From: Ram Pai <linuxram@us.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org
Cc: benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au,
khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com,
bsingharora@gmail.com, dave.hansen@intel.com, hbabu@us.ibm.com,
linuxram@us.ibm.com, arnd@arndb.de, akpm@linux-foundation.org,
corbet@lwn.net, mingo@redhat.com
Subject: [RFC v3 22/23] Documentation: PowerPC specific updates to memory protection keys
Date: Wed, 21 Jun 2017 18:39:38 -0700 [thread overview]
Message-ID: <1498095579-6790-23-git-send-email-linuxram@us.ibm.com> (raw)
In-Reply-To: <1498095579-6790-1-git-send-email-linuxram@us.ibm.com>
Add documentation updates that capture PowerPC specific changes.
Signed-off-by: Ram Pai <linuxram@us.ibm.com>
---
Documentation/vm/protection-keys.txt | 65 +++++++++++++++++++++++++-----------
1 file changed, 45 insertions(+), 20 deletions(-)
diff --git a/Documentation/vm/protection-keys.txt b/Documentation/vm/protection-keys.txt
index b643045..965ad75 100644
--- a/Documentation/vm/protection-keys.txt
+++ b/Documentation/vm/protection-keys.txt
@@ -1,21 +1,46 @@
-Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature
-which will be found on future Intel CPUs.
+Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature found in
+new generation of intel CPUs and on PowerPC 7 and higher CPUs.
Memory Protection Keys provides a mechanism for enforcing page-based
-protections, but without requiring modification of the page tables
-when an application changes protection domains. It works by
-dedicating 4 previously ignored bits in each page table entry to a
-"protection key", giving 16 possible keys.
-
-There is also a new user-accessible register (PKRU) with two separate
-bits (Access Disable and Write Disable) for each key. Being a CPU
-register, PKRU is inherently thread-local, potentially giving each
-thread a different set of protections from every other thread.
-
-There are two new instructions (RDPKRU/WRPKRU) for reading and writing
-to the new register. The feature is only available in 64-bit mode,
-even though there is theoretically space in the PAE PTEs. These
-permissions are enforced on data access only and have no effect on
+protections, but without requiring modification of the page tables when an
+application changes protection domains.
+
+
+On Intel:
+
+ It works by dedicating 4 previously ignored bits in each page table
+ entry to a "protection key", giving 16 possible keys.
+
+ There is also a new user-accessible register (PKRU) with two separate
+ bits (Access Disable and Write Disable) for each key. Being a CPU
+ register, PKRU is inherently thread-local, potentially giving each
+ thread a different set of protections from every other thread.
+
+ There are two new instructions (RDPKRU/WRPKRU) for reading and writing
+ to the new register. The feature is only available in 64-bit mode,
+ even though there is theoretically space in the PAE PTEs. These
+ permissions are enforced on data access only and have no effect on
+ instruction fetches.
+
+
+On PowerPC:
+
+ It works by dedicating 5 page table entry bits to a "protection key",
+ giving 32 possible keys.
+
+ There is a user-accessible register (AMR) with two separate bits;
+ Access Disable and Write Disable, for each key. Being a CPU
+ register, AMR is inherently thread-local, potentially giving each
+ thread a different set of protections from every other thread. NOTE:
+ Disabling read permission does not disable write and vice-versa.
+
+ The feature is available on 64-bit HPTE mode only.
+ 'mtspr 0xd, mem' reads the AMR register
+ 'mfspr mem, 0xd' writes into the AMR register.
+
+
+
+Permissions are enforced on data access only and have no effect on
instruction fetches.
=========================== Syscalls ===========================
@@ -28,9 +53,9 @@ There are 3 system calls which directly interact with pkeys:
unsigned long prot, int pkey);
Before a pkey can be used, it must first be allocated with
-pkey_alloc(). An application calls the WRPKRU instruction
+pkey_alloc(). An application calls the WRPKRU/AMR instruction
directly in order to change access permissions to memory covered
-with a key. In this example WRPKRU is wrapped by a C function
+with a key. In this example WRPKRU/AMR is wrapped by a C function
called pkey_set().
int real_prot = PROT_READ|PROT_WRITE;
@@ -52,11 +77,11 @@ is no longer in use:
munmap(ptr, PAGE_SIZE);
pkey_free(pkey);
-(Note: pkey_set() is a wrapper for the RDPKRU and WRPKRU instructions.
+(Note: pkey_set() is a wrapper for the RDPKRU,WRPKRU or AMR instructions.
An example implementation can be found in
tools/testing/selftests/x86/protection_keys.c)
-=========================== Behavior ===========================
+=========================== Behavior =================================
The kernel attempts to make protection keys consistent with the
behavior of a plain mprotect(). For instance if you do this:
--
1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Ram Pai <linuxram@us.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org
Cc: benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au,
khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com,
bsingharora@gmail.com, dave.hansen@intel.com, hbabu@us.ibm.com,
linuxram@us.ibm.com, arnd@arndb.de, akpm@linux-foundation.org,
corbet@lwn.net, mingo@redhat.com
Subject: [RFC v3 22/23] Documentation: PowerPC specific updates to memory protection keys
Date: Wed, 21 Jun 2017 18:39:38 -0700 [thread overview]
Message-ID: <1498095579-6790-23-git-send-email-linuxram@us.ibm.com> (raw)
In-Reply-To: <1498095579-6790-1-git-send-email-linuxram@us.ibm.com>
Add documentation updates that capture PowerPC specific changes.
Signed-off-by: Ram Pai <linuxram@us.ibm.com>
---
Documentation/vm/protection-keys.txt | 65 +++++++++++++++++++++++++-----------
1 file changed, 45 insertions(+), 20 deletions(-)
diff --git a/Documentation/vm/protection-keys.txt b/Documentation/vm/protection-keys.txt
index b643045..965ad75 100644
--- a/Documentation/vm/protection-keys.txt
+++ b/Documentation/vm/protection-keys.txt
@@ -1,21 +1,46 @@
-Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature
-which will be found on future Intel CPUs.
+Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature found in
+new generation of intel CPUs and on PowerPC 7 and higher CPUs.
Memory Protection Keys provides a mechanism for enforcing page-based
-protections, but without requiring modification of the page tables
-when an application changes protection domains. It works by
-dedicating 4 previously ignored bits in each page table entry to a
-"protection key", giving 16 possible keys.
-
-There is also a new user-accessible register (PKRU) with two separate
-bits (Access Disable and Write Disable) for each key. Being a CPU
-register, PKRU is inherently thread-local, potentially giving each
-thread a different set of protections from every other thread.
-
-There are two new instructions (RDPKRU/WRPKRU) for reading and writing
-to the new register. The feature is only available in 64-bit mode,
-even though there is theoretically space in the PAE PTEs. These
-permissions are enforced on data access only and have no effect on
+protections, but without requiring modification of the page tables when an
+application changes protection domains.
+
+
+On Intel:
+
+ It works by dedicating 4 previously ignored bits in each page table
+ entry to a "protection key", giving 16 possible keys.
+
+ There is also a new user-accessible register (PKRU) with two separate
+ bits (Access Disable and Write Disable) for each key. Being a CPU
+ register, PKRU is inherently thread-local, potentially giving each
+ thread a different set of protections from every other thread.
+
+ There are two new instructions (RDPKRU/WRPKRU) for reading and writing
+ to the new register. The feature is only available in 64-bit mode,
+ even though there is theoretically space in the PAE PTEs. These
+ permissions are enforced on data access only and have no effect on
+ instruction fetches.
+
+
+On PowerPC:
+
+ It works by dedicating 5 page table entry bits to a "protection key",
+ giving 32 possible keys.
+
+ There is a user-accessible register (AMR) with two separate bits;
+ Access Disable and Write Disable, for each key. Being a CPU
+ register, AMR is inherently thread-local, potentially giving each
+ thread a different set of protections from every other thread. NOTE:
+ Disabling read permission does not disable write and vice-versa.
+
+ The feature is available on 64-bit HPTE mode only.
+ 'mtspr 0xd, mem' reads the AMR register
+ 'mfspr mem, 0xd' writes into the AMR register.
+
+
+
+Permissions are enforced on data access only and have no effect on
instruction fetches.
=========================== Syscalls ===========================
@@ -28,9 +53,9 @@ There are 3 system calls which directly interact with pkeys:
unsigned long prot, int pkey);
Before a pkey can be used, it must first be allocated with
-pkey_alloc(). An application calls the WRPKRU instruction
+pkey_alloc(). An application calls the WRPKRU/AMR instruction
directly in order to change access permissions to memory covered
-with a key. In this example WRPKRU is wrapped by a C function
+with a key. In this example WRPKRU/AMR is wrapped by a C function
called pkey_set().
int real_prot = PROT_READ|PROT_WRITE;
@@ -52,11 +77,11 @@ is no longer in use:
munmap(ptr, PAGE_SIZE);
pkey_free(pkey);
-(Note: pkey_set() is a wrapper for the RDPKRU and WRPKRU instructions.
+(Note: pkey_set() is a wrapper for the RDPKRU,WRPKRU or AMR instructions.
An example implementation can be found in
tools/testing/selftests/x86/protection_keys.c)
-=========================== Behavior ===========================
+=========================== Behavior =================================
The kernel attempts to make protection keys consistent with the
behavior of a plain mprotect(). For instance if you do this:
--
1.8.3.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-06-22 1:39 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-22 1:39 [RFC v3 00/23] powerpc: Memory Protection Keys Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 01/23] powerpc: Free up four 64K PTE bits in 4K backed HPTE pages Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 9:21 ` Balbir Singh
2017-06-22 9:21 ` Balbir Singh
2017-06-22 18:50 ` Ram Pai
2017-06-22 18:50 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 02/23] powerpc: introduce set_hidx_slot helper Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-25 23:03 ` Balbir Singh
2017-06-25 23:03 ` Balbir Singh
2017-06-26 4:02 ` Benjamin Herrenschmidt
2017-06-26 4:02 ` Benjamin Herrenschmidt
2017-06-27 0:17 ` Ram Pai
2017-06-27 0:17 ` Ram Pai
2017-06-27 0:16 ` Ram Pai
2017-06-27 0:16 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 03/23] powerpc: introduce get_hidx_gslot helper Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 04/23] powerpc: Free up four 64K PTE bits in 64K backed HPTE pages Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 05/23] powerpc: capture the PTE format changes in the dump pte report Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 06/23] powerpc: use helper functions in __hash_page_4K() for 64K PTE Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 07/23] powerpc: use helper functions in __hash_page_4K() for 4K PTE Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 08/23] powerpc: use helper functions in flush_hash_page() Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 09/23] mm: introduce an additional vma bit for powerpc pkey Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 10/23] mm: provide the ability to disable execute on a key at creation Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 11/23] x86: key creation with PKEY_DISABLE_EXECUTE is disallowed Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 12/23] powerpc: Implement sys_pkey_alloc and sys_pkey_free system call Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 13/23] powerpc: store and restore the pkey state across context switches Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 14/23] powerpc: Implementation for sys_mprotect_pkey() system call Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 15/23] powerpc: Program HPTE key protection bits Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 16/23] powerpc: Macro the mask used for checking DSI exception Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 17/23] powerpc: Handle exceptions caused by violation of pkey protection Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 18/23] powerpc: Deliver SEGV signal on pkey violation Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 19/23] selftest: Move protecton key selftest to arch neutral directory Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 20/23] selftest: PowerPC specific test updates to memory protection keys Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` [RFC v3 21/23] Documentation: Move protecton key documentation to arch neutral directory Ram Pai
2017-06-22 1:39 ` Ram Pai
2017-06-22 1:39 ` Ram Pai [this message]
2017-06-22 1:39 ` [RFC v3 22/23] Documentation: PowerPC specific updates to memory protection keys Ram Pai
2017-06-22 1:39 ` [RFC v3 23/23] procfs: display the protection-key number associated with a vma Ram Pai
2017-06-22 1:39 ` Ram Pai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1498095579-6790-23-git-send-email-linuxram@us.ibm.com \
--to=linuxram@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=bsingharora@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=hbabu@us.ibm.com \
--cc=khandual@linux.vnet.ibm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.