Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/5/84; site sjuvax.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!princeton!astrovax!sjuvax!jss From: jss@sjuvax.UUCP (J. Shapiro) Newsgroups: net.arch Subject: TLB entry invalidation Message-ID: <2659@sjuvax.UUCP> Date: Tue, 17-Dec-85 23:09:41 EST Article-I.D.: sjuvax.2659 Posted: Tue Dec 17 23:09:41 1985 Date-Received: Fri, 20-Dec-85 02:34:23 EST References: <1730@uw-beaver> <2619@sjuvax.UUCP> <867@x.UUCP> Reply-To: jss@sjuvax.UUCP (J. Shapiro) Distribution: net Organization: Haverford College, Haverford, Pa. Lines: 42 Summary: Correction Appreciated >>me: > Bob Mabee of Charles River Data Systems Concerning TLB entry invalidation: >>...Some other process goes and invalidates the page, >>and the consequent TLB flush will cause the TLB to be properly >>maintained. > >That isn't good enough. Reasonable systems may require invalidating a page >within one process, rather than whenever a page-scrounging daemon runs. >Consider exec, or suppose that sbrk is actually implemented to give back >memory. Also, if you have multiple processors there is not necessarily a >process exchange on this CPU every time the scrounger takes away a page. > Intel does not have a clear TLB instruction *or* pin, and as such, if one processor robs another of a page belonging to the running process you are in deep dip. If sbrk needs to allocate and validate a new page as existing, there is no problem. The problem is invalidating an old page. Since the 80386 provides no way to flush the TLB without doing a process exec, this isn't possible. Besides, on a real system one wants sbrk to be a priviledged system call, and doing a gateway call on the 80386 looks to me like it amounts to doing a process invocation, however temporarily. Exec is a system call - I certainly wouldn't want a nonpriviledged process to perform it. Similarly fork. Both of these calls require a swap out while we go set up the process table, because a secure system cannot assume that the process can be trusted to do it non-maliciously. Much of this, of course, does not apply in a system which assumes cooperating processes, but the 80386 architecture seems to encourage the protection notion. I got into trouble by drawing too sketchy a picture. -- Jonathan S. Shapiro Haverford College "It doesn't compile pseudo code... What do you expect for fifty dollars?" - M. Tiemann