Hello,
I am trying to make pmd level of the translation table as read only so that any writes in the pte entries should cause a permission fault.
Current steps which i am doing are:
1) inside kernel space, allocating 2 pointers (say p, q) and allocating memory using vmalloc (4k size to occupy entire page)
2) assigning int data to both (say p=10, q= 20)
3) setting APTable bit for readonly for both the pointers (By reading manual, bit 61 and 62 denotes APTable)
4) swapping pte value for both the pointer in translation table
5) printing value for both the pointer
At step 4, access permission fault is not occurring.
I tried flushing the TLB, still at point 4 fault does not occur, but fault is occurring at random places (sometimes after point 5 or in between any points)
Can anyone tell me possible reasons why this is happening or some solution to fix it?
thanks
raks8877 said:Setting last level of the page table read only is working, but making upper level of the page table read only is not working.
To clear things up for me: You want prevent someone to modify the page tables. So you want to map the memory the page table resides as read-only.
And whenever the Linux kernel wants to set a new PTE (means write to the page table) you like to get trapped into EL3?
yes exactly. If we make it read only then access permission fault should generate and inside page fault handler we can call smc to switch to secure world.
Ah, so instead of finding all accesses to the page table, you only need to "para-virtualize" the fault handler.
Still, I do not see the benefit as to run it in a VM.
Yes true. In this approach, hypervisor and underlying os will be in TCB. which is still huge.
By using trustzone we can reduce it significantly.
This note is strange and maybe a reason for your findings:" The APTable[1:0] settings are combined with the translation table access permissions in the translation tables descriptors accessed in subsequent levels of lookup. They do not restrict or change the values entered in those descriptors."
I did not write anything in EL2 yet, but the Hypervisor does not have to be larger then a EL3 monitor. But this is another topic :-)
Yes here is what i am confused.
Just below that line in the manual they say
"The VMSAv8-64 provides APTable[1:0] control only for stage 1 translations. The corresponding bits are RES 0 inthe stage 2 translation table descriptors."
so I assumed for stage 1 permission checks should be performed.
stage 2 is EL2 (AFAIK), so in your case it does not apply.
Yes