[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V9 0/5] x86/hvm: pkeys, add memory protection-key support



> From: Tian, Kevin
> Sent: Thursday, February 04, 2016 1:35 PM
> 
> > From: Han, Huaitong
> > Sent: Thursday, February 04, 2016 1:25 PM
> >
> > On Thu, 2016-02-04 at 13:20 +0800, Huaitong Han wrote:
> > > On Thu, 2016-02-04 at 04:56 +0000, Tian, Kevin wrote:
> > > > > From: Huaitong Han
> > > > > Sent: Wednesday, February 03, 2016 10:12 PM
> > > > >
> > > > > The PKRU register (protection key rights for user pages) is a 32
> > > > > -bit register
> > > > > with the following format: for each i (0 â i â 15), PKRU[2i] is
> > > > > the
> > > > > access-disable bit for protection key i (ADi); PKRU[2i+1] is the
> > > > > write-disable
> > > > > bit for protection key i (WDi).
> > > > >
> > > >
> > > > Curious about protection key usage here. There are 16 PKRU indexes,
> > > > but
> > > > each is associated only with 2 bits which means 4 possible
> > > > combinations. Does
> > > > it mean in reality OS will only use 4 indexes now (might extend to
> > > > 16
> > > > if
> > > > permission bits are extended to say 4bits in the future)?
> > > No, 4 indexs cannot finish thread-private permission job: the index
> > > value is from page table entry, cannot be changed with different
> > > threads.
> > > The Memory access process with PKEYS feature: the thread get pkey
> > > value
> > > from page table entry, pkey value is the index to PKRU(thread-self)
> > > domain, and get ADi/WDi via RDPKRU.
> > A thread may have many memeroy zones that has different permissions
> > too.
> 
> sorry still have a disconnect here. For current 2 bits, all combinations
> can be enumerated with 4 indexes:
> 
> [0]: AD, WD
> [1]: AD
> [2]: WD
> [3]: zero with full permission
> 
> Then regardless of how many threads we may have, given a
> permission set for a thread, you can always find in 0-3 indexes
> to put there...
> 
> Or do you mean that each thread has to use different index as
> an architectural limitation?
> 

Please forgot this comment. Just talked with Huaitong offline. Now
I understand that each pkey index represents a domain while 
thread-specific PKRU register allows to assign different permission
for each thread when accessing pages within the same domain.

Thanks
Kevin
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.