flat assembler
Message board for the users of flat assembler.
Index
> OS Construction > RPL? why? |
Author |
|
baldr 11 Feb 2010, 21:35
asmmsa,
In basic flat PM memory model RPL is almost unused. Consider multi-segment PM memory model. |
|||
11 Feb 2010, 21:35 |
|
DOS386 12 Feb 2010, 15:02
baldr wrote: basic flat PM memory model RPL is almost unused. Consider multi-segment PM memory model So a relict from 80286 |
|||
12 Feb 2010, 15:02 |
|
asmmsa 12 Feb 2010, 15:32
please better explanation, how RPL helps segmentation.
when i load segment register, formula for checking access is (data segments, conforming code): MAX(CPL, DPL) <= DPL = ACCESS GRANTED so if i setup RPL high, i wil fuck myself for no reason. if i setup it lower, oh, i cant do that! that means CPL is guarding privilege escalation! only thing i can think of, is returning. when im in ring0, and return to ring2, ring0 and 1 selectors are nullified, 2 and 3 stays. but thats crappy explanation. I wont escalate because CPL is guarding it, but i can set RPL higher, just to make an error, no reason! HELP ME I MUST UNDERSTAND IT! IT ANNOY ME DAY AND NIGHT, CANT SLEEP! |
|||
12 Feb 2010, 15:32 |
|
baldr 12 Feb 2010, 18:13
DOS386,
So why do we need XD bit to prevent various exploits? Basic flat memory model is simple, that's why it is often being choosed. Is it "protected mode" memory model? I think, no. It uses protected mode features to disable protection. "Darwin's Blade: All other things being equal, the simplest solution is usually stupidity." — Darwin Minor (Dan Simmons, actually ) __________ asmmsa, When memory model is multi-segmented, pointers are far. They are passed between various parts of system and user code, access checks are being made based on RPL of their selector part. See also subchapter "5.10.4 Checking Caller Access Privileges (ARPL instruction)" in Intel SDM vol. 3A: "System Programming Guide, Part 1" |
|||
12 Feb 2010, 18:13 |
|
asmmsa 12 Feb 2010, 19:06
checks are made by CPL.
if my cpl <= DPL of segment is sufficient, i can load it into CS/DS/EE/SS and others. if not, i cant load them. if i return with loaded segment registers, they are set to 0. at least thats how i understand it. there is no place for RPL. i still dont get it. AND WE ARE SPEAKING ABOUT DATA SEGMENTS!!! code is the same but i want easier picture to compare. can you give me example? RPL is said to weaken CPL. ok thats the only 1 part i understand and can agree on. but why? who needs it? Quote: Then, when the operating system uses what a bullshit. what is an operating system, dpl = 0? what! Quote: Operating-system procedures typically use the RPL to prevent less privileged application YEAH BUT ITS CALED DPL! Quote: When an ok how do it recive it? i pass on stack, or in segment register? lets assume that in segment register. call > segment register is unchanged, points to ring3 segment. now if OS wants to use it, it must save a copy on stack. push ds mov ax,ring0_data mov ds,ax ... code pop ds where is the RPL? if cpu wants to use ring3 segment, it must low.... NO it can just access it because CPL (0) < DPL (3). whats the problem?! ring3 app cant pass in DS ring0 segment, only ring3 and it has to fuill that stupid RPL. Quote: They are passed between various parts of system and user code, access checks are being made based on RPL do you mean situation like that: . ring3 code . divide exception . ring0 code . call to other code ring0 . call to other code ring0 . found pointer to ring3 data on stack, RPL = 3 if pointer is on stack that means its valid and i have not maker any checks. now in cpl=0, loading pointer with rpl=3. if i load it to DS it will work. when i return to ring1 or 2, i wouldnt be able to load this pointer, because of RPL, so i think im gettin somewere. RPL is to protect agnist multi-RING bugs, right? ring2 created a selector. its valid, RPL = 2. code passed to ring1. ring1 wants to load this selector. cpl = ok, rpl = too high. error. ring1 cant load it. so what, cpu doesnt pass selectors except CS. why prevent more privileged ring accessing less one? i cant understand it now. |
|||
12 Feb 2010, 19:06 |
|
asmmsa 12 Feb 2010, 19:19
Here the segment selector passed to the operating system is placed in the destination operand and segment selector for the application program's code segment is placed in the source operand. (The RPL field in the source operand represents the privilege level of the application program.) Execution of the ARPL instruction then insures that the RPL of the segment selector received by the operating system is no lower (does not have a higher privilege) than the privilege level of the application program.
what passing its about? push 0x18? passing in DS? what?! |
|||
12 Feb 2010, 19:19 |
|
edfed 12 Feb 2010, 19:33
Quote:
as i can see, you are a beginner, then, you should better focus on beginner's stuff instead of driving you crazy with advanced features. ... before to ask bolded oversized Not A Question. Quote: no its usless. application CANT LOAD FUCKING POINTER UNLESS ITS PRIVILEGED TO DO SO! AND EVEN THEN IT HAS TO RPL IT! WHY just have a deep look at IA programmer manual. |
|||
12 Feb 2010, 19:33 |
|
Coddy41 12 Feb 2010, 19:51
Whoa... someone seems to be using allot of "power" words...
asmmsa wrote:
I, recently found a solution to this problem I like to call "Drink less coffee" I think edfed is right, to some case... Beginers should play in the BIOS sandbox... Much more mun And ranting does not get things done any sooner. _________________ Want hosting for free for your asm project? You can PM me. (*.fasm4u.net) |
|||
12 Feb 2010, 19:51 |
|
asmmsa 12 Feb 2010, 20:28
got it, finally.
rpl is hardware enforced privilege check. when ring0 recive far pointer, to wich its supposed to write (for example ISR function just write to far pointer hello world), it must ensure that SEGMENT ACCESS wil be made with REQUESTORS privilege. it gets CPL from stack (far call > cpl on stack), and ARPL it agnist selector passed on stack as argument to some abstract hello_world_write function. selector gets ring3 CPL, and now kernel can load segment register with passed pointer, with adjusted RPL to match CPL of origin. if load will fail - access denied. this way ring0 can use hardware instead of checks (wich i relaize now would bi unpleasant, check DPL, then CPL, blah.) to to this job. very abstract, no wonder it didnt came to me sooner. i hope im not wrong... |
|||
12 Feb 2010, 20:28 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.