On Tue Sep 09, 2014 at 16:03:11 +0000, Masti Ramya Jayaram wrote:
I would like to explain my situation better. Here is what I intend:
a. What is the lowest module (bootstrap, fiasco, sigma, moe, ned,l4linux) that can be confined not access a portion of the address space?
Without changing anything and with this list of program, it's just L4Linux. Reason is that ned typically has a cap to sigma0 because it needs to give it to io. When you would like to make a little change, in Fiasco there's a function handle_sigma0_page_fault that covers page-fault by sigma0. So if you add a check on pfa there and return false you should be able to exclude a memory region from any user program.
I know that bootstrap and fiasco run in privileged mode, so there is no way to stop them. What is the next module?
b. Assuming that it is sigma, I would like to do the following: Have three regions in the physical address space (not necessarily memory):
i) one for bootstrap, fiasco ii) moe, ned, sigma, l4linux iii). Special region accessible only from (i) - bootstrap and fiasco.
If it is not possible to confine sigma, i.e., "hide a portion of the address space from it", then add sigma to lists (i,iii) and remove it from (ii) - and so on for the other modules.
If it is moe, could my goal be reached by adding an IO device as a blocker but then not give moe the corresponding capability?
In the stack moe is below any notion of an IO device, so that would not work.
Adam