Hello,
I am trying to make pmd level of the translation table as read only so that any writes in the pte entries should cause a permission fault.
Current steps which i am doing are:
1) inside kernel space, allocating 2 pointers (say p, q) and allocating memory using vmalloc (4k size to occupy entire page)
2) assigning int data to both (say p=10, q= 20)
3) setting APTable bit for readonly for both the pointers (By reading manual, bit 61 and 62 denotes APTable)
4) swapping pte value for both the pointer in translation table
5) printing value for both the pointer
At step 4, access permission fault is not occurring.
I tried flushing the TLB, still at point 4 fault does not occur, but fault is occurring at random places (sometimes after point 5 or in between any points)
Can anyone tell me possible reasons why this is happening or some solution to fix it?
thanks
i answered it below, in case you missed it.
raks8877 said:Yes true. In this approach, hypervisor and underlying os will be in TCB. which is still huge. By using trustzone we can reduce it significantly.
Yes true. In this approach, hypervisor and underlying os will be in TCB. which is still huge.
By using trustzone we can reduce it significantly.
This note is strange and maybe a reason for your findings:" The APTable[1:0] settings are combined with the translation table access permissions in the translation tables descriptors accessed in subsequent levels of lookup. They do not restrict or change the values entered in those descriptors."
I did not write anything in EL2 yet, but the Hypervisor does not have to be larger then a EL3 monitor. But this is another topic :-)
Yes here is what i am confused.
Just below that line in the manual they say
"The VMSAv8-64 provides APTable[1:0] control only for stage 1 translations. The corresponding bits are RES 0 inthe stage 2 translation table descriptors."
so I assumed for stage 1 permission checks should be performed.
raks8877 said:Yes. Suppose you want to implement some privacy or security policies. How will you do in linux? well maybe use lsm hooks. If we remove the ability from kernel to make any changes and let secure world have it on its behalf, we can easily implement such policies.
Yes. Suppose you want to implement some privacy or security policies. How will you do in linux? well maybe use lsm hooks.
If we remove the ability from kernel to make any changes and let secure world have it on its behalf, we can easily implement such policies.
Ah, something like a "private_malloc", which makes sure no other process (even kernel space) can access it. If that's it, I get the idea :-)
stage 2 is EL2 (AFAIK), so in your case it does not apply.
Yes exactly.
42Bastian Schick said:For example the ZYNQ 7000 can define 64MB chunks of the SDRAM
Can you explain a bit more on this.
is this memory fixed or can be programmed?
Yes