Ingo Molnar <mingo@chiara.csoma.elte.hu> writes:
> + 'x86 Virtual System Call Interface', Ingo Molnar <mingo@redhat.com>
> ...
> there are several 'trampoline pages' (both data and code) which are
> 'dual-mapped': kernel-space has a read-write mapping to the data page,
> user-space only has a read-only mapping. This is how sys_times() works.
I'm not sure whether this is important enough to be on your radar, but there
is a downside to doing this. If, for example, timeofday is available in a raw
form on one of these data pages, and user-space code can read that page at
will (without going to the kernel), you lose your ability to "lie" to
user-space about the time.
Put another way, it makes virtualization harder. It becomes a lot harder to
convincingly tell process A that it's 1pm and (simultaneously) process B that
it's 3pm. If everything passes through the syscall interface, this is easy.
Think about the Pentium cpu serial number id (whatever it was called). If
userland code has direct access to this number, or can enable direct access
without hitting the kernel, you've got a big problem.
Is this really important? It depends on how useful you think tools like
SUBTERFUGUE (subterfugue.org) are. Anyway, I thought I'd mention it.
--Mike
-- Any sufficiently adverse technology is indistinguishable from Microsoft.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:13 EST