| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aNlJMAHhFE-O3IX9@kernel.org> Date: Sun, 28 Sep 2025 17:41:52 +0300 From: Jarkko Sakkinen <jarkko@...nel.org> To: Cong Wang <xiyou.wangcong@...il.com> Cc: "Christoph Lameter (Ampere)" <cl@...two.org>, linux-kernel@...r.kernel.org, pasha.tatashin@...een.com, Cong Wang <cwang@...tikernel.io>, Andrew Morton <akpm@...ux-foundation.org>, Baoquan He <bhe@...hat.com>, Alexander Graf <graf@...zon.com>, Mike Rapoport <rppt@...nel.org>, Changyuan Lyu <changyuanl@...gle.com>, kexec@...ts.infradead.org, linux-mm@...ck.org, multikernel@...ts.linux.dev Subject: Re: [RFC Patch 0/7] kernel: Introduce multikernel architecture support On Sun, Sep 28, 2025 at 05:36:32PM +0300, Jarkko Sakkinen wrote: > On Sun, Sep 28, 2025 at 05:22:43PM +0300, Jarkko Sakkinen wrote: > > On Sat, Sep 27, 2025 at 01:43:23PM -0700, Cong Wang wrote: > > > On Fri, Sep 26, 2025 at 2:50 AM Jarkko Sakkinen <jarkko@...nel.org> wrote: > > > > > > > > On Wed, Sep 24, 2025 at 11:39:44AM -0700, Cong Wang wrote: > > > > > On Wed, Sep 24, 2025 at 10:51 AM Christoph Lameter (Ampere) > > > > > <cl@...two.org> wrote: > > > > > > AFAICT various contemporary Android deployments do the multiple kernel > > > > > > approach in one way or another already for security purposes and for > > > > > > specialized controllers. However, the multi kernel approaches are often > > > > > > depending on specialized and dedicated hardware. It may be difficult to > > > > > > support with a generic approach developed here. > > > > > > > > > > You are right, the multikernel concept is indeed pretty old, the BarrelFish > > > > > OS was invented in around 2009. Jailhouse was released 12 years ago. > > > > > There are tons of papers in this area too. > > > > > > > > Jailhouse is quite nice actually. Perhaps you should pick that up > > > > instead, and start refining and improving it? I'd be interested to test > > > > refined jailhouse patches. It's also easy build test images having the > > > > feature both with BuildRoot and Yocto. > > > > > > Static partitioning is not a bad choice, except it is less flexible. We can't > > > get dynamic resource allocation with just static partitioning, but we can > > > easily get static partitioning with dynamic allocation, in fact, it should be > > > the default case. > > > > > > In my own opinion, the reason why containers today are more popular > > > than VM's is not just performance, it is elasticity too. Static partitioning > > > is essentially against elasticity. > > > > How do you make a popularity comparison between VMs and containers, and > > what does the word "popularity" means in the context? The whole world > > runs basically runs with guest VMs (just go to check AWS, Azure, Oracle > > Cloud and what not). > > > > The problem in that argument is that there is no problem. > > If I was working on such a feature I would probably package it for e.g, > BuildRoot with BR2_EXTERNAL type of Git and create a user space that > can run some test and benchmarks that actually highlight the benefits. > > Then, I would trash the existing cover letter with something with clear > problem statement and motivation instead of whitepaper alike claims. > > We can argue to the eterenity with qualitative aspects of any feature > but it is the quantitative proof that actually drives things forward. I'd also carefully check as per modifying kexec that more complex use cases are compatible such as IMA. I don't know if there is an issue with secure boot but I'd make sure that there is no friction with it either. There's also shared security related hardware resources such as TPM, and in this context two instances end up thus sharing it for e.g. measurements, and that type of cross-communication could have unpredictable consequences (would need to be checked). BR, Jarkko
Powered by blists - more mailing lists