Paging flags inheritance

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
nexos
Member
Member
Posts: 1081
Joined: Tue Feb 18, 2020 3:29 pm
Libera.chat IRC: nexos

Paging flags inheritance

Post by nexos »

Hello,
So when I map a PDE with say only the present bit set, does that mean that the whole 2M area is unwriteable, regardless of what is in the PTEs? I have been wondering this for a while.
Thanks,
nexos
"How did you do this?"
"It's very simple — you read the protocol and write the code." - Bill Joy
Projects: NexNix | libnex | nnpkg
Top
User avatar
iansjack
Member
Member
Posts: 4703
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: Paging flags inheritance

Post by iansjack »

I could tell you, but I think you would learn more if you were to read the Intel manual, which tells you exactly what happens. (I'm not trying to be difficult here, but I strongly believe that aspiring OS programmers need to learn how to use reference documentation.)
Top
nexos
Member
Member
Posts: 1081
Joined: Tue Feb 18, 2020 3:29 pm
Libera.chat IRC: nexos

Re: Paging flags inheritance

Post by nexos »

It makes sense now. That explains why my ELF loader I made in my last OS mysteriously didn't work when I mapped the program according to the program header's attributes. So is it a good idea to map page tables into PDEs and page directories into PDPTs and PDPTs in PML4Es with R/W and U/S bits set, and to only set the right attributes on the PTE?
"How did you do this?"
"It's very simple — you read the protocol and write the code." - Bill Joy
Projects: NexNix | libnex | nnpkg
Top
sj95126
Member
Member
Posts: 151
Joined: Tue Aug 11, 2020 12:14 pm

Re: Paging flags inheritance

Post by sj95126 »

nexos wrote:So is it a good idea to map page tables into PDEs and page directories into PDPTs and PDPTs in PML4Es with R/W and U/S bits set, and to only set the right attributes on the PTE?
There's really no reason to set U/S=1 in the PML4Es that correspond to your kernel regions, even if you set U/S=0 in lower tables. It doesn't gain you anything and if you slip up, it's a possible security hole.

There may be some situations where it's better to use the higher levels of the table to control permissions; for example, if you have a shared region where multiple processes' PDs point to the same PTs, you could give a read-only view to some processes in their PDs and still share the PTs with their R/W=1 entries.

There's really never a single rule to follow everywhere.
Top
nexos
Member
Member
Posts: 1081
Joined: Tue Feb 18, 2020 3:29 pm
Libera.chat IRC: nexos

Re: Paging flags inheritance

Post by nexos »

sj95126 wrote:It doesn't gain you anything and if you slip up, it's a possible security hole.
I find that hard to believe. It appears to be harmless to me, as long as the last page in translation (the PTE) has the right attributes set. I will follow that method, as it seems to be the most comprehensive.
"How did you do this?"
"It's very simple — you read the protocol and write the code." - Bill Joy
Projects: NexNix | libnex | nnpkg
Top
sj95126
Member
Member
Posts: 151
Joined: Tue Aug 11, 2020 12:14 pm

Re: Paging flags inheritance

Post by sj95126 »

nexos wrote:
sj95126 wrote:It doesn't gain you anything and if you slip up, it's a possible security hole.
I find that hard to believe. It appears to be harmless to me, as long as the last page in translation (the PTE) has the right attributes set.
If you should have a bug and lose track of which PTs go where, which ones are U/S=1 and which ones are U/S=0, you might open something up. If you simply set a few PML4Es to U/S=0, *once*, you're done.

I stand by my original statement. Unless you have a very good reason, marking kernel regions U/S=1 and relying on sub-regions to protect it is just asking for trouble.
Top
Post Reply

Return to “OS Development”