|
|
Subscribe / Log in / New account

Memory protection keys

Memory protection keys

Posted May 14, 2015 9:13 UTC (Thu) by cotte (subscriber, #7812)
Parent article: Memory protection keys

This is hardly new technology, as key protection is a feature of the mainframe architecture from S/360 in 1964: http://en.wikipedia.org/wiki/IBM_System/360#Architectural...

to post comments

Memory protection keys

Posted May 14, 2015 10:14 UTC (Thu) by meyert (subscriber, #32097) [Link] (1 responses)

Yes, this was also my first idea! This sounds very similar to s390 storage key protection :-)

Memory protection keys

Posted May 14, 2015 10:23 UTC (Thu) by meyert (subscriber, #32097) [Link]

Of course, somebody from IBM did also point it out in the belonging thread: https://lkml.org/lkml/2015/5/7/849

Memory protection keys

Posted May 14, 2015 18:14 UTC (Thu) by hansendc (subscriber, #7363) [Link] (2 responses)

Yes, the concept is not a new one in hardware. At least x86, s390, powerpc and ia64 have some form of protection keys. x86 was the outlier for *not* having it.

However, there is currently no general support for these features on any of these architectures in Linux. These patches are the first proposal I know of to use this hardware in Linux in any substantive way.

Memory protection keys

Posted May 19, 2015 17:32 UTC (Tue) by mathstuf (subscriber, #69389) [Link] (1 responses)

> At least x86, s390, powerpc and ia64 have some form of protection keys. x86 was the outlier for *not* having it.

Typo? Which side is x86 supposed to be on and what did you intend?

Memory protection keys

Posted Nov 12, 2016 17:13 UTC (Sat) by eSyr (guest, #112051) [Link]

arm, maybe?

Memory protection keys

Posted Jun 8, 2015 9:00 UTC (Mon) by marcan (guest, #103032) [Link] (1 responses)

ARM has had this in their MMU for ages, certainly at least since ARM9/ARMv5 (it's called Domain Access Control). The implementation is almost identical: 4 bits in the page table entry select a domain, and a 32-bit Domain Access Control Register has two bits for each of 16 domains to control access.

Except instead of "write disable" and "read disable" bits, there is an extra level of indirection, where the bits choose "no access", "client access", or "manager access". "manager" is R/W, and "client access" can be configured per memory section (1MB virtual address space block) as various combinations of no access, read-only, and read-write for user and supervisor access levels.

Memory protection keys

Posted Jun 8, 2015 11:34 UTC (Mon) by spender (guest, #23067) [Link]

Some important differences though: DACR cannot be modified by userland without entering the kernel, while protection keys can. AFAIK it's also not possible to implement execute-only pages using domains as no access means no access, whereas protection keys apply to data access only, not instruction fetches. Domains affect the kernel as well while this only affects userland (currently). Domains permit granting permissions greater than that specified by the page tables, while protection keys can only give out a subset of existing permissions (due to the userland-only design).

-Brad


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds