From fnaumann@mail.cs.uni-magdeburg.de Thu Jul 8 14:41:22 2004 Message-ID: <1089290023.40ed3f2735791@imp4-q.free.fr> Date: Thu, 8 Jul 2004 14:33:43 +0200 From: Xavier Joubert To: mint@fishpool.com Subject: Re: [MiNT] Trans.: Re: Questions about 68040 References: <1089262936.40ecd558ec19f@imp6-q.free.fr> <009001c464d7$f49a36b0$b80863d9@blaszak> In-Reply-To: <009001c464d7$f49a36b0$b80863d9@blaszak> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 User-Agent: Internet Messaging Program (IMP) 3.2.1 X-Virus-Scanned: by amavisd-new-20030616-p7 (Debian) at fishpool.fi Delivered-To: mint@fishpool.com Delivered-To: mint@lists.fishpool.fi X-ecartis-version: Ecartis v1.0.0 Sender: mint-bounce@lists.fishpool.fi Errors-to: mint-bounce@lists.fishpool.fi X-original-sender: xavier.joubert@free.fr Precedence: bulk List-help: List-unsubscribe: List-ID: X-List-ID: X-Milter: ClamAV 0.70/0.70kjel X-Milter: milter-regex 1.5jel X-Milter: ClamAV 0.70/0.70kjel X-Milter: milter-regex 1.5jel Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by prinz.cs.uni-magdeburg.de id i68Cf2bB017843 Hi, Selon Konrad Kokoszkiewicz : > So, the "full restart architecture" means that the CPU does not stack enough > information to resume the execution at any point, but retains a large > portion of the information in its internals, and thus its internal context > cannot be radically modified by stack frame modification. Do I understand > this well? Yes. > Hmm. Ok, but the 68040 manual states, that the trace exception occurs after > the instruction completion. So, this move.l 0x05a0,d0 will actually complete > before the trace exception occurs, i.e. the longword will be loaded to the > register. So, I presume, the trace exception in your proposal is solely for > restoring the state of the PMMU, right? Right. This is a must, since you don't want the program to be able to access other low memory locations before you can check he's allowed to. This is also why you must only enable reading. Otherwise, you may miss something like : "move.l (a0),(a1)" where : a0 = 0x5a0 a1 = 0x8 In a malicious program trying to crash the system. Of course, if you don't give access to the real low mem, this is safe, but it would be better to stop a program doing such things than allowing it to try another way to crash the system. I think you must activate this system only when the program has (virtualy) switched to supervisor mode. Otherwise a developper working with MiNT will miss a bug in his program if he access the cookie jar pointer in user mode. The bug would bites only under other OSes. This is a well known problem on Falcon/CT2 where user could access low mem in user mode. Regards, Xavier