Re: Kernel support for peer-to-peer protection models...

From: Pavel Machek
Date: Sun Mar 28 2004 - 13:55:41 EST


> > I meant "User Mode Linux" == linux running under linux. Someone
> > probably has an URL.
> Sorry - I plead ignorance :-) As the protection is recursive and
> transitive, I suppose that you could do this. When the UMK (user mode
> kernel) went to change the "real" machine it would get a protection fault
> that would be handled by the KMK, emulating the effect. Getting it right and
> also performant would be tricky though - is UML a necessary feature?

No. Its just "nice to have", and it does not support too many

> > Strange system.... If an application does not grant kernel access to
> > its space, how is kernel supposed to do its job? For example, that
> > "paranoid DLL" becomes unswappable, then?
> Pretection is in the *virtual* space, not physical. The physical-page
> manager (who has the TLB and underlying mapping tables in its space) can see
> and deal with any physical address, which in turn has the usual aliasing
> relationship with virtual addresses. Of course, physical is just one of the
> virtual spaces (and is distinguished solely by the one-to-one
> virtual-physical mapping). So the protection can be penetrated by anyone who
> can see the underlying physical page - but that's always true.

Aha, so some part of kernel exist that has "absolute right". Ok, now I
can imagine that it can work.

> > If most changes are in arch/, it should be acceptable...
> I fear that it might be more extensive than that :-)

Well, make patch and lets see... That means that 2.8 needs to be your
target. If impact outside of arch is not "total rewrite", you might
have a chance. If it is "total rewrite".... well you just need to be
very clever.
When do you have a heart between your knees?
[Johanka's followup: and *two* hearts?]
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at