本文将介绍PKS(Protection Keys for Supervisor Pages).

1. Prerequisite

Introduction to PKU

2. SPEC

3. Description

参见Protection Keys, Supervisor (PKS)中的PKS Hardware Overview一节。

Protection Keys for Supervisor Pages(PKS) is a feature that extends the Protection Keys architecture to support thread-specific permission restrictions on supervisor pages.

PKS works similar to an existing feature named PKU(protecting user pages). They both perform an additional check after normal paging permission checks are done. Access or Writes can be disabled via a MSR update without TLB flushes when permissions changes. If violating this addional check, #PF occurs and PFEC.PK bit will be set.

PKS introduces MSR IA32_PKRS to manage supervisor protection key rights. The MSR contains 16 pairs of ADi and WDi bits. Each pair advertises on a group of pages with the same key which is set in the leaf paging-structure entries(bits[62:59]). Currently, IA32_PKRS is not supported by XSAVES architecture.

参考资料:

  1. Protection Keys, Supervisor (PKS)
  2. PKS write protected page tables
  3. PKS/PMEM: Add Stray Write Protection
  4. KVM: PKS Virtualization support