Techel wrote:
Quote:
We show that powerful computation on x86 processors is possible without executing any CPU instructions
Hype intensifies.
Edit: Too bad the pdf is damaged and cannot be read by my mobile.
I'm having trouble understanding how PaX PAGEEXEC works; I'm hoping someone here can explain it.
Quote:
By setting the Supervisor/User (S/U) bit in the PTE of a designated non-executable page, we can cause the processor to trap any access to that page...
The page fault handler then resets the S/U bit for a single data byte access to succeed,
and performs that access – causing the PTE for the page to be recorded in the dTLB. Right after this access, the handler resets the PTE entry’s S/U bit back to unconditionally causing the fault.
The bolded part is where I'm lost -- how does the page handler regain control? My understanding is it resets the S/U bit, then returns control to the program that caused the page fault. The program then retries the instruction, and this time it succeeds, so the page handler never regains control and can never reset the S/U bit. So how does this work?