*BSD News Article 21763


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!saimiri.primate.wisc.edu!news.larc.nasa.gov!darwin.sura.net!howland.reston.ans.net!math.ohio-state.edu!caen!usenet.coe.montana.edu!decwrl!cronkite.cisco.com!cisco.com!vandys
From: vandys@cisco.com (Andrew Valencia)
Newsgroups: comp.unix.bsd
Subject: Copyout fix for i386
Date: 2 Oct 93 00:36:40 GMT
Organization: cisco Systems
Lines: 14
Message-ID: <vandys.749522200@cisco.com>
NNTP-Posting-Host: glare.cisco.com

Hi,

There seems to be a classic problem with all i386 BSDen.  The problem is
that an i386 will allow ring 0 to write through a PTE with the read-only
bit turned on.  The usual workaround is to manually inspect each PTE in
routines like copyout--slow!  I have heard talk about using the RPL
field of the segment descriptor, and would like to know if it works, and
if there are any other "gotchas".  That is, if I'm running in ring 0,
make a write reference through a descriptor with RPL 3, will it trap
instead of completing the write if the PTE is valid but read-only?

Thanks in advance for any experience you might have had in this area!

						Andy Valencia