Exclusive page-frame ownership [LWN.net]

Exclusive page-frame ownership

Posted Sep 15, 2016 12:21 UTC (Thu) by PaXTeam (guest, #24616)
In reply to: Exclusive page-frame ownership by kees
Parent article: Exclusive page-frame ownership

1. i think referring to SMEP/PXN as 'segmentation' is somewhat confusing as that word has a specific meaning on x86 chips (and yet another on ppc) and no meaning on arm AFAIK.

2. the UDEREF style page table entry shadowing and switching on user/kernel transitions would work on any arch that can otherwise support kernel mode execution control (so UDEREF works on pre-IVB, let alone pre-BDW). if the arch has some form of address space/context ID mechanism then this can be further optimized though in my experience the end result still sucks for performance unfortunately.

3. i wouldn't call data access control/prevention a superset of execution prevention as i think most processors clearly distinguish between insn fetches and data accesses (different caches, TLBs, access control, etc) and thus you can control them indepedently.

to post comments

Exclusive page-frame ownership

Posted Sep 15, 2016 19:55 UTC (Thu) by kees (subscriber, #27264) [Link]

1. Yes, quite right. I've changed those to "segregation". I'm open to a better term for this, though.

2. I think I covered that already in the text above the tables ("via separate page tables" and "page table swapping"). Is it the table's "could use PCID?" note that feels inaccurate?

3. Yup, fair point. I've clarified it to mention the emulation case (e.g. CONFIG_SW_DOMAIN_PAN provides PXN emulation as well as PAN emulation) and distinguish the instruction fetch from data access.

Thanks!