Memory protection keys

Posted Jun 8, 2015 9:00 UTC (Mon) by marcan (guest, #103032)
In reply to: Memory protection keys by cotte
Parent article: Memory protection keys

ARM has had this in their MMU for ages, certainly at least since ARM9/ARMv5 (it's called Domain Access Control). The implementation is almost identical: 4 bits in the page table entry select a domain, and a 32-bit Domain Access Control Register has two bits for each of 16 domains to control access.

Except instead of "write disable" and "read disable" bits, there is an extra level of indirection, where the bits choose "no access", "client access", or "manager access". "manager" is R/W, and "client access" can be configured per memory section (1MB virtual address space block) as various combinations of no access, read-only, and read-write for user and supervisor access levels.

Memory protection keys

Posted Jun 8, 2015 11:34 UTC (Mon) by spender (guest, #23067) [Link]

Some important differences though: DACR cannot be modified by userland without entering the kernel, while protection keys can. AFAIK it's also not possible to implement execute-only pages using domains as no access means no access, whereas protection keys apply to data access only, not instruction fetches. Domains affect the kernel as well while this only affects userland (currently). Domains permit granting permissions greater than that specified by the page tables, while protection keys can only give out a subset of existing permissions (due to the userland-only design).

-Brad