flat assembler
Message board for the users of flat assembler.

Index > OS Construction > Paging in ring 3

Author
Thread Post new topic Reply to topic
Aulendil



Joined: 13 Jul 2014
Posts: 14
Aulendil 14 Jan 2016, 13:13
In my OS I have set up paging (1:1 for first 2MiB, supervisor only), long mode and have now successfully entered ring 3 using iret.

My kernel is loaded at 1800h.

Since I only have supervisor pages configured how come when I enter ring 3 I don't get any errors when I directly address memory?

Have I massively misunderstood how paging and security works?

Page tables:

Code:
        mov edi, 10000h
        mov ecx, 4000h shr 2
        xor eax, eax
        rep stosd

        ; PML4
        mov dword [10000h], 11000h + 111b

        ; PDPT
        mov dword [11000h], 12000h + 111b

        ; PD1
        mov dword 12000h],13000h + 111b

        mov edi, 13000h
        mov eax, 0 + 111b
        mov ecx, 512

        write_pages:
                stosd
                add edi, 4
                add eax, 1000h
                loop write_pages
      
     ; Enable long mode, enable paging....
    


Ring 3:

Code:
        cli
        mov ax, 0x1B
        mov ds, ax
        mov es, ax
        mov fs, ax
        mov gs, ax

        mov rax, rsp

        push 0x1B
        push rax
        pushf

        ; Enable interrupts in user mode
        pop rax
        or rax, 0x200
        push rax

        push 0x23
        push main_loop
        iretq

      ; .....
     main_loop:
         ; Code executed in ring 3 from here on
        mov byte [0x1801], 1 ; - Why don't I get an error by doing this?

    


Last edited by Aulendil on 14 Jan 2016, 15:19; edited 1 time in total
Post 14 Jan 2016, 13:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 14 Jan 2016, 14:17
Show your page settings. Show your code. Show us something. We don't know what you have done.
Post 14 Jan 2016, 14:17
View user's profile Send private message Visit poster's website Reply with quote
Aulendil



Joined: 13 Jul 2014
Posts: 14
Aulendil 14 Jan 2016, 15:19
Sorry I've updated my post..
Post 14 Jan 2016, 15:19
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 14 Jan 2016, 17:48
Aulendil
Quote:
Code:
        ; PML4
        mov dword [10000h], 11000h + 111b

        ; PDPT
        mov dword [11000h], 12000h + 111b

        ; PD1
        mov dword 12000h],13000h + 111b

        mov edi, 13000h
        mov eax, 0 + 111b     

By setting the U/S bit you're explicitly allowing the usermode accesses.

_________________
Faith is a superposition of knowledge and fallacy
Post 14 Jan 2016, 17:48
View user's profile Send private message Reply with quote
Aulendil



Joined: 13 Jul 2014
Posts: 14
Aulendil 15 Jan 2016, 16:23
OK so yes a slight mistake Wink

So having changed the u/s bit on the PML4/PDPT/PD1+table pages that now causes a lockup when in user land now which is what I was expecting.

How would I now add a second page directory with a table mapping 1MiB of 1:1 memory with physical addresses from 0x200000 - 0x2FFFFFF?
Post 15 Jan 2016, 16:23
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.