[coyotos-dev] i386 PTE question...
Jeroen C. Visser
jeroen.c.visser at gmail.com
Tue Jan 15 15:06:22 EST 2008
On Jan 15, 2008 10:06 AM, Jonathan S. Shapiro <shap at eros-os.com> wrote:
> Jeroen:
>
> I haven't had time to review the code, so the following is from memory,
> but I think that it will be reasonably close.
>
> In the long term, we want to be able to build a fast path that only
> considers the entries in the hardware tables. If you need to do a soft
> translate, you run the slow path.
>
> If you want to do this, the issue becomes: how do you handle translation
> for capability pages. These pages are "valid" in the sense that there is
> a valid translation, but they must never be valid for a user-mode *data*
> access. In principle they might be valid for a supervisor-mode access in
> the hardware page tables, but this would lead to a potential for
> security errors due to mishandling of string copies.
>
> For this reason, we use one of the software-defined bits as a backup
> valid bit that we can rely on in software but will not be honored by the
> TLB.
Ok. I think this matches what I read in the code. When a PTE is marked
hard invalid but not soft invalid it is a cap page.
> The WK bit being stored in a software-defined bit is an extension of the
> same issue. If we traverse the hardware table, we need to know whether
> the fetched capability must be weakened before returning it.
Then is it correct to state that the WK bit is applicable only to cap pages?
In other words, is the WK bit only examined when the PTE points to a cap
page and a cap is being read from/written to it?
-JCV
More information about the coyotos-dev
mailing list