Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751466AbVJLPow (ORCPT ); Wed, 12 Oct 2005 11:44:52 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751465AbVJLPow (ORCPT ); Wed, 12 Oct 2005 11:44:52 -0400 Received: from pentafluge.infradead.org ([213.146.154.40]:24456 "EHLO pentafluge.infradead.org") by vger.kernel.org with ESMTP id S1751470AbVJLPov (ORCPT ); Wed, 12 Oct 2005 11:44:51 -0400 Subject: Re: using segmentation in the kernel From: Arjan van de Ven To: Alan Cox Cc: Alon Bar-Lev , Brian Gerst , "Jonathan M. McCune" , linux-kernel@vger.kernel.org, Arvind Seshadri , Bryan Parno In-Reply-To: <1129133231.7966.1.camel@localhost.localdomain> References: <434C1D60.2090901@cmu.edu> <434C2269.5090209@didntduck.org> <434C1F8E.6080405@gmail.com> <1129107936.3082.34.camel@laptopd505.fenrus.org> <1129133231.7966.1.camel@localhost.localdomain> Content-Type: text/plain Date: Wed, 12 Oct 2005 17:44:33 +0200 Message-Id: <1129131873.3082.52.camel@laptopd505.fenrus.org> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit X-Spam-Score: 2.9 (++) X-Spam-Report: SpamAssassin version 3.0.4 on pentafluge.infradead.org summary: Content analysis details: (2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [80.57.133.107 listed in dnsbl.sorbs.net] 2.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [] X-SRS-Rewrite: SMTP reverse-path rewritten from by pentafluge.infradead.org See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 987 Lines: 25 > > and I don't believe this one yota. THe only way to do this is to run > > modules in ring 1, at which point you are in deep shit anyway. > > Not neccessarily. Its how Xen works on x86-32 for example. It keeps > itself protected from the entire Linux instance by using segmentation on it only works if you make a very small syscall-like area which you use to talk to the "real" kernel. Which is entirely not how linux modules work right now.... at which point you're just about a userspace application anyway. Might be an interesting research project of course... > 32bit processors (not 64bit however as x86-64 has no segments in 64bit) afaik x86-64 grew segments recently for 64 bit mode for an unnamed other virtualization vendor - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/