Compilation study notes (17) - Transfer of rights and privileges stage operation

Others 2020-02-22 17:18:50 views: null

Privilege level of the basic concepts

CPL = CS privileged register in the current code RPL

RPL selectors privilege level required

In DLP target privilege level required by paragraph

For example, I was good ROOT user with root privileges, I open a file with read permissions, file permissions are 777 

CPL = ROOT privileges

RPL = read access

DLP = 777 

 Loading data segment 

ss register

    1. Can read and write data segment
    2. CPL=DL=RPL

 

Other data segment register

    1. Readable and writable data segment, readable code segments
    2. CPL<=DPL, RPL<=DPL

 

Change the operating rights (CS loading)

 Pointing snippet

JMP

CALL

Claim

Non-uniform codes, CPL = DPL, RPL <= DPL

Consistent with the code, CPL> = DLP

result

CS of INDEX and TI are constant changes CPL

RIGHT

Claim

RPL = CPL

RET return using a pre-CS selectors because CALL when CPL is constant, so no accident, then after RPL = CPL is always true is equivalent to the CALL and JMP

refining:

    1. Privileged will never change
    2. For non-uniform code is transferred in claim CPL = DPL, it imposes the non-uniform code can be transferred to the same level
    3. For into codes coincide claim CPL> = DLP, the same or similar code can be transferred from the outer layer inwardly , but in either case the same privilege level
    4. RET is used before the pressure in the stack CS, so before RPL = CPL, CPL remained unchanged since it was established before the CPL = CPL total, so always meet the first condition RET
    5. Due to non-uniform code requires CPL = DPL and consistent code requires CPL> = DPL's asked to see, and CPL unchanged, so legitimate call chain CPL> = DLP is established forever
    6. 4 shows a CPL RPL is a push, and CPL unchanged, known RPL = CPL, it is concluded that the call stack RPL = CPL> = DLP
    7. RPL consistent code is not required, so the return is consistent with the code from the code consistent RPL possible> DLP situation is ignored, and because the non-uniform code is CPL = DPL, so non-uniform regardless of the return codes are cases where CPL = DPL = RPL (6 meet RPL = CPL> = DLP the case), can be returned to normal

 

summary

1. When using the JMP and CALL meet the different needs of a case where the transfer destination code

Consistent with certain non-Code: CPL = DPL, RPL <= DPL

The goal is consistent with the code: CPL> = DLP

2. CPL will never change

3. CALL execution condition is satisfied as long as the corresponding RET will never satisfy the conditions

 

 

Pointing call gate

First point of call gate only select sub-effective, is offset address will be ignored

Second call gate has its own DPL, so I want to use a call gate needs to meet the following scene

CPL <gate DPL, RPL <gate DPL

After satisfying the condition will be removed from the call gate and selected sub-offset, to replace in the selected sub-branch instruction and an offset address, will select a new sub-RLP before replacement is set to 0, i.e. gates select son RPL is meaningless always be replaced with 0. 

And then jumps directly to roughly segment, as long as the situation when a CALL instruction is transferred to a special non-uniform code

When using the CALL command calls pointed to the door pointing a non-uniform code segment when

If CPL appears> the situation in the case of DPL directly points to be wrong, but in the case of pointing the door will be set CPL = DPL, the situation appears to mention the right of other words.

RET instruction when a corresponding found RPL> CPL, and is also provided CPL = RPL said right down.

Note: Switching authority when it comes to switching stack, this task will be explained in the door when relevant content.

 

summary

      1. Point doors are only valid selectors, offset meaningless

      2. When the call will be CPL <door DPL, RPL <DLP door verification

      3. The actual address of the call given by the door, while the actual call RPL is always 0

      4. Other call directly to the rules consistent with the only difference is the address where the code is non-uniform time point when the actual CALL If CPL> DPL not call failure occurs, but is set CPL = DPL, corresponding RPL will find RET > CPL time will be set CPL = RPL, RPL here is in fact a CPL CALL instruction push the CS register, that is privileged or recovery.

 

TSS data points

Requesting permission, CPL <= DPL RPL <= DPL

Offset address call instruction is ignored, CPU data directly in the TSS switch directly tasks (threads) a.

 

Point to Task door

And data directly to the TSS lacks distinction, that is, become more authority to detect

First detected CPL <gate DPL, RPL <= DPL gate

Then detecting CPL <TSS of DPL, door RPL <= TSS of DPL

Then switching tasks using a TSS data, instructions, and the offset no meaning door.

Note the use of CALL and JMP is with a bit of difference

CALL cause nested task, so the task using CALL door call can then be returned to its original task of using RET

     

 Privilege level switch stack when switching

      Privilege level switching occurs when there will be a stack of switches, each privilege level has its own stack, these addresses are stored in the TSS, and 012 three privilege level stack, each time to go will be reset, that does not retain traces of the time of the last entry, in order to pass parameters privilege level change, that they will occur memory copy, as the number of bytes copied, task gate there is a task double doors byte field decided to interrupt trap doors and door interrupt or exception type is determined automatically.

 

Guess you like

Origin www.cnblogs.com/alwaysking/p/12345946.html
Recommended
This is the episode that Linus can't stand the most - Unreal Engine code specifications prohibit the use of swear words, slave, and master
Ranking
The use of __CSVRead of Jmeter's common functions
uni-app location-related notes/get the timestamps at zero o'clock and 12 o'clock on the day
Duplicate entry ‘dongdong123‘ for key ‘tab_user.AK_nq_username‘
Sinking to a county-level city, will the Red Star Macalline be "unacceptable"?
Memcached statistics items command
nodejs start live-server problem
What should I do if the algorithm overhead cannot meet the customer's requirements?
Task explore cancellation (2)
Hyperledger Fabric-sdk-java
Koa.js builds a simple server and connects to the database
Daily
More
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)

Code World

© 2018 codetd.com