Re: how to turn off NX bit in assembly?

On Nov 17, 5:29 pm, "Rod Pemberton" <do_not_h...@xxxxxxxxxxxxx> wrote:
"Alexei A. Frounze" <alexfrun...@xxxxxxxxx> wrote in messagenews:87c2ffd3-d6b9-4d33-98f6-0458a793a28f@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



On Nov 17, 12:24 pm, "Rod Pemberton" <do_not_h...@xxxxxxxxxxxxx>
wrote:
Hey, anyone ever think about using NX to ensure running code can be
stopped?
I guess you could use a PF on an unmapped page too? I.e., instead of
using
interrupts or instead of waiting for the code to return, one could
selectively enable execution on one code segment or map only one page of
code using the faults to stop execution in an additional controlled
manor.
E.g., a sliding execution window, if the application starts to runaway,
slam
into the wall...

That's the mechanism behind the virtual memory: you use fewer physical
pages to execute the code than the code needs. Upon a page fault some
page is unmapped and flushed to the disk and another one is brought in
from the disk and mapped.

Does NX only apply to pages?...  

Yes.

If so, which is easire to do and undo:
map/unmap pages or set/clear NX?

The NX feature is global and AFAIR it can only be globally enabled/
disabled through the BIOS. Either way, if the OS uses it for its own
code (which would make sense too), you have no options other than
toggling the appropriate bit in the page table entries of the
applications.

 I'd think that keeping as many pages
mapped as possible would be a benefit to the OSes speed, wouldn't it?  But,
if it's more complicated to set/clear NX...

If you consider an efficient pair of the memory manager (supporting
virtual memory) and scheduler, the NX thingy will seem to you a
child's play. :) The working set, the associativity of the memory
caches, various policies like fairness and others, etc etc...

Instead of unmapping and flush a page upon a page fault and loading another
to continue execution, one could terminate the program at that point.

That's the mechanism for CPU/PC
virtualization -- you catch accesses to the regions where memory-
mapped hardware is expected to be. It's harder with "runaway" apps,
since generally it's nontrivial to detect such an app.

If it executes across a unmapped page boundary or into a page or area that's
been marked NX, you have the option to terminate at that point.  Of course,
the granularity isn't really there if it's executing a tight loop.  I should
probably look at the debug registers to see what control of code they
offer...  IIRC, they could interrupt on flow control.

And even if you
do detect it, what's the next useful step other than termination,
possibly logging an error and restarting the app from the beginning?

Yes, terminate.  :)  I'm sort of interested at the moment (and was a while
ago...) with the ability to start and stop code execution at whim under
control of another program (OS kernel).  The "at whim" part is the problem.
It requires the control program to regain control.  While the newer cpu's
have more features that could be used/abused for the purpose, older ones
don't.  If there is an existing method with timers, interrupts, NMI, I've
overlooked it.  Perhaps ACPI?  One could...  always rework the compiler
generate code which forfits control, but then you still have the problem of
applications not produced with the modified compiler.

AFAIK, the OS is still implemented pretty much in the software, not in
the hardware (CPU's gates). I mean, the ACPI doesn't distinguish apps
from one another, nor does it distinguish an OS from them. Right?

I don't remember if it was you somebody else on a few newsgroups I'm
subscribed to who mentioned MIT's "PittSFIeld" perl script that
modifies gcc's output assembly code so as to make sure that the code
and data accesses are bounded to their appropriate regions and no
instruction is executed from its middle and not its beginning. A
pretty good solution for regular applications (provided the source
code is available for tweaking and recompilation).

Alex
.

Relevant Pages

  • Re: Debugging Challenge - no source available
    ... transparent backgrounds - I previously noticed some bizarre behavior when I ... tried to set a control's background to a transparent bitmap (the transparent ... I've decided to derive my own control from the label control I'm ... >> In both cases, the debugger catches execution at the same point, just ...
    (microsoft.public.dotnet.general)
  • Re: how to turn off NX bit in assembly?
    ... code using the faults to stop execution in an additional controlled ... Instead of unmapping and flush a page upon a page fault and loading another ... one could terminate the program at that point. ... they could interrupt on flow control. ...
    (alt.lang.asm)
  • Re: Can I overwrite a calculated query field?
    ... click on the textbox control that you want to do this ... > for "execution" which was linked to a default rate times ... > charge" in your table) ... >>which could be a calculation based on what type of trade ...
    (microsoft.public.access.tablesdbdesign)
  • Re: Odd error trapping
    ... > No. Application.Exit just signals the message loop for the current ... The loop can't terminate until you return ... > control back to the caller. ... >> params") is executed from the next block of code and execution continues ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Problem getting screen controls to to populate
    ... The DoEvents instruction tells VB to pass control of execution to ... I would use a recordset variable. ... > The problem is that I have to open a msgbox (something else may ...
    (microsoft.public.vb.general.discussion)