Emulating cpu page protection in userspace

Venkatram Tummala venkatram867 at gmail.com
Thu May 16 04:20:47 EDT 2013


On May 15, 2013, at 3:31 PM, Manish Katiyar <mkatiyar at gmail.com> wrote:

> Hi,
> 
> This is really not a linux kernel question, but I guess there are enough OS specialists on this thread that someone can point me in the right direction.
> 
> Some context
> ----------------------
> On normal hardware machines its possible to change the page table flags to make a particular 4K page area as readonly or readwrite. This is generally used for protecting against memory corruptions. Now even if you have READONLY flags set in the page table, its possible to change the control register of a particular cpu (in a multicore system) such that, that cpu will not cause a fault/trap if you try to modify the contents of the page. What this means is let's say I have 4 cpus, and I change the control register on cpu-1, only cpu-1 will see the page as readwrite and others will see it as readonly.
> 
> I've seen that this behavior is honoured in virtualised vmware environments too, so I'm assuming that this cpu behavior is getting simulated somehow.
> 
> My problem is that I want to simulate the same behavior in userspace, where my 4 cpus map to 4 pthreads. I change the permissions of my memory area using mprotect() but then I also want to have a similar capability where I can flip/change something in one of the threads and that thread should be able to modify the region, while for other pthreads it is still a readonly page.
> 
> Any suggestions how vmware or other virtualised environments do this, or is this even possible ? Any pointers to the code is appreciated. (Sorry no locking/synchronisation solutions pls).

I don't think its possible to do it. At least in the stock linux kernel. If you do a mprotect from readonly to read/write, the linux kernel will change the page table protection bit and do a tlb_flush on all cpus. So, this change will be visible to other threads running on the other cpus. 

You can hack the kernel, write your own mprotect system call which does the same thing as the linux mprotect but instead of doing a global tlb flush, you can do a tlb flush only on the currently running cpu. This way, other cpus can't see the changed protection. But, even if you do this, you have to somehow guarantee that the thread is not context-swithced to other cpus at which point, it will see the page as readonly. 

From your email, its not exactly clear why you wanna do this. Some context may get you a better alternative solution from the list. 

Venkatram Tummala

> 
> -- 
> Thanks -
> Manish
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies




More information about the Kernelnewbies mailing list