Re: Tonight's tradeoff

George Neuner wrote:

On Thu, 7 Mar 2024 16:02:45 -0500, Robert Finch <robfi680@gmail.com>
wrote:

A page marked RWE=000 is an unusable page.

Inaccessible, not unusable.
ENTER and EXIT check that the Safe-Stack is inaccessible to the application
{RWE = 000). This means the application cannot LD from or ST to the Safe-
Stack. ENTER and EXIT can !! This simple twist of the wrist eliminates the
ability to overrun data onto the data-stack does not alter the ABI guarantee
of callee returns to caller with all its preserved registers as if unchanged.

                                           Perhaps to signal bad memory.

That is eminently possible.

Or perhaps as a hidden data page full of comments or remarks. If its not readable-writeable or executable what is it? Nothing should be able to access it, except maybe the machine/debug operating mode.

A) it is accessible by more privileged levels of the system.
B) GuestOS can put information in process VaS that application cannot access
   {Say for example: to avoid keeping it in kernel address space.}
C) it can still be accessed by devices
d) it can be decrypted as touched (GuestOS exception)
e) A stack that Guarantees ABI in untrusted computing environments
.
The only one guaranteed no access is the application at the privilege level
of that applications memory map. All higher privilege applications access.

The ability to change (at least data) pages between "untouchable" and
RW is required for MMU assisted incremental GC.  If the GC also
handles code, then it must be able to mark pages executable as well.

Another use.

If an "untouchable" page can't be manipulated by user software, then
you've disallowed an entire class of GC systems.

I did not know of this technique, but it works in my design, too and without alteration.