> Being able to protect selected lists would be very nice. The problem is
> that the dentry and buffer lists are among the most active in the kernel,
> so I suspect the overhead of making it r/w for legal operations would
> be prohibitive. If the detection patch slowed the system down too much,
> people wouldn't be willing to run the patch for extended periods.
That is just a matter of marketing. :) You just have to position the
new checking packages as the way for Cool Dudes to run their Linux box.
"My box compiles the kernel in 2 minutes!" "Oh yeah? Well I run *my*
box with *all* CONFIG_DEBUG options turned on!" "Wow, that is some box!"
> It would be really nice if memory protection could be extended to only
> allow write access from a certain range of addresses. Then each data
> structure could be protected so that only its controlling subsystem
> could change it.
I wonder how slow the kernel would be if it trapped *every* write
access to most pages of its data space and checked a constraint list.
Yes, I'm serious.
My experience with memory-corruption bugs is that they often corrupt
memory a lot more often than the symptoms occur, because they can
corrupt memory that is going to get freed or rewritten. So a memory
protection mechanism might trigger a lot sooner than the mean time
between observable symptoms.
Michael Chastain
<mailto:mec@shout.net>
"love without fear"