Kernel Storage-Protection Keys

Edit online

Kernel storage-protection keys provide a storage-protection mechanism for the kernel and kernel extensions.

Storage protection keys have the following elements:
  • Each virtual memory page is assigned a small integer protection key, which represents a required access authority to make the page readable or writable in the current context.
  • A register, the authority mask register, is used to encode the access authority of the current context.
The hardware can provide up to 32 protection keys. The authority mask register contains a pair of bits representing the write and read access authorities for each of the defined protection keys, making it possible for the kernel to control access to as many as 32 classes of memory, where each class consists of virtual memory pages sharing the same specific protection key.

In all cases, a running thread can modify its authority mask register, and hence its authority to access specific memory classes. In AIX® environment, the storage-protection mechanism can catch programming errors caused by inadvertent storage overlays. When you write a program using storage protection keys, the program can voluntarily subdivide its memory for protection purposes, decreasing the likelihood that an accidental reference to memory goes undetected. Such undetected errors can be difficult to debug; however, by coding to detect them as they occur, a program can improve its reliability, availability, and serviceability characteristics.

When you use storage protection keys in the kernel, the following programming errors can be detected and easily repaired:
  • Incorrect reference to application memory by the kernel
  • Incorrect reference to kernel private memory by key-safe kernel extensions
  • Incorrect reference to kernel extension private memory by the kernel
  • Incorrect reference to memory controlled by one kernel subsystem by another
Kernel extensions can be classified into the following categories from the storage protection aspect:
Key-unsafe kernel extensions
Key-unsafe kernel extensions are traditional extensions that were written without regard to storage key protection. When loaded in a key-safe environment, such extensions are automatically run with wide access authority to provide binary compatibility. With the ability to access essentially all kernel memory without restrictions, key-unsafe kernel extensions can continue to function, even though they might violate the protection domain of the kernel.

In some other cases key-unsafe kernel extensions can cause system crashes therefore it is highly recommended that kernel extensions should be made key-safe before running. See Making a Kernel Extension Key Safe.

Key-safe kernel extensions
Key-safe kernel extensions do not directly refer to either the internal data structures of the kernel or user space addresses. See Making a Kernel Extension Key Safe.
Key-protected kernel extensions
Key-protected kernel extensions can coexist with the key-protected kernel environment, and also become key-protected by identifying and protecting their own private data. To place kernel extension data in key-protected memory, see Designing the Key Protection in a Key-protected Kernel Extension.