Re: RFC: Memory protection in modules (stability)

Theodore Y. Ts'o (tytso@MIT.EDU)
Wed, 2 Apr 1997 09:26:14 -0500

Date: Tue, 1 Apr 1997 19:59:21 -0300 (GRNLNDST)
From: Fabio Olive Leite <>

Micro-kernels have a great stability because most of the operating system
runs on userspace, with memory protection.

This is a myth, really. Micro-kernels have a small a stability
advantage. However, most problems are such that segregating the OS
doesn't really help you much. Suppose you have a micro-kernel, and your
filesystem server or your device driver server or your network server
core dumps. Sure, the rest of the system may stay "up" (for some
definition of up), but your machine is still going to be pretty much
useless as a web server, or whatever task you want it to do.

Most of the Linux kernel bugs I've seen are ones where memory protection
offerred by micro-kernels simply wouldn't have helped. It might make
life more simpler for those who develop device drivers, but the memory
scribbling bugs tend to get caught long before the driver gets released
to users.

And we even don't have the context switching/message passing overhead, as
modules are dinamically linked to the running kernel. The problem is that,
AFAIK, modules can access kmem directly, and thus a buggy net card module
can suddenly overwrite VFS code, or something else. That doesn't happen on
micro-kernels, 'cause things run on userspace.

Note that because the modules are dynamically linked the running kernel,
that means they have to have access to the kernel memory. After all,
the kernel will be passing memory pointers to the module as arguments.
The *reason* why you have message passing overhead in micro-kernels are
because the servers don't have access to the kernel memory, so you have
to resort to message passing in order to pass the arguments to the
kernel server processes.

(And yes, modules need to have read-write access to kmem, because they
occasionaly do need to modify the arguments which are passed to them by
reference --- i.e., by memory pointer.)

- Ted