| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Mar 2007 02:33:01 +0100 From: Andrea Arcangeli <andrea@...e.de> To: Ingo Molnar <mingo@...e.hu> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Davide Libenzi <davidel@...ilserver.org>, Ulrich Drepper <drepper@...hat.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Arjan van de Ven <arjan@...radead.org>, Christoph Hellwig <hch@...radead.org>, Andrew Morton <akpm@....com.au>, Alan Cox <alan@...rguk.ukuu.org.uk>, Zach Brown <zach.brown@...cle.com>, Evgeniy Polyakov <johnpol@....mipt.ru>, "David S. Miller" <davem@...emloft.net>, Suparna Bhattacharya <suparna@...ibm.com>, Jens Axboe <jens.axboe@...cle.com>, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [patch 00/13] Syslets, "Threadlets", generic AIO support, v3 On Thu, Mar 01, 2007 at 12:12:28AM +0100, Ingo Molnar wrote: > more capable by providing more special system calls like sys_upcall() to > execute a user-space function. (that way a syslet could still execute > user-space code without having to exit out of kernel mode too > frequently) Or perhaps a sys_x86_bytecode() call, that would execute a > pre-verified, kernel-stored sequence of simplified x86 bytecode, using > the kernel stack. Which means the userspace code would then run with kernel privilege level somehow (after security verifier, whatever). You remember I think it's a plain crazy idea... I don't want to argue about syslets, threadlets, whatever async or syscall-merging mechanism here, I'm just focusing on the idea of yours of running userland code in kernel space somehow (I hoped you given up on it by now). Fixing the greatest syslets limitation is going to open a can of worms as far as security is concerned. The fact that userland code must not run with kernel privilege level, is the reason why syslets aren't very useful (but again: focusing on the syslets vs async-syscalls isn't my interest). Frankly I think this idea of running userland code with kernel privileges fits in the same category of porting linux to segmentation to avoid the cost of pagetables to gain some bit of performance despite losing in many other areas. Nobody in real life will want to make that trade, for such an incredibly small performance improvement. For things that can be frequently combined, it's much simpler and cheaper to created a "merged" syscall (i.e. sys_spawn = sys_fork+sys_exec) than to invent a way to upload userland generated bytecodes to kernel space to do that. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists