Hacker News new | past | comments | ask | show | jobs | submit login
Segmented Addressing Solves the Virtual Cache Synonym Problem (1997) [pdf] (umd.edu)
32 points by tjalfi 19 days ago | hide | past | favorite | 10 comments

When protected mode was introduced with the 286, it only virtual memory management method was via segmentation. Things like W^X were implicit in the system design. There were no pages to be mprotect'ed to enforce W^X, no, you could set the selectors for the code segment and for the data/stack segments to non-overlapping memory regions. Which segment a address was meant for was implicit - a return address on the stack implicitly referred to the code segment. This makes code injection exploits really difficult, if not impossible, since the code segment is protected against writes and the data segment causes an protection error when being jumped in. This wasn't some extra feature - this is inherent to protected mode.

But C assumes a plain memory layout, so Linux somewhen started to overlay the code and data segments 1:1, extending them to the full size of the virtual address range and use paging (introduced with 386) to implement virtual memory instead. This 1:1 mapping defeats the protections from the first paragraph. And now we got to implement a lot of security features the hard way.

In the AMD64 extensions, support for segmented protected mode got removed at all, and the 1:1 mapping is forcibly assumed.

Don't get me wrong - this isn't some "back on the old times stuff was better" - but i really feel this path in computing should have been pursued more.

> Don't get me wrong - this isn't some "back on the old times stuff was better" - but i really feel this path in computing should have been pursued more.

Itanium had security segments; they are probably described in the book IA-64 Linux Kernel: Design and Implementation.

One of the Itanium designers founded Secure64 Software[0].

They sold Itanium DNS appliances and the OS used the security segments.

The linked page describes some of the security features of Itanium; I'm not sure how many of them are found on other platforms.

[0] https://en.wikipedia.org/wiki/Secure64_Software#SourceT_Micr...

> When protected mode was introduced with the 286...

BTW you mean “was introduced to the x86 architecture with the 286...”

At the time memory segmentation was a standard way to deal with memory addressing limitations, and a more powerful mechanism than bank switching, if you could afford the circuitry.

Segment-specific memory protection was a core feature of the Multics design in the early 60s. Multics’ design was more sophisticated than the 286 as it supported different security rings on a per-segment basis, a simpler version of which I believe appeared with the 386. I believe Multics was the first to use this approach, but my memory might be faulty in this regard.

The 60s was a fruitful decade for architecture experimentation with a real Cambrian explosion of designs. Things settled down more in the 70s as people started to converge on fixing the byte length on 8 bits, 2’s compliment arithmetic and the like.

You are wrong there. "Protected Mode" is a shorthand for "Protected Virtual Address Mode", as defined by Intel in the Programmers Reference Manual. The term is already x86-specific, and this is what i intended to express.

Then I really don't understand the point you are trying to make.

Memory protection itself certainly preceded the 286 by almost 20 years (I used to use a PDP-10 that ran an operating system using memory protection since the mid 60s).

The article on which we are commenting talks about memory segmentation (which is what Protected Mode used to implement protection) thus my point that this was not an invention of Intel's (and in fact the 286 was not intel's first implementation of the idea, that was the 432).

I don't intend to have an argument; it's just you made the assertion that Intel's failure in this regard was the Road Not Taken while I'm merely pointing out that there is plenty of experience (pro and con) of memory segmentation before and after the 286 and 386.

I never claimed Intel invented Memory Protection, i didn't even use the term "Memory Protection", and i didn't assert anyones failure on not taking any path.

You are reading twice as much into my lines than what i said. I find this awful. At this point i regret writing my comment - not because its factually wrong or bad, but because im suddenly in the defensive because you are not putting much effort into understanding what i intended to express.

It might have been pursued more, had the https://en.wikipedia.org/wiki/Intel_iAPX_432 not met its fate.

Perhaps you mean W^X and mprotect?

Wow, what embarassing mistakes... silently fixed it, thanks!

Some recent experiments with direct segments:

Efficient Virtual Memory for Big Memory Servers, 2013, https://research.cs.wisc.edu/multifacet/papers/isca13_direct...

Implementation of Direct Segments on a RISC-V Processor, 2018, https://carrv.github.io/2018/papers/CARRV_2018_paper_4.pdf

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact