←back to thread

286 points joegibbs | 1 comments | | HN request time: 0s | source
Show context
dcow ◴[] No.42144029[source]
Why not just go all the way and separate the program instruction memory from the data memory, physically? I know there’s an approximation of this at the page level, but why even let the kernel modify its own memory in the first place? Memory unit that only loads signed pages. etc.
replies(3): >>42144066 #>>42144559 #>>42145502 #
saagarjha ◴[] No.42145502[source]
This is how iOS works already.
replies(1): >>42156713 #
dcow ◴[] No.42156713[source]
No it’s not.
replies(1): >>42160391 #
saagarjha ◴[] No.42160391[source]
Yes it is. The kernel’s code pages are specially marked and cannot be modified once the kernel’s signature is verified and it is mapped in.
replies(1): >>42170198 #
dcow ◴[] No.42170198{3}[source]
That’s not hardware memory separation.
replies(1): >>42170645 #
1. saagarjha ◴[] No.42170645{4}[source]
It’s handled by the memory controller, so…yes it is?