Protection in a flat model. 
Author Message
 Protection in a flat model.

Hi,

I was wondering how processes are protected from each other in a flat (i.e.
non segmented) environment. If there is no segmentation, the protection must
come from the MMU. But page-level protection, as far as I know, does not
differentiate between tasks, only between user and superviser (this is true
for x86s, and most modern processors I believe). I guess you could make all
the pages belonging to a process "superviser" when switching to the next
task, and make the pages of that next task "user" before jumping to it, but
that seems rather slow and cumbersome. What are the solutions, then. How do
NT and Linux (for example) do it?

(Note: I know Linux isn't exactly "flat", but processes operate in the same
segment nonetheless. How are they protected from each other?)

David.



Thu, 08 Aug 2002 03:00:00 GMT  
 Protection in a flat model.


Quote:
> What are the solutions, then. How do NT and Linux (for example) do it?

> (Note: I know Linux isn't exactly "flat", but processes operate in the
same
> segment nonetheless. How are they protected from each other?)

The answer is simpler than you expected. You don't have to remark all pages
upon a context switch. Just provide every process with its own set of page
tables and there you go. You just have to reload cr3 when performing a
context switch and a process won't even know others are present in memory.
You just have to make sure that your kernel has the same logical->physical
mapping in every process's context. Linux for example always has the kernel
mapped from 3gb to 4gb.

Regards,
    Thomas



Thu, 08 Aug 2002 03:00:00 GMT  
 Protection in a flat model.

Hi,

Quote:
>I was wondering how processes are protected from each other in a flat (i.e.
>non segmented) environment. If there is no segmentation, the protection
must
>come from the MMU. But page-level protection, as far as I know, does not
>differentiate between tasks, only between user and superviser (this is true
>for x86s, and most modern processors I believe).

There are a couple of ways. First, the x86 allways uses segmentation. In the
flat memory model, all segments (well, three, a code, a data and a stack
segment) have base 0, limit 4GB. You could create another 'flat' segment
with a different privilege, and use a far call.

Also, privileges aren't (permanent) task properties. They (can) change
during interrupts and far calls because of the interrupt and call gates.
For changing privileges, no task switching is needed.

H



Thu, 08 Aug 2002 03:00:00 GMT  
 Protection in a flat model.

Each process can have its own page table.  When you switch processes you change the cr3 value so the linear memory space is different and one process can't write to anothers memory.

bye,
dan

Quote:

> Hi,

> I was wondering how processes are protected from each other in a flat (i.e.
> non segmented) environment. If there is no segmentation, the protection must
> come from the MMU. But page-level protection, as far as I know, does not
> differentiate between tasks, only between user and superviser (this is true
> for x86s, and most modern processors I believe). I guess you could make all
> the pages belonging to a process "superviser" when switching to the next
> task, and make the pages of that next task "user" before jumping to it, but
> that seems rather slow and cumbersome. What are the solutions, then. How do
> NT and Linux (for example) do it?

> (Note: I know Linux isn't exactly "flat", but processes operate in the same
> segment nonetheless. How are they protected from each other?)

> David.



Thu, 08 Aug 2002 03:00:00 GMT  
 Protection in a flat model.

Just use page translation stuff with different user/supervisor rights.
This helps only in half.
The next step is setting different CR3 for each task and setting
different page table entries so that one task has no entries
corresponding to another one. That's simple.

Good Luck
Alexei A. Frounze

Quote:

> Hi,

> I was wondering how processes are protected from each other in a flat (i.e.
> non segmented) environment. If there is no segmentation, the protection must
> come from the MMU. But page-level protection, as far as I know, does not
> differentiate between tasks, only between user and superviser (this is true
> for x86s, and most modern processors I believe). I guess you could make all
> the pages belonging to a process "superviser" when switching to the next
> task, and make the pages of that next task "user" before jumping to it, but
> that seems rather slow and cumbersome. What are the solutions, then. How do
> NT and Linux (for example) do it?

> (Note: I know Linux isn't exactly "flat", but processes operate in the same
> segment nonetheless. How are they protected from each other?)

> David.



Thu, 08 Aug 2002 03:00:00 GMT  
 Protection in a flat model.

Quote:

> I was wondering how processes are protected from each other in a flat (i.e.
> non segmented) environment. If there is no segmentation, the protection must
> come from the MMU. But page-level protection, as far as I know, does not
> differentiate between tasks, only between user and superviser

   The simple way is to have a different page directory for each
process.  Either hardware or software task switching can put the right
value in the CR3 register for the next task's page directory.

   Tasks can have private and shared page tables, and can have private
and shared pages within any private page table.  That way you can share
lots of memory without a lot of overhead.
--
http://www.erols.com/johnfine/
http://www.geocities.com/SiliconValley/Peaks/8600/



Thu, 08 Aug 2002 03:00:00 GMT  
 Protection in a flat model.


[ ... ]

Quote:
> I was wondering how processes are protected from each other in a flat (i.e.
> non segmented) environment. If there is no segmentation, the protection must
> come from the MMU. But page-level protection, as far as I know, does not
> differentiate between tasks, only between user and superviser (this is true
> for x86s, and most modern processors I believe). I guess you could make all
> the pages belonging to a process "superviser" when switching to the next
> task, and make the pages of that next task "user" before jumping to it, but
> that seems rather slow and cumbersome. What are the solutions, then. How do
> NT and Linux (for example) do it?

The general idea you give above is about right: when you're going to
switch to a task, you only map the pages that belong to that task.

You've got two choices in how to do this: you can modify CR3 to point
at a different page table when you switch tasks, or you can leave CR3
alone, and do a block-copy of different page tables into the memory it
points at.  Given that a typical task has only a few kilobytes of page
tables, this isn't nearly as slow as it might initially seem.

--
    Later,
    Jerry.

The universe is a figment of its own imagination.



Sat, 10 Aug 2002 03:00:00 GMT  
 
 [ 7 post ] 

 Relevant Pages 

1. Flat mem. model/Win95

2. Flat memory model map

3. Dos FLAT model in TASM 5.0

4. FLAT MODEL

5. IRQ Handler in FLAT model

6. Masm's flat memory model.

7. Masm's Flat memory model.

8. Flat Model in MASM for Win '95

9. Protected Flat Model

10. Flat Memory Model Problem

11. Flat Memory Model

12. Is unreal mode flat model?

 

 
Powered by phpBB® Forum Software