- 论坛徽章:
- 0
|
ulk讲:linux用dpl=0的陷阱门实现了大多数的异常处理。并且说了dpl=0的意思是不能被用户态访问。那么不是矛盾了么?用户态还怎么访问异常处理呢?
用户需要访问使用System Gate(DPL=3)实现的系统调用即可:int 0x80;用户为什么要处理Trap Gate呢?
For programmed exceptions, makes a further security check:
我想,这个further不用多说了吧;
个人理解,ULK3里面说的previlidge check有两步:
1.
Makes sure the interrupt was issued by an authorized source. First, it compares the Current Privilege Level (CPL), which is stored in the two least significant bits of the cs register, with the Descriptor Privilege Level (DPL ) of the Segment Descriptor included in the GDT. Raises a "General protection " exception if the CPL is lower than the DPL, because the interrupt handler cannot have a lower privilege than the program that caused the interrupt.
保证中断处理程序的权限大于产生中断的程序的权限,禁止中断调用用户程序,防止恶意用户程序,而又不妨碍用户态和内核态产生中断;
2.
For programmed exceptions, makes a further security check: compares the CPL with the DPL of the gate descriptor included in the IDT and raises a "General protection" exception if the DPL is lower than the CPL. This last check makes it possible to prevent access by user applications to specific trap or interrupt gates.
针对编程异常,执行进一步检查,防止用户态程序调用不该他产生的异常;
From Intel Manual volume 3a-3b: 6.12.1.1 Protection of Exception- and Interrupt-Handler Procedures
The processor checks the DPL of the interrupt or trap gate only if an exception or
interrupt is generated with an INT n, INT 3, or INTO instruction. Here, the CPL
must be less than or equal to the DPL of the gate. This restriction prevents
application programs or procedures running at privilege level 3 from using a
software interrupt to access critical exception handlers, such as the page-fault
handler, providing that those handlers are placed in more privileged code
segments (numerically lower privilege level). For hardware-generated interrupts
and processor-detected exceptions, the processor ignores the DPL of interrupt
and trap gates. |
|
免费注册
发表于 2011-11-07 20:46
