Clearing sp for opacr21 allows the access to complete without fault. It would be very nice if the sp could remain enabled and have the fault handler trap to supervisor so that hardware enforcement can be leveraged as well as software resource allocation check.
Since mprot and opacr assignments are SoC specific this would have to be implemented as part of the BSP framework perhaps over complicating the issue. Preference is to keep things simple and probably leave in the underlying linux, where the drivers are located <executing code localization>, without making fiasco or l4 more aware of the hardware than necessary. Instruction emulation could be a bit messy due to differing memory maps between faulting and exception handling contexts.
Most simply, the sp bits can be cleared by a call into the bsp and leave the boot loader alone.
Many thanks for your help and insight. Work now proceeds to migrate the drivers.
thanks & best regards, Andy
I'd guess that access from user-mode is the 'problem' here. Could you check the setting of AIPSTZ_OPACR21 and possibly adapt accordingly?
Adam
On Tue Aug 07, 2012 at 13:41:56 -0700, Andy Wagner wrote:
Clearing sp for opacr21 allows the access to complete without fault. It would be very nice if the sp could remain enabled and have the fault handler trap to supervisor so that hardware enforcement can be leveraged as well as software resource allocation check.
Since mprot and opacr assignments are SoC specific this would have to be implemented as part of the BSP framework perhaps over complicating the issue. Preference is to keep things simple and probably leave in the underlying linux, where the drivers are located <executing code localization>, without making fiasco or l4 more aware of the hardware than necessary. Instruction emulation could be a bit messy due to differing memory maps between faulting and exception handling contexts.
Well, the hardware enforcement used is the page table which makes sure that a client can only access those devices it is given access to. Which benefit does a user/supervisor access check add here? Trapping any access to io memory would also slow down access to devices, plus someone would need to check if the access is valid, which would not be the kernel.
Adam
l4-hackers@os.inf.tu-dresden.de