Reply To: Security

Another fascinating talk. I’ve got a few questions from it (you might notice a theme 🙂

Could a thread manipulate its own spReg to allow it to make calls without overflowing the stack, BUT overflowing the state in the spiller?

Could a thread do a grant in a loop, generating regions until something breaks? It sounds like the OS won’t get a chance to stop it until PLB eviction occurs. Also, if it’s on a family member which does it in hardware, that removes the OSs ability to regulate a rogue process.

If sounds like if a thread fills the region table with regions overlapping one address, the augmented interval tree will handle it happily (ignoring the previous question), however what if the PLB is (mostly) full of regions that all overlap an address, which a thread then accesses? Would it need to hit an excessive amount of regions in the cache to resolve the final permission set?

On the topic of overlapping regions, I assume it’s an OR of the permissions, not an AND?

Does the iPLB ignore read permissions? (ie, can code be execute, non-read)

Keep up the good work