Subject: Re: compartmentalization of kernel memory
To: Kamal R Prasad <kamalrpr@in.ibm.com>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 04/08/2003 14:51:47
[ On Thursday, May 8, 2003 at 06:36:02 (+0100), Kamal R Prasad wrote: ]
> Subject: Re: compartmentalization of kernel memory
>
> we can create bounds on the addresses that a particular module inside the
> kernel is allowed to access.
Sounds like what you want to do, if you want to keep this as machine
independent as possible, is compile and run your kernels with some sort
of kernel-compatible "safe-C" runtime (i.e. one that's usable in a
standalone bare-hardware environment) which does range and bounds checks
everwhere on pointers (i.e. not just on array index pointers).
Mabye you can even get the real Safe-C to work on a kernel:
<URL:http://www.cs.wisc.edu/~austin/scc.html>
I hope you have a very fast CPU with lots of extra RAM! ;-)
Alternatively it might be an idea to try to port the kernel from C to
Cyclone[*] instead:
<URL:http://www.research.att.com/projects/cyclone/>
Otherwise what you really want/need is to migrate to a micro-kernel
where every "module", as you put it, really can be run in a separate MMU
context so that all the benefits of user-land address space containment
can be had for device drivers, filesystems, and such. You should have a
look at Darwin aka Apple MacOS X to see a production micro-kernel OS....
[*] I'd _REALLY_ like to get Cyclone working on NetBSD and try porting
some of my favourite applications to it too!
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>