Subject: Re: compartmentalization of kernel memory
To: Bill Studenmund <wrstuden@netbsd.org>
From: Kamal R Prasad <kamalrpr@in.ibm.com>
List: tech-kern
Date: 05/08/2003 06:36:02
On Mon, 7 Apr 2003, Kamal R Prasad wrote:
>First off, please leav a blank line between quoted text and where you
>start your response. Otherwise it's rather hard to see where the quote
>stops and your answer starts.
pardon me on this one. I am having some problems with my email reader.
> Second, how much will that help? Yeah, for the first bad write you can
> say, you're writing to memory that should have been a FOO, but once the
> first write happens, you can't say much.
> I mean that's the whole problem we have now; we can't identify that first
> bad write. We only know something's wrong when the kernel dies and memory
> all looks like garbage. Since there can be multiple bad writes in a row,
> how can you say what this will tell you?
exceptions are not trigerred on the first (bad) write -true. further, if
the exception handler is in the same address space as the kernel, it may
not be able to function properly once the entire address space is
suspect/messed up.
The only way out (to improving stability) is to inhibit bad memory access
through some means.
we can create bounds on the addresses that a particular module inside the
kernel is
allowed to access. This is possible if modules within the kernel (eg:-
device drivers/networking stack etc) malloc() and use only data structures
specific to them ie they will not have to access data structures malloc
()'ed by other modules. In practice, this may not be possible because they
may have to access some generic data structures too -but we can isolate
such accesses. (if we can move drivers from kernel-space to user-space that
would also have sufficed- because a a bad pointer access in a user-space
driver will not bring the whole system down.)
Id appreciate feedback on this.
thanks
-kamal