This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

translation table APTable permission problem

Hello,

I am trying to make pmd level of the translation table as read only so that any writes in the pte entries should cause a permission fault.

Current steps which i am doing are:

1) inside kernel space, allocating 2 pointers (say p, q) and allocating memory using vmalloc (4k size to occupy entire page)

2) assigning int data to both (say p=10, q= 20)

3) setting APTable bit for readonly for both the pointers (By reading manual, bit 61 and 62 denotes APTable)

4) swapping pte value for both the pointer in translation table

5) printing value for both the pointer

At step 4, access permission fault is not occurring.

I tried flushing the TLB, still at point 4 fault does not occur, but fault is occurring at random places (sometimes after point 5 or in between any points)

Can anyone tell me possible reasons why this is happening or some solution to fix it?

thanks

Parents
  • 3) setting APTable bit for readonly for both the pointers (By reading manual, bit 61 and 62 denotes APTable)

    You may want to set the page table read-only. Not the PTE.

    As I understand, you want to capture manipulation of the page table, right?

    This is the important part (from descriped paper):

    "Memory translation tables, a.k.a. page tables, define the
    virtual to physical address mapping and the access permis-
    sions of virtual memory. TZ-RKP ensures that translation
    tables cannot be modified by the normal world. Moreover,
    it modifies the kernel so that requests to update the trans-
    lation tables are routed through the secure world."

    So you need also modify the relevant parts in the kernel.

    But actually, I do not understand the benefit of it all. Esp. if your code runs with the same privilege as the kernel. If you run a user-mode Linux, your approach may work. But again, you need to protect the page-table memory. Not the PTE.

Reply
  • 3) setting APTable bit for readonly for both the pointers (By reading manual, bit 61 and 62 denotes APTable)

    You may want to set the page table read-only. Not the PTE.

    As I understand, you want to capture manipulation of the page table, right?

    This is the important part (from descriped paper):

    "Memory translation tables, a.k.a. page tables, define the
    virtual to physical address mapping and the access permis-
    sions of virtual memory. TZ-RKP ensures that translation
    tables cannot be modified by the normal world. Moreover,
    it modifies the kernel so that requests to update the trans-
    lation tables are routed through the secure world."

    So you need also modify the relevant parts in the kernel.

    But actually, I do not understand the benefit of it all. Esp. if your code runs with the same privilege as the kernel. If you run a user-mode Linux, your approach may work. But again, you need to protect the page-table memory. Not the PTE.

Children
  • You may want to set the page table read-only. Not the PTE.

    Wait, i think we are not on the same page. 

    Setting last level of the page table read only is working, but making upper level of the page table read only is not working.

    Let's assume translation granule of 4kb with page size as 4kb. It will have 4 levels of page table.

    4th level points to page. Here making ready only with AP[7:6] bits works.

    3rd level pointing to 4th level, we need to set APTable[62:61]. Here its not working as it is supposed to. 

    I am confused that are there any system registers which disables hierarchical permission checks for page table.

    I do not understand the benefit of it all. Esp. if your code runs with the same privilege as the kernel.

    No, the point is to run our code in the secure world(EL3) which has more privileges than kernel(EL1). With this we can reduce our trusted computing base code size. Also we can add policies which can say when kernel is allowed to make changes.