| Prev Next | Secure Lazy Binding | Slide #15 |
When you add a permission to a page, the update can be lazy
kernel notes the change but doesn't update the hardware mapping
when the process tries to use that permission, it faults and the fault handler fixes it up to work
When you remove a permission from a page, the update must be immediate
update the page tables and flush the involved TLB entries
if process has threads running on other CPUs, need to force them to do that too
not cheap...
...and we don't even want other threads to be able to see the change!
| EuroBSDCon 2014 | Copyright © 2014 Philip Guenther |