The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
Posted Feb 5, 2018 4:55 UTC (Mon) by immibis (subscriber, #105511)In reply to: The effect of Meltdown and Spectre in our communities by hansendc
Parent article: The effect of Meltdown and Spectre in our communities
Posted Feb 7, 2018 2:09 UTC (Wed)
by nix (subscriber, #2304)
[Link] (3 responses)
Posted Feb 8, 2018 6:18 UTC (Thu)
by immibis (subscriber, #105511)
[Link] (2 responses)
User-space code then can unlock the key at any time, but needs to use a special instruction to do so, so it's unlikely to happen by accident.
Posted Feb 9, 2018 1:54 UTC (Fri)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Feb 9, 2018 5:31 UTC (Fri)
by immibis (subscriber, #105511)
[Link]
So you leave all user-space pages set to 0, for example, and set kernel pages to 1 (except for one containing the kernel entry point). Then you set the "MPK 1 permissions" register to write-disable, read-disable, execute-disable. Then when entering the kernel you clear those flags, and set them again when leaving. The "MPK 1 permissions" register is global, it's not part of the page-table entry.
Normally you wouldn't do this because the "set permissions register" instruction is not privileged, meaning any code can run it. But if you were trying to run a high-performance minimal-security still-somewhat-robust system, you might!
The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
MPKs are tag bits associated with each page-table entry, which indirectly look up permissions in another processor register. See https://lwn.net/Articles/667156/