On 1 Dec 2016, at 13:54, Jeff Waugh <[email protected]<mailto:[email protected]>> wrote:
On Thu, Dec 1, 2016 at 1:29 PM, Mark Reus <[email protected]<mailto:[email protected]>> wrote: The user level resource managers can access both the kernel memory and other memory as well because they have capabilities to both. What exactly in the above quote causes the isolation of user level memory with kernel memory. I am of the notion that the kernel allocated objects are still accessible and can be modified to point to some other memory? Am I misunderstanding something? The user level resource managers have access to the capabilities of kernel objects, but not their memory. As soon as you retype an untyped block of memory into, say, endpoint objects, you can't poke around in it. You'll get a memory protection fault. To be precise: you can’t poke at it before the retype either. The only memory you can access is what is mapped into your address space, and only frame objects can be mapped into an address space. If you think about it in object oriented terms, it's like you don't even get an API to screw this up. :-) Caps are essentially opaque object references. All you can do is invoke type-specific methods (which map to system calls). A frame object you can’t directly touch either, but you can invoke a map method on it which creates a virtual-address mapping, after which you can touch the storage addressed by the VA. Gernit
_______________________________________________ Devel mailing list [email protected] https://sel4.systems/lists/listinfo/devel
