- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我今天第一次遇到 LDTR ARMv8 指令。
我在 ARMv8 DB 上阅读了它的描述手册部分C3.2.5“非特权加载/存储”,据我了解,它基本上允许EL1在EL0限制下进行内存访问。
此功能的应用是什么?
这是否会让利用内核错误使内核将数据写入错误地址的攻击变得更加困难?
考虑到通常有多个进程同时运行,LDTR 如何知道要使用哪个页表转换?或者这些限制是否涉及与页表上指定的权限无关的其他类型的权限?
最佳答案
此链接为您提供了用例示例:https://developer.arm.com/documentation/102376/0100/Permissions-attributes
[...] a hypervisor can see all the resources that are allocated to a virtual machine. This is because executing at a higher exception level means that the level of privilege is also higher.
However, this is not always desirable. Malicious applications might try to trick an OS into accessing data on behalf of the application, which the application should not be able to see. This requires the OS to check pointers in systems calls.
The Arm architecture provides several controls to make this simpler. First, there is the PSTATE.PAN (Privileged Access Never) bit. When this bit is set, loads and stores from EL1 (or EL2 when E2H==1) to unprivileged regions will generate an exception (Permission Fault) [...]
Sometimes the OS does need to access unprivileged regions, for example, to write to a buffer owned by an application. To support this, the instruction set provides the LDTR and STTR instructions.
LDTR and STTR are unprivileged loads and stores. They are checked against EL0 permission checking even when executed by the OS at EL1 or EL2. Because these are explicitly unprivileged accesses, they are not blocked by PAN [...]
This allows the OS to distinguish between accesses that are intended to access privileged data and those which are expected to access unprivileged data. This also allows the hardware to use that information to check the accesses.
关于arm - 与 LDR 相比,LDTR 等 ARM 非特权加载存储指令的应用是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59287799/
前言 所谓工作模式,是指CPU的寻址方式、寄存器大小、指令用法和内存布局等。 实模式 段基址:段内偏移地址”产生的逻辑地址就是物理地址,即程序员可见的地址完全是真实的内存地址。 保护模式 在保护模式中
我在 linux 内核 (arch/x86/boot/pmjump.S) 中找到了这段代码 # Set up TR to make Intel VT happy ltr %di
我今天第一次遇到 LDTR ARMv8 指令。 我在 ARMv8 DB 上阅读了它的描述手册部分C3.2.5“非特权加载/存储”,据我了解,它基本上允许EL1在EL0限制下进行内存访问。 此功能的应用
我今天第一次遇到 LDTR ARMv8 指令。 我在 ARMv8 DB 上阅读了它的描述手册部分C3.2.5“非特权加载/存储”,据我了解,它基本上允许EL1在EL0限制下进行内存访问。 此功能的应用
我是一名优秀的程序员,十分优秀!