The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
Posted Feb 9, 2018 5:31 UTC (Fri) by immibis (subscriber, #105511)In reply to: The effect of Meltdown and Spectre in our communities by nix
Parent article: The effect of Meltdown and Spectre in our communities
Not those kinds of keys.
MPKs are tag bits associated with each page-table entry, which indirectly look up permissions in another processor register. See https://lwn.net/Articles/667156/
MPKs are tag bits associated with each page-table entry, which indirectly look up permissions in another processor register. See https://lwn.net/Articles/667156/
So you leave all user-space pages set to 0, for example, and set kernel pages to 1 (except for one containing the kernel entry point). Then you set the "MPK 1 permissions" register to write-disable, read-disable, execute-disable. Then when entering the kernel you clear those flags, and set them again when leaving. The "MPK 1 permissions" register is global, it's not part of the page-table entry.
Normally you wouldn't do this because the "set permissions register" instruction is not privileged, meaning any code can run it. But if you were trying to run a high-performance minimal-security still-somewhat-robust system, you might!