On Tue Sep 09, 2014 at 16:03:11 +0000, Masti Ramya Jayaram wrote: > I would like to explain my situation better. Here is what I intend: > > a. What is the lowest module (bootstrap, fiasco, sigma, moe, > ned,l4linux) that can be confined not access a portion of the address > space?
Without changing anything and with this list of program, it's just L4Linux. Reason is that ned typically has a cap to sigma0 because it needs to give it to io. When you would like to make a little change, in Fiasco there's a function handle_sigma0_page_fault that covers page-fault by sigma0. So if you add a check on pfa there and return false you should be able to exclude a memory region from any user program. > I know that bootstrap and fiasco run in privileged mode, so there is > no way to stop them. What is the next module? > > b. Assuming that it is sigma, I would like to do the following: > Have three regions in the physical address space (not necessarily memory): > > i) one for bootstrap, fiasco > ii) moe, ned, sigma, l4linux > iii). Special region accessible only from (i) - bootstrap and fiasco. > > If it is not possible to confine sigma, i.e., "hide a portion of the > address space from it", then add sigma to lists (i,iii) and remove it > from (ii) - and so on for the other modules. > > If it is moe, could my goal be reached by adding an IO device as a > blocker but then not give moe the corresponding capability? In the stack moe is below any notion of an IO device, so that would not work. Adam -- Adam a...@os.inf.tu-dresden.de Lackorzynski http://os.inf.tu-dresden.de/~adam/ _______________________________________________ l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers