Editing Memory protection (section)

=== Protection keys ===
A memory protection key (MPK)<ref>[https://lwn.net/Articles/643797/ Memory protection keys], Jonathan Corbet, May 13, 2015, [[LWN.net]]</ref> mechanism divides physical memory into blocks of a particular size (e.g., 4&nbsp;KiB), each of which has an associated numerical value called a protection key.  Each process also has a protection key value associated with it.  On a memory access the hardware checks that the current process's protection key matches the value associated with the memory block being accessed; if not, an exception occurs.  This mechanism was introduced in the [[System/360]] architecture. It is available on today's [[System z]] mainframes and heavily used by [[System z]] operating systems and their subsystems.

The System/360 protection keys described above are associated with physical addresses.  This is different from the protection key mechanism used by architectures such as the [[Hewlett-Packard]]/[[Intel]] [[IA-64]] and Hewlett-Packard [[PA-RISC]], which are associated with virtual addresses, and which allow multiple keys per process.

In the Itanium and PA-RISC architectures, translations ([[translation lookaside buffer|TLB]] entries) have ''keys'' (Itanium) or ''access ids'' (PA-RISC) associated with them.  A running process has several protection key registers (16 for Itanium,<ref>{{cite web |url=https://download.intel.com/design/Itanium/manuals/24531805.pdf |title=Keys in Itanium |archive-url=https://web.archive.org/web/20071128062412/https://download.intel.com/design/Itanium/manuals/24531805.pdf |archive-date=2007-11-28}}</ref> 4 for PA-RISC<ref>{{Cite web|url=https://h21007.www2.hp.com/portal/download/files/unprot/parisc/pa1-1/acd.pdf|archive-url=https://web.archive.org/web/20150905151741/https://h21007.www2.hp.com/portal/download/files/unprot/parisc/pa1-1/acd.pdf|url-status=dead|archive-date=2015-09-05|title=Memory protection in HP PA-RISC <!-- PA-RISC 1.1 Architecture and Instruction Set Reference Manual -->|date=February 1994 <!--2015-09-05 -->|access-date=2018-10-29}}</ref>). A translation selected by the virtual address has its key compared to each of the protection key registers.  If any of them match (plus other possible checks), the access is permitted.  If none match, a fault or exception is generated.  The software fault handler can, if desired, check the missing key against a larger list of keys maintained by software; thus, the protection key registers inside the processor may be treated as a software-managed cache of a larger list of keys associated with a process.

PA-RISC has 15–18 bits of key; Itanium mandates at least 18.  Keys are usually associated with ''protection domains'', such as libraries, modules, etc.

In the x86, the protection keys<ref>{{Cite web|url=http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf|archive-url=https://web.archive.org/web/20120601074839/http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf|url-status=dead|archive-date=2012-06-01|title=Intel Software Developer Manual |date=March 2012 <!--2012-06-01 --> |access-date=2018-10-29}}</ref> architecture allows tagging virtual addresses for user pages with any of 16 protection keys. All the pages tagged with the same protection key constitute a protection domain.  A new register contains the permissions associated with each of the protection domain. Load and store operations are checked against both the page table permissions and the protection key permissions associated with the protection domain of the virtual address, and only allowed if both permissions allow the access. The protection key permissions can be set from user space, allowing applications to directly restrict access to the application data without OS intervention. Since the protection keys are associated with a virtual address, the protection domains are per address space, so processes running in different address spaces can each use all 16 domains.