Why segment protection policy in x86-32 is not available on x86-64?

[0x71...@gmail.com]

 hi all,

  in nacl x86-32, we use segment register to isolate data access and code execution range, but the paper and  the documents

by google says on x86-64 this method is not available. we know there are still segment registers in x86-64 , so why it is not available ?

Sorry for my poor knowlwdge.

Another question: in x86-64 we use 4GB region for untrusted code. and the main operation is also 32bit wide, the high 32 bits is masked as zero,

so i wonder why x86-64 nacl cannot use 32bit elf  directly  ?

64 bit OS can run 32bit nexe of course and you don't need to worry about the new policy in x86-64.So i can't understand the that.

[JF Bastien]

On Mon, Mar 30, 2015 at 4:17 AM, <0x71...@gmail.com> wrote:

 hi all,

  in nacl x86-32, we use segment register to isolate data access and code execution range, but the paper and  the documents

by google says on x86-64 this method is not available. we know there are still segment registers in x86-64 , so why it is not available ?

Sorry for my poor knowlwdge.

This should be informative:

http://en.wikipedia.org/wiki/X86_memory_segmentation#Later_developments

We can't use segmentation if the OS does!

 

Another question: in x86-64 we use 4GB region for untrusted code. and the main operation is also 32bit wide, the high 32 bits is masked as zero,

so i wonder why x86-64 nacl cannot use 32bit elf  directly  ?

64 bit OS can run 32bit nexe of course and you don't need to worry about the new policy in x86-64.So i can't understand the that.

The untrusted code is in a 32-bit address range, but the trusted code isn't: they coexist in the same process. The trusted code is 64-bit.

[Victor Khimenko]

On Mon, Mar 30, 2015 at 2:17 PM, <0x71...@gmail.com> wrote:

 hi all,

  in nacl x86-32, we use segment register to isolate data access and code execution range, but the paper and  the documents

by google says on x86-64 this method is not available. we know there are still segment registers in x86-64 , so why it is not available ?

Because segment registers in x86-64 mode don't provide any protection. They just contain base address which could be (and is) used for TLS, but couldn't be used for memory protection. Look on AMD and/or Intel documentation for detailed explanation.

Sorry for my poor knowlwdge.

Another question: in x86-64 we use 4GB region for untrusted code. and the main operation is also 32bit wide, the high 32 bits is masked as zero,

so i wonder why x86-64 nacl cannot use 32bit elf  directly  ?

x86-64 can use 32bit elf. It can not use elf with ia32 code because it because it uses different CPU mode, it's as simple as that.

 

64 bit OS can run 32bit nexe of course

Not "of course". Most 64 bit OSes can run 32bit nexes, but there is one small exception: Windows x64. 

Windows x64 removed segment manipulation functions from it's API and thus couldn't run 32bit nexe's. It's too popular to ignore it and if one wants to support both 32bit Windows and Windows x64 then one need both 32bit nexe and 64bit nexes. Since developers already need to provide both we've decided to use 32bit nexes with 32bit browsers and 64bit nexes with 64bit browsers on other platforms. It simplifies the code.

[0x71...@gmail.com]

Thanks for your reply, JF and knim. I think I have understanded the difference between x86-32 and x86-64 CPU segment model.

在 2015年3月30日星期一 UTC+8下午7:17:21，0x71...@gmail.com写道：