There are a few items that have gotten stale in the protection
keys documentation. The config option description only applied
to the execute-only support and is not accurate for the current
code. There was also a typo with the number of system calls. I
also wanted to call out that pkey_set() is not a kernel-provided
facility, and where to find an implementation.
Signed-off-by: Dave Hansen <dave.hansen@intel.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: linux-doc@vger.kernel.org
Cc: corbet@lwn.net
Link: http://lkml.kernel.org/r/20161004163857.71E0D6F6@viggo.jf.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
=========================== Syscalls ===========================
=========================== Syscalls ===========================
-There are 2 system calls which directly interact with pkeys:
+There are 3 system calls which directly interact with pkeys:
int pkey_alloc(unsigned long flags, unsigned long init_access_rights)
int pkey_free(int pkey);
int pkey_alloc(unsigned long flags, unsigned long init_access_rights)
int pkey_free(int pkey);
munmap(ptr, PAGE_SIZE);
pkey_free(pkey);
munmap(ptr, PAGE_SIZE);
pkey_free(pkey);
+(Note: pkey_set() is a wrapper for the RDPKRU and WRPKRU instructions.
+ An example implementation can be found in
+ tools/testing/selftests/x86/protection_keys.c)
+
=========================== Behavior ===========================
The kernel attempts to make protection keys consistent with the
=========================== Behavior ===========================
The kernel attempts to make protection keys consistent with the
The kernel will send a SIGSEGV in both cases, but si_code will be set
to SEGV_PKERR when violating protection keys versus SEGV_ACCERR when
the plain mprotect() permissions are violated.
The kernel will send a SIGSEGV in both cases, but si_code will be set
to SEGV_PKERR when violating protection keys versus SEGV_ACCERR when
the plain mprotect() permissions are violated.
-
-=========================== Config Option ===========================
-
-This config option adds approximately 1.5kb of text. and 50 bytes of
-data to the executable. A workload which does large O_DIRECT reads
-of holes in XFS files was run to exercise get_user_pages_fast(). No
-performance delta was observed with the config option
-enabled or disabled.