Memory Protection Keys Support Finished Up In Linux 4.9
This morning the protection keys syscall interface was submitted for the Linux 4.9 merge window, the last step of adding Protection Keys support to the Linux kernel.
The added interface allows user-space to allocate keys and protect memory areas with said keys. This Memory Protection Keys (MPK) support has been a long-time coming and is supported by future Intel CPUs. Details on this Intel memory protection feature are described in this earlier article. There's also been related protection key changes to the GCC and LLVM/Clang compilers.
Simply put, the protection keys is about enforcing page-based memory protections. There are new RDPKRU and WRPKRU instructions coming to future Intel CPUs for reading/writing to the new thread-local PKRU register for access disable and write disable bits for each key.
The new system calls with Linux 4.9 are pkey_alloc(), pkey_free(), and pkey_mprotect(). Here's a very basic example from the documentation about making use of the memory protection keys in a basic C program:
The code for Linux 4.9 is queued via this pull request.
The added interface allows user-space to allocate keys and protect memory areas with said keys. This Memory Protection Keys (MPK) support has been a long-time coming and is supported by future Intel CPUs. Details on this Intel memory protection feature are described in this earlier article. There's also been related protection key changes to the GCC and LLVM/Clang compilers.
Simply put, the protection keys is about enforcing page-based memory protections. There are new RDPKRU and WRPKRU instructions coming to future Intel CPUs for reading/writing to the new thread-local PKRU register for access disable and write disable bits for each key.
The new system calls with Linux 4.9 are pkey_alloc(), pkey_free(), and pkey_mprotect(). Here's a very basic example from the documentation about making use of the memory protection keys in a basic C program:
Before a pkey can be used, it must first be allocated with pkey_alloc(). An application calls the WRPKRU instruction directly in order to change access permissions to memory covered with a key. In this example WRPKRU is wrapped by a C function called pkey_set().This isn't about Intel MPX (Memory Protection Extensions) but relies upon the RDPKRU/WRPKRU instruction set extensions. I don't believe I've seen any confirmation anywhere about which generation of Intel CPUs will premiere this support.
int real_prot = PROT_READ|PROT_WRITE;
pkey = pkey_alloc(0, PKEY_DENY_WRITE);
ptr = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
ret = pkey_mprotect(ptr, PAGE_SIZE, real_prot, pkey);
... application runs here
Now, if the application needs to update the data at 'ptr', it can gain access, do the update, then remove its write access:
pkey_set(pkey, 0); // clear PKEY_DENY_WRITE
*ptr = foo; // assign something
pkey_set(pkey, PKEY_DENY_WRITE); // set PKEY_DENY_WRITE again
Now when it frees the memory, it will also free the pkey since it is no longer in use:
The code for Linux 4.9 is queued via this pull request.
1 Comment