[coyotos-dev] i386 PTE question...
Jonathan S. Shapiro
shap at eros-os.com
Tue Jan 15 10:06:39 EST 2008
Jeroen:
I haven't had time to review the code, so the following is from memory,
but I think that it will be reasonably close.
In the long term, we want to be able to build a fast path that only
considers the entries in the hardware tables. If you need to do a soft
translate, you run the slow path.
If you want to do this, the issue becomes: how do you handle translation
for capability pages. These pages are "valid" in the sense that there is
a valid translation, but they must never be valid for a user-mode *data*
access. In principle they might be valid for a supervisor-mode access in
the hardware page tables, but this would lead to a potential for
security errors due to mishandling of string copies.
For this reason, we use one of the software-defined bits as a backup
valid bit that we can rely on in software but will not be honored by the
TLB.
The WK bit being stored in a software-defined bit is an extension of the
same issue. If we traverse the hardware table, we need to know whether
the fetched capability must be weakened before returning it.
shap
On Mon, 2008-01-14 at 13:25 -0500, Jeroen C. Visser wrote:
> On Jan 14, 2008 1:18 PM, Jeroen C. Visser <jeroen.c.visser at gmail.com> wrote:
> > Perhaps the WK bit is mainly a debugging aid?
>
> And perhaps the soft valid bit is just there to differentiate between
> a real PTE and the canary?
>
> -JCV
> _______________________________________________
> coyotos-dev mailing list
> coyotos-dev at smtp.coyotos.org
> http://www.coyotos.org/mailman/listinfo/coyotos-dev
More information about the coyotos-dev
mailing list