Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!rochester!kodak!ispd-newsserver!ism.isc.com!ico!rcd
From: rcd@ico.isc.com (Dick Dunn)
Newsgroups: comp.unix.sysv386
Subject: Re: fp emulation (was Re: SECURITY BUG)
Message-ID: <1991Feb17.042238.6771@ico.isc.com>
Date: 17 Feb 91 04:22:38 GMT
References: <54428@bigtex.cactus.org> <1991Feb13.050417.10170@rfengr.com> <1991Feb15.195340.26903@kithrup.COM>
Organization: Interactive Systems Corporation, Boulder, CO
Lines: 21

sef@kithrup.COM (Sean Eric Fagan) writes:
> james@bigtex.cactus.org (James Van Artsdalen) writes:
> >there is no
> >reason for 387 support (real or emulated) to need the u block to be
> >writable.

> Yes, there is, unless you want to make the emulated fpu even slower.

[Sean goes on to describe that the FP emulator runs in user state, for good
reasons, and state switches are costly--you don't want to go through a
protection-state transition in the coprocessor trap call gate.]

While Sean's reasoning is correct as far as it goes, Van Artsdalen's point
still holds.  While you probably do need to keep the emulated FP registers
in the u-area (that's the logical place, and I don't know where else you
could put them safely), you don't need to have the "vulnerable" part of the
u-area in the same page as the FP registers.  Put the FP registers in a
writable page; put the goodies in a non-writable page.
-- 
Dick Dunn     rcd@ico.isc.com -or- ico!rcd       Boulder, CO   (303)449-2870
   ...But is it art?