| Memory Protection Keys for Userspace (PKU aka PKEYs) is a CPU feature |
| which will be found on future Intel CPUs. |
| |
| Memory Protection Keys provides a mechanism for enforcing page-based |
| protections, but without requiring modification of the page tables |
| when an application changes protection domains. It works by |
| dedicating 4 previously ignored bits in each page table entry to a |
| "protection key", giving 16 possible keys. |
| |
| There is also a new user-accessible register (PKRU) with two separate |
| bits (Access Disable and Write Disable) for each key. Being a CPU |
| register, PKRU is inherently thread-local, potentially giving each |
| thread a different set of protections from every other thread. |
| |
| There are two new instructions (RDPKRU/WRPKRU) for reading and writing |
| to the new register. The feature is only available in 64-bit mode, |
| even though there is theoretically space in the PAE PTEs. These |
| permissions are enforced on data access only and have no effect on |
| instruction fetches. |
| |
| =========================== Config Option =========================== |
| |
| This config option adds approximately 1.5kb of text. and 50 bytes of |
| data to the executable. A workload which does large O_DIRECT reads |
| of holes in XFS files was run to exercise get_user_pages_fast(). No |
| performance delta was observed with the config option |
| enabled or disabled. |