| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM_iQpWXFQwtayT7Zv7iJd7zQZ=rX_P1ZK2P11-6ohRhLpg7Xw@mail.gmail.com> Date: Sat, 27 Sep 2025 13:43:23 -0700 From: Cong Wang <xiyou.wangcong@...il.com> To: Jarkko Sakkinen <jarkko@...nel.org> Cc: "Christoph Lameter (Ampere)" <cl@...two.org>, linux-kernel@...r.kernel.org, pasha.tatashin@...een.com, Cong Wang <cwang@...tikernel.io>, Andrew Morton <akpm@...ux-foundation.org>, Baoquan He <bhe@...hat.com>, Alexander Graf <graf@...zon.com>, Mike Rapoport <rppt@...nel.org>, Changyuan Lyu <changyuanl@...gle.com>, kexec@...ts.infradead.org, linux-mm@...ck.org, multikernel@...ts.linux.dev Subject: Re: [RFC Patch 0/7] kernel: Introduce multikernel architecture support On Fri, Sep 26, 2025 at 2:50 AM Jarkko Sakkinen <jarkko@...nel.org> wrote: > > On Wed, Sep 24, 2025 at 11:39:44AM -0700, Cong Wang wrote: > > On Wed, Sep 24, 2025 at 10:51 AM Christoph Lameter (Ampere) > > <cl@...two.org> wrote: > > > AFAICT various contemporary Android deployments do the multiple kernel > > > approach in one way or another already for security purposes and for > > > specialized controllers. However, the multi kernel approaches are often > > > depending on specialized and dedicated hardware. It may be difficult to > > > support with a generic approach developed here. > > > > You are right, the multikernel concept is indeed pretty old, the BarrelFish > > OS was invented in around 2009. Jailhouse was released 12 years ago. > > There are tons of papers in this area too. > > Jailhouse is quite nice actually. Perhaps you should pick that up > instead, and start refining and improving it? I'd be interested to test > refined jailhouse patches. It's also easy build test images having the > feature both with BuildRoot and Yocto. Static partitioning is not a bad choice, except it is less flexible. We can't get dynamic resource allocation with just static partitioning, but we can easily get static partitioning with dynamic allocation, in fact, it should be the default case. In my own opinion, the reason why containers today are more popular than VM's is not just performance, it is elasticity too. Static partitioning is essentially against elasticity. More fundamentally, it is based on VMCS, which essentially requires a hypervisor: https://github.com/siemens/jailhouse/blob/master/hypervisor/control.c > > It would take me like half'ish day to create build target for it. > > > Dual-kernel systems, whether using virtualization or firmware, are indeed > > common at least for automotives today. This is a solid justification of its > > usefulness and real-world practice. > > OK so neither virtualization nor firmware are well defined here. > Firmware e.g. can mean anything fro pre-bootloader to full operating > system depending on context or who you ask. > > It's also pretty hard to project why VMs are bad for cars, and > despite lacking experience with building operating systems for > cars, I'd like to believe that the hardware enforcement that VT-x > and VT-d type of technologies bring is actually great for cars. > > It's like every other infosec con where someone is hacking a car, > and I seen even people who've participated to hackatons by car > manufacturers. That industry is improving gradually and the > challenge would be to create hard evidence that this brings > better isolation than VM based solutions.. In case it is still not clear: No one wants to stop you from using a VM. In fact, at least in theory, you could use a VM inside a multikernel. Just like today we can still run a container in a VM (Kata Container). Your choice is always on the table. I hope this helps. Regards, Cong Wang
Powered by blists - more mailing lists