Module wasmtime_runtime::mpk
source · Expand description
Memory Protection Keys (MPK) implementation for use in striped memory allocation.
MPK is an x86 feature available on relatively recent versions of Intel and
AMD CPUs. In Linux, this feature is named pku
(protection keys userspace)
and consists of three new system calls: pkey_alloc
, pkey_free
, and
pkey_mprotect
(see the Linux documentation). This crate provides an
abstraction, ProtectionKey
, that the pooling allocator applies to
contiguous memory allocations, allowing it to avoid guard pages in some
cases and more efficiently use memory. This technique was first presented in
a 2022 paper: Segue and ColorGuard: Optimizing SFI Performance and
Scalability on Modern x86.
On x86_64 Linux systems, this module implements the various parts necessary to use MPK in Wasmtime:
is_supported
indicates whether the feature is available at runtimeProtectionKey
provides access to the kernel-allocated protection keys (seekeys
)allow
sets the CPU state to prevent access to regions outside theProtectionMask
- the
sys
module bridges the gap to Linux’spkey_*
system calls - the
pkru
module controls the x86PKRU
register (and other CPU state)
On any other kind of machine, this module exposes noop implementations of the public interface.
Structs§
- An MPK protection key.
- A bit field indicating which protection keys should be allowed and disabled.
Enums§
- Describe the tri-state configuration of memory protection keys (MPK).
Functions§
- Only allow access to pages marked by the keys set in
mask
. - Retrieve the current protection mask.
- Check if the MPK feature is supported.
- Allocate up to
max
protection keys.