCH 13/26] mm: simplify get_user_pages() PTE bit handling Dave Hansen
2015-09-16 17:49 ` [PATCH 14/26] x86, pkeys: check VMAs and PTEs for protection keys Dave Hansen
2015-09-16 17:49 ` [PATCH 17/26] x86, pkeys: dump PTE pkey in /proc/pid/smaps Dave Hansen
2015-09-16 17:49 ` [PATCH 16/26] x86, pkeys: dump PKRU with other kernel registers Dave Hansen
2015-09-16 17:49 ` [PATCH 15/26] x86, pkeys: optimize fault handling in access_error() Dave Hansen
2015-09-16 17:49 ` [PATCH 19/26] [NEWSYSCALL] mm, multi-arch: pass a protection key in to calc_vm_flag_bits() Dave Hansen
2015-09-16 17:49 ` [PATCH 20/26] [NEWSYSCALL] mm: implement new mprotect_pkey() system call Dave Hansen
2015-09-16 17:49 ` [PATCH 18/26] x86, pkeys: add Kconfig prompt to existing config option Dave Hansen
2015-09-16 17:49 ` [PATCH 22/26] [HIJACKPROT] mm: Pass the 4-bit protection key in via PROT_ bits to syscalls Dave Hansen
2015-09-16 17:49 ` [PATCH 21/26] [NEWSYSCALL] x86: wire up mprotect_key() system call Dave Hansen
2015-09-16 17:49 ` [PATCH 24/26] [HIJACKPROT] x86, pkeys: mask off pkeys bits in mprotect() Dave Hansen
2015-09-16 17:49 ` [PATCH 25/26] x86, pkeys: actually enable Memory Protection Keys in CPU Dave Hansen
2015-09-16 17:49 ` [PATCH 23/26] [HIJACKPROT] x86, pkeys: add x86 version of arch_validate_prot() Dave Hansen
2015-09-16 17:49 ` [PATCH 26/26] x86, pkeys: Documentation Dave Hansen
2015-09-20 8:55 ` Ingo Molnar
2015-09-21 4:34 ` Dave Hansen [this message]
2015-09-24 9:49 ` Ingo Molnar
2015-09-24 19:10 ` Dave Hansen
2015-09-24 19:17 ` Andy Lutomirski
2015-09-25 7:16 ` Ingo Molnar
2015-09-25 6:15 ` Ingo Molnar
2015-10-01 11:17 ` Ingo Molnar
2015-10-01 20:39 ` Kees Cook
2015-10-01 20:45 ` Andy Lutomirski
2015-10-02 6:23 ` Ingo Molnar
2015-10-02 17:50 ` Dave Hansen
2015-10-03 7:27 ` Ingo Molnar
2015-10-06 23:28 ` Dave Hansen
2015-10-07 7:11 ` Ingo Molnar
2015-10-16 15:12 ` Dave Hansen
2015-10-21 18:55 ` Andy Lutomirski
2015-10-21 19:11 ` Dave Hansen
2015-10-21 23:22 ` Andy Lutomirski
2015-10-01 20:58 ` Dave Hansen
2015-10-01 22:33 ` Dave Hansen
2015-10-01 22:35 ` Kees Cook
2015-10-01 22:39 ` Dave Hansen
2015-10-01 22:48 ` Linus Torvalds
2015-10-01 22:56 ` Dave Hansen
2015-10-02 1:38 ` Linus Torvalds
2015-10-02 18:08 ` Dave Hansen
2015-10-02 7:09 ` Ingo Molnar
2015-10-03 6:59 ` Ingo Molnar
2015-10-02 11:49 ` Paolo Bonzini
2015-10-02 11:58 ` Linus Torvalds
2015-10-02 12:14 ` Paolo Bonzini
2015-10-03 6:46 ` Ingo Molnar
2015-10-01 22:57 ` Andy Lutomirski
2015-10-02 6:09 ` Ingo Molnar
2015-10-03 8:17 ` Ingo Molnar
2015-10-07 20:24 ` Dave Hansen
2015-10-07 20:39 ` Andy Lutomirski
2015-10-07 20:47 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55FF88BA.6080006@sr71.net \
--to=dave@sr71.net \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox