Conference hydra::axp-developer

From:	DEC:.REO.REOVTX::HUDSON       "[email protected] - UK Software
Partner Engineering 830-4121" 17-APR-1997 13:50:23.50
To:	nm%vbormc::"[email protected]"
CC:	HUDSON
Subj:	RE:POINT 25883 , write protecting global section

Hello Allen Copsey

Thanks for your ASAP question.  Sorry not to have answered more quickly.

The restriction related to SETPRT and copy-on-ref pages hasn't changed so far
as I can tell.  The reason for this is:

	$setprt only works on process page tables.  OpenVMS has no mechanism
	to modify the protection of already existing global pages. 
	Implications of trying to do this would be interesting:  what do you
	want to do with processes that have already mapped the page and would
	now no longer be allowed to touch it? 

	Copy-on-reference provides a process copy of the global page
	contents, and now you can change its protection in process context.
	Actually, if you use $setprt on a global page, this page is first
	turned into copy-on-reference for your process.

In the past, a few other people have asked this question though, and the
suggested ways to do it (depending on what "it" is) are:

1. re-map the section through MGBLSC and specify read-only (don't have
   SEC$M_WRT).  Incidentally this is the method that the debugger uses to
   implement watch points.

2. Have the section created as owned by exec mode, and have all access to the
   section allowed only through controlled routines which switch to exec mode
   before touching the section.

I hope this information is useful to you

Regards

Nick Hudson
Digital Software Partner Engineering

From:	VBORMC::"[email protected]" "Allen Copsey" 29-APR-1997 09:06:06.80
To:	"[email protected] - UK Software Partner Engineering 830-4121
17-Apr-1997 1350 +0100" <[email protected]>
CC:	[email protected]
Subj:	RE:POINT 25883 , write protecting global section


Hello Nick,

What I want to do is to create a block of shared memory which 
is normally readonly, but writable in exec mode, say. 

I can quite happily create a Global Section, but I seem unable
to make it readonly. My reading of the manual says that leaving
out the SEC$M_WRT atribute should make it readonly. It doesn't:(

The $SETPRT system service looks like it ought to do as I wish,
but since it only works on private memory:( And there seems
to be no way to create/map a GS with the desired properties.

(Bring back RSX11, I could hack that myself...:)

This is very frustrating, the bits seem to be there, they
just don't fit together.

Allen Copsey


On Thu, 17 Apr 1997, [email protected] - UK Software Partner Engineering
830-4121 17-Apr-1997 1350 +0100 wrote:

> Hello Allen Copsey
> 
> Thanks for your ASAP question.  Sorry not to have answered more quickly.
> 
> The restriction related to SETPRT and copy-on-ref pages hasn't changed so far
> as I can tell.  The reason for this is:
> 
> 	$setprt only works on process page tables.  OpenVMS has no mechanism
> 	to modify the protection of already existing global pages. 
> 	Implications of trying to do this would be interesting:  what do you
> 	want to do with processes that have already mapped the page and would
> 	now no longer be allowed to touch it? 
> 
> 	Copy-on-reference provides a process copy of the global page
> 	contents, and now you can change its protection in process context.
> 	Actually, if you use $setprt on a global page, this page is first
> 	turned into copy-on-reference for your process.
> 
> In the past, a few other people have asked this question though, and the
> suggested ways to do it (depending on what "it" is) are:
> 
> 1. re-map the section through MGBLSC and specify read-only (don't have
>    SEC$M_WRT).  Incidentally this is the method that the debugger uses to
>    implement watch points.
> 
> 2. Have the section created as owned by exec mode, and have all access to the
>    section allowed only through controlled routines which switch to exec mode
>    before touching the section.
> 
> I hope this information is useful to you
> 
> Regards
> 
> Nick Hudson
> Digital Software Partner Engineering
> 
> 
> 

% ====== Internet headers and postmarks (see DECWRL::GATEWAY.DOC) ======
% Received: from mail13.digital.com (mail13.digital.com [192.208.46.30]) by
vbormc.vbo.dec.com (8.7.3/8.7) with ESMTP id JAA14208 for
<[email protected]>; Tue, 29 Apr 1997 09:54:50 +0200
% Received: from carlton.innotts.co.uk by mail13.digital.com (8.7.5/UNX
1.5/1.0/WV) id DAA28908; Tue, 29 Apr 1997 03:56:53 -0400 (EDT
% Received: (from allenc@localhost) by carlton.innotts.co.uk (8.8.5/8.8.5) id
IAA06870; Tue, 29 Apr 1997 08:48:59 +0100 (BS
% Date: Tue, 29 Apr 1997 08:48:58 +0100 (BST)
% From: Allen Copsey <[email protected]>
% To: "[email protected] - UK Software Partner Engineering 830-4121
17-Apr-1997 1350 +0100" <[email protected]>
% cc: [email protected]
% Subject: RE:POINT 25883 , write protecting global section
% In-Reply-To: <[email protected]>
% Message-ID: <Pine.BSD/[email protected]>
% MIME-Version: 1.0
% Content-Type: TEXT/PLAIN; charset=US-ASCII

From:	DEC:.REO.REOVTX::HUDSON       "[email protected] - UK Software Partner Engineering 830-4121" 29-APR-1997 12:43:26.30
To:	VBORMC::"[email protected]"
CC:	HUDSON
Subj:	RE: RE:POINT 25883 , write protecting global section

Hello Allen

>What I want to do is to create a block of shared memory which 
>is normally readonly, but writable in exec mode, say. 

No, I don't think you can do this, the nearest you can get to this is to create
the section from EXEC (i.e. make it owned by EXEC) and then provide routines in
a priv'd shareable image which everyone has to use if they want to get at the
section.

>I can quite happily create a Global Section, but I seem unable
>to make it readonly. My reading of the manual says that leaving
>out the SEC$M_WRT atribute should make it readonly. It doesn't:(

This does work, I've included a pair of programs below which show this. 
Obviously this doesn't stop someone maliciously getting at the section, but it
prevents accidental writing to it.

Regards
nick

Sample output from CRE.PAS:

$ r/nodeb cre
stat was       1561 range mapped  00222000 ->  00223FFF
item   old   new
   1   000   001
   2   000   001
   3   000   001
   4   000   001
   5   000   001
   6   000   001
   7   000   001
   8   000   001
   9   000   001
  10   000   001
  11   000   001
  12   000   001
  13   000   001
  14   000   001
  15   000   001
  16   000   001
  17   000   001
  18   000   001
  19   000   001
  20   000   001
Type "Y" to finish ? Y
$


Sample output from MAP.PAS (while CRE is sitting at the "finish ? " prompt):

$ r/nodeb map
stat was          1 range mapped  00222000 ->  00223FFF
item   old   new
   1   001   002
%SYSTEM-F-ACCVIO, access violation, reason mask=04, virtual address=00222001, PC
=00020328, PS=0000001B
%TRACE-F-TRACEBACK, symbolic stack dump follows
 Image Name   Module Name     Routine Name    Line Number  rel PC      abs PC
 MAP          MAP             MAP                      35 00000328    00020328
                                                        0 83504170    83504170
$

(* cre.pas *)
[inherit ('sys$share:starlet','sys$share:pascal$lib_routines')]
program cre(input,output);

type
	uword = [word] 0..65535;
	ubyte = [byte] 0..255;
	addr_range = packed array [1..2] of unsigned;
	buff = packed array [0..20] of ubyte;

var
	stat : unsigned;
	i : integer;
	ans : char;
	inadr, retadr : addr_range;
	data : [unsafe]^buff;
	val : ubyte;
begin
	inadr[1] := 0;
	inadr[2] := 0;

	stat := $crmpsc(inadr := inadr,
			retadr := retadr,
			flags := (SEC$M_EXPREG + SEC$M_PAGFIL + SEC$M_WRT
				+ SEC$M_DZRO + SEC$M_GBL),
			gsdnam := 'NICK_SECTION',
			pagcnt := 16);

	writeln('stat was ',stat,' range mapped ',
		hex(retadr[1]),' -> ',hex(retadr[2]));

	data := retadr[1];
	writeln('item   old   new');
	for i := 1 to 20 do
	begin
		val := data^[i];
		writeln(i:4,'   ',hex(val,3,3),'   ',hex(val+1,3,3));
		data^[i] := val+1;
	end;
	
	write('Type "Y" to finish ? ');
	readln(ans);
end.

(* map.pas *)
[inherit ('sys$share:starlet','sys$share:pascal$lib_routines')]
program map(input,output);

type
	uword = [word] 0..65535;
	ubyte = [byte] 0..255;
	addr_range = packed array [1..2] of unsigned;
	buff = packed array [0..20] of ubyte;

var
	stat : unsigned;
	i : integer;
	ans : char;
	inadr, retadr : addr_range;
	data : [unsafe]^buff;
	val : ubyte;
begin
	inadr[1] := 0;
	inadr[2] := 0;

	stat := $mgblsc(inadr := inadr,
			retadr := retadr,
			flags := (SEC$M_EXPREG),
			gsdnam := 'NICK_SECTION');

	writeln('stat was ',stat,' range mapped ',
		hex(retadr[1]),' -> ',hex(retadr[2]));

	data := retadr[1];
	writeln('item   old   new');
	for i := 1 to 20 do
	begin
		val := data^[i];
		writeln(i:4,'   ',hex(val,3,3),'   ',hex(val+1,3,3));
		data^[i] := val+1;
	end;
	
	write('Type "Y" to finish ? ');
	readln(ans);
end.