Path: utzoo!utgpu!water!watmath!clyde!bellcore!rutgers!mailrus!ames!amdcad!light!bvs
From: bvs@light.uucp (Bakul Shah)
Newsgroups: comp.arch
Subject: Re: PEP: Page Execution Priviledge
Message-ID: <1988Oct1.115519.11020@light.uucp>
Date: 1 Oct 88 18:55:17 GMT
References: <2550@sultra.UUCP> <1988Sep30.170503.19191@utzoo.uucp>
Reply-To: bvs@light.UUCP (Bakul Shah)
Organization: (null)
Lines: 28

In article <1988Sep30.170503.19191@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes:
>In article <2550@sultra.UUCP> dtynan@sultra.UUCP (Der Tynan) writes:
>>Rather than have a standard U/S bit in the CPU status register, it might make
>>more sense to assign it to each I-page in a paged-MMU system...
>
>Things at least vaguely along those lines have been done.  There is one
>major problem that has to be solved:  how do you prevent a user from
>branching to some well-chosen place in the *middle* of a privileged
>routine?  Say, for example, bypassing some of the legality checks at
>the beginning?  One needs some hardware-enforced notion of entry points,
>so that transitions from lower privilege to greater privilege get done
>only in authorized ways.

Hardware-enforced entry points are not needed if you
use indirection.  Make sure only privileged jump
tables are accessible from a non privileged place.
So call to a privileged routine will be a call to a
jump table address and another jump from there to
the real routine.  I think this idea can be easily
extended to switch from one protection domain to
another (and they don't have to be rings).

Seems to me that RISC processors like AMD29000 can
modified fairly easily  and are ideally suited for
this sort of things.

----
Bakul Shah <..!{ucbvax,sun,uunet}!amdcad!light!bvs>