Subject: Re: compartmentalization of kernel memory
To: Bill Studenmund <email@example.com>
From: Kamal R Prasad <firstname.lastname@example.org>
Date: 04/07/2003 06:16:55
On Fri, 4 Apr 2003, Kamal R Prasad wrote:
> if a null pointer access takes place (inside the kernel), the entire
> kernel memory is suspect.
> is it possible to compartmentalize kernel memory in any way so that
> corruption if it does result in an exception is guaranteed to leave
> some/all other memory segments intact? (we will know that memory
> has taken place only when we get an exception).
>No. Because what you're taking about if you do that is not a UNIX kernel.
>To do that compartmentalization, you need different MMU contexts, which
>means different contexts. While others have commented on exception issues,
Im referring to partitioning the heap (so that all malloc()s for a
particular module are done sequentially within that region). it means that
a bad pointer doing memory read/write is constrained not to go beyond the
region. if it still results in an exception, we know for sure that the
entire address space is not suspect.
>the main problem I see is that different MMU contexts == different
>contexts. In UNIX that means different processes. So you're essentially
>talking about different kernel processes. What we have now are different
>processes in the kernel, but they are in the same kernel MMU context (thus
>their ability to scribble on each others' memory).
IIUC , a kernel process will/may have to update kernel data structures and
so we cannot have seperate MMU contexts. how do we go about applying the
constraints that I mentioned above?
>To do what you want, we'd need to partition the different kernel bits into
>different areas (different MMU contexts) and add mmu context switch hooks
>all throught the kernel.
so its do-able but will complicate things inside the kernel?