Physical memory allocation to L4linux

Masti Ramya Jayaram rmasti at inf.ethz.ch
Wed Sep 10 09:46:20 CEST 2014


Hey Adam,

thanks a lot for the replies. I still have a few questions/clarifications though. :-)

a. Is there a way to implement the "MODE=sigma" for linux? I could not find anything that points to it.
b. Now if I were to tweak the page fault handler in sigma, then does that imply that even a corrupt moe/ned/l4linux cannot get access to the protected part of the address space?
c. Who are the clients of this page fault handler? Is it just what runs on top of sigma like moe, ned, l4linux or even faisco?  
d. If it is just moe, ned, l4linux, then can I use the same page fault trick to ensure that (moe,ned,sigma) they always get memory from a certain dedicated region?

Thanks a ton for your patience (to everyone on the list and particularly you and Martin). I totally appreciate it.

Best,
Ramya


________________________________________
From: l4-hackers [l4-hackers-bounces at os.inf.tu-dresden.de] on behalf of Adam Lackorzynski [adam at os.inf.tu-dresden.de]
Sent: 09 September 2014 23:16
To: l4-hackers at os.inf.tu-dresden.de
Subject: Re: Physical memory allocation to L4linux

On Tue Sep 09, 2014 at 16:03:11 +0000, Masti  Ramya Jayaram wrote:
> I would like to explain my situation better. Here is what I intend:
>
> a. What is the lowest module (bootstrap, fiasco, sigma, moe,
> ned,l4linux) that can be confined not access a portion of the address
> space?

Without changing anything and with this list of program, it's just
L4Linux. Reason is that ned typically has a cap to sigma0 because it
needs to give it to io.
When you would like to make a little change, in Fiasco there's a
function handle_sigma0_page_fault that covers page-fault by sigma0. So
if you add a check on pfa there and return false you should be able to
exclude a memory region from any user program.

> I know that bootstrap and fiasco run in privileged mode, so there is
> no way to stop them. What is the next module?
>
> b. Assuming that it is sigma, I would like to do the following:
>  Have three regions in the physical address space (not necessarily memory):
>
> i) one for bootstrap, fiasco
> ii) moe, ned, sigma, l4linux
> iii). Special region accessible only from (i) - bootstrap and fiasco.
>
> If it is not possible to confine sigma, i.e., "hide a portion of the
> address space from it", then add sigma to lists (i,iii) and remove it
> from (ii) - and so on for the other modules.
>
> If it is moe, could my goal be reached by adding an IO device as a
> blocker but then not give moe the corresponding capability?

In the stack moe is below any notion of an IO device, so that would not
work.



Adam
--
Adam                 adam at os.inf.tu-dresden.de
  Lackorzynski         http://os.inf.tu-dresden.de/~adam/

_______________________________________________
l4-hackers mailing list
l4-hackers at os.inf.tu-dresden.de
http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers


More information about the l4-hackers mailing list