The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
Posted Feb 8, 2018 6:18 UTC (Thu) by immibis (subscriber, #105511)In reply to: The effect of Meltdown and Spectre in our communities by nix
Parent article: The effect of Meltdown and Spectre in our communities
User-space code then can unlock the key at any time, but needs to use a special instruction to do so, so it's unlikely to happen by accident.
Posted Feb 9, 2018 1:54 UTC (Fri)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Feb 9, 2018 5:31 UTC (Fri)
by immibis (subscriber, #105511)
[Link]
So you leave all user-space pages set to 0, for example, and set kernel pages to 1 (except for one containing the kernel entry point). Then you set the "MPK 1 permissions" register to write-disable, read-disable, execute-disable. Then when entering the kernel you clear those flags, and set them again when leaving. The "MPK 1 permissions" register is global, it's not part of the page-table entry.
Normally you wouldn't do this because the "set permissions register" instruction is not privileged, meaning any code can run it. But if you were trying to run a high-performance minimal-security still-somewhat-robust system, you might!
The effect of Meltdown and Spectre in our communities
The effect of Meltdown and Spectre in our communities
MPKs are tag bits associated with each page-table entry, which indirectly look up permissions in another processor register. See https://lwn.net/Articles/667156/