|
|
Subscribe / Log in / New account

"Other operating systems" and "stealing" a bit

"Other operating systems" and "stealing" a bit

Posted Feb 21, 2022 17:35 UTC (Mon) by epa (subscriber, #39769)
In reply to: "Other operating systems" and "stealing" a bit by epa
Parent article: Shadow stacks for user space

Oh, I see, it's a roundabout way of saying that all the PTE bits are already used, in practice, and there isn't one that can be used for this new feature. The interpretation of the bit would have to be done by the hardware, not by the OS. And while the hardware doesn't currently care what happens to Spare Bit Number Three, some OSes might be using that bit, so it would be a backwards-incompatible change for the hardware to start taking notice of it.

to post comments

"Other operating systems" and "stealing" a bit

Posted Feb 21, 2022 18:26 UTC (Mon) by pbonzini (subscriber, #60935) [Link] (3 responses)

What the processor could do, would be to only start using Spare Bit Number Three if a certain bit has been set to 1 in a control register. For example, CR4.PKE and CR4.PKS control the interpretation of bit 59 to 62. However, our editor's (presumably informed) guess is that somebody in Redmond begged Intel not to do that for the shadow stack.

"Other operating systems" and "stealing" a bit

Posted Feb 22, 2022 17:00 UTC (Tue) by marcH (subscriber, #57642) [Link] (2 responses)

If a PTE bit has been given to software / the OSes, then it is not a "spare" bit anymore. This is not just about Redmond begging, it's about not "stealing" back something that was given.

I think all the confusion about these bits comes from a lack of clarity about _who owns what_ and how. A bit ironic considering this is a feature meant to catch memory corruption.

"Other operating systems" and "stealing" a bit

Posted Feb 22, 2022 20:42 UTC (Tue) by nix (subscriber, #2304) [Link]

Both Intel and software on Intel processors has learned this before: in the 286 days lots of software used reserved bits freely, and then the 386 started using them and all hell broke loose. It's literally impossible to do that now, because the processor stops you.

(ref: http://www.os2museum.com/wp/theres-more-to-the-286-xenix-...)

"Other operating systems" and "stealing" a bit

Posted Mar 6, 2022 6:17 UTC (Sun) by oldtomas (guest, #72579) [Link]

"If a PTE bit has been given to software / the OSes..."

The point Paolo is making is that there /is/ a protocol for the software/OS to tell the hardware "go ahead, use this bit for your shadow stack".

It seems that Redmond, though... well, we know that routine :-)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds