Re: [Syllable-kernel] IO operations

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2004-12-14 at 18:21 +0100, Jacek wrote:
> Hello,
> I'm writing here for the firs time. Sorry in advance if I'll make any
> mistakes with my english. Please ignore them or you can tell me about them,
> I would be grateful :)
> 
> I've been thinking about disallowing applications to make input/output
> operations on processor's ports.
> I've been looking at the kernel code and here is what I noticed, please tell
> me if I'm right:
> 1. all kernel and application code currently runs on privilege level 0

Nope.  User code runs at level 3.

> 2. syscalls are called via int 0x80
> 3. there are different addres spaces for kernel and user code (different
> segment selectors)
> 4. appserver is also user program
> 5. appserver's drivers also run as user code and perform direct port
> operations
> 
> The easiest way would be to dissallow all user applications making IO
> operations by changing their privilege level to ie 3 and setting the
> processor's IOPL in EFLAGS to ie 1. There is a problem if appservers uses
> direct IO operations. If so either the appsever could run on different IOPL
> or (better I think) the I/O Permission Bit Map could be used. There could be
> even only one bit map for the appserver and all his drivers.
> For now it could allow opperations on all ports. Later there could be
> implemented some functions that would allow registering port ranges that
> driver wants to use, etc.

I believe iopl is allowed (optionally) to root.  Anything not run as
root does not have iopl access.

Daniel