From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KImh7-0004Z5-QE for qemu-devel@nongnu.org; Tue, 15 Jul 2008 11:44:01 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KImh6-0004Yn-4E for qemu-devel@nongnu.org; Tue, 15 Jul 2008 11:44:01 -0400 Received: from [199.232.76.173] (port=34910 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KImh6-0004Ya-1D for qemu-devel@nongnu.org; Tue, 15 Jul 2008 11:44:00 -0400 Received: from gecko.sbs.de ([194.138.37.40]:15354) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KImh5-0008A5-Et for qemu-devel@nongnu.org; Tue, 15 Jul 2008 11:43:59 -0400 Received: from mail2.sbs.de (localhost [127.0.0.1]) by gecko.sbs.de (8.12.11.20060308/8.12.11) with ESMTP id m6FFhdgU009105 for ; Tue, 15 Jul 2008 17:43:39 +0200 Received: from [139.25.109.167] (mchn012c.ww002.siemens.net [139.25.109.167] (may be forged)) by mail2.sbs.de (8.12.11.20060308/8.12.11) with ESMTP id m6FFhdV9015934 for ; Tue, 15 Jul 2008 17:43:39 +0200 Message-ID: <487CC5AC.2070900@siemens.com> Date: Tue, 15 Jul 2008 17:43:40 +0200 From: Jan Kiszka MIME-Version: 1.0 References: <4874AB47.9090208@siemens.com> <487B2BC8.9050804@siemens.com> <20080714110507.GD29536@redhat.com> In-Reply-To: <20080714110507.GD29536@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Re: [RFC][PATCH] x86: Optional segment type and limit checks - v2 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Daniel P. Berrange wrote: > On Mon, Jul 14, 2008 at 12:34:48PM +0200, Jan Kiszka wrote: >> This is the second version of my segment type and register check. It >> reduces the impact on the translator code significantly, and it also >> fixes a bug of the "size" helper variant in the previous version. >> >> The idea of this patch is to generate calls to a check helper only in >> case the user requested this support via "-seg-checks". This feature >> remains off by default as most x86 OSes do not care about protection via >> segmentation anymore (and it was even removed from 64-bit modes by the >> CPU vendors). > > Two current users of protection via segmentation I know of > > - 32-bit linux with the ExecShield capability will still use segmentation > to split the address space into executable vs non-executable regions, if > the CPU doesn't have NX bit support. > - 32-bit Xen uses segmentation for protecting the hypervisor. Ah, good to be reminded that we are not alone with our segmented OS here. ;) That makes me realize that my patch lacks range checks for code segments. I think I left it out as it is not that trivial... Jan -- Siemens AG, Corporate Technology, CT SE 2 Corporate Competence Center Embedded Linux