Having looked into this a bit, it appears to be more like 9vx than
QEMU (uses segmenting capabilities), that is, unless I've forgotten
how 9vx is set up.
I believe some X11 stuff also uses segment registers, as well as TLS
on Linux.
TLS and the kind of segmentation 9vx and NaCl are using are two pairs
of shoes.
For every memory related operation in 32bit x86 there's a specific
register responsible for being part of the address translation. (eg.
%ds for various mov instructions and %ss for stack operations...)
However there are two "free" segment registers, namely: %fs and %gs.
So how can we possible use them? The x86 has the ability to prefix
operations in a way that it uses another segment register instead of
the usual one for translation.
This is how TLS is done. Either %gs or %fs are setup so that a
prefixed instruction will use the TLS address range.
However the way segmentation is used in 9vx and NaCl is a whole other
story. (What I am now saying me be specific to 9vx and differ on NaCl,
but the general principle should be the same)
Here the segment registers like %cs, %ds, %es and %ss are directly
altered (and given another segment description) so most of the memory
instructions can just be used without further host->guest code
translation (as long as the guest code doesn't use special
segmentation stuff himself).
The basic idea is: when segment translation is done anyway, let's
exploit it and get guest code memory translation/access restriction
for free)
Hope that clears it a bit and i wasn't too much of a noise for the list,
best regards,
André
