Re: using segmentation in the kernel

From: Alan Cox
Date: Wed Oct 12 2005 - 10:39:30 EST

On Mer, 2005-10-12 at 11:05 +0200, Arjan van de Ven wrote:
> > separate modules so that they
> > will not affect kernel and more...
> and I don't believe this one yota. THe only way to do this is to run
> modules in ring 1, at which point you are in deep shit anyway.

Not neccessarily. Its how Xen works on x86-32 for example. It keeps
itself protected from the entire Linux instance by using segmentation on
32bit processors (not 64bit however as x86-64 has no segments in 64bit)

Doing that without major work on the kernel itself would be hard, and
you'd need to isolate out things like page table updates and verify them
whenever modules wanted to touch such stuff


