[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Kernel modules idea

To: mint@lists.fishpool.fi
Subject: Re: [MiNT] Kernel modules idea
From: Frank Naumann <fnaumann@boerde.de>
Date: Tue, 21 Dec 2004 11:35:30 +0100 (CET)
Delivered-to: fnaumann@mail.boerde.de
In-reply-to: <41C7EFA5.6080404@gabo.pl>
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
References: <41C7EFA5.6080404@gabo.pl>
Sender: mint-bounce@lists.fishpool.fi

Hello!

At this moment if module uses a kernel function in a wrong way (like kfree ona memory that never been kmalloced) we shoot the messenger, ie. kernel, wehave kernel fatal error.
The idea is so modules should have a special verion of each function that atmharms kernel, so the would not. At the beggining, module should register()to get a module id (mid). Then is should use this mid when calling everykernel function (as a first parameter). Then if module misbehaves we canshoot the module not the kernel, as kernel can track all resource allocationmade by module (resurce = memory, fd, trap, etc.).

That's the wrong direction and idea. As kernel modules run in kernel modethey are part of the complete kernel. It really don't matter ifsubroutines of the kernel are loaded as module or linked directly to themain kernel. Ther borderline to unsafe code is the user space boundary(e.g. code that operate in user mode and not kernel mode).


It will be totally useless to spent any time into such things as:

1) a buggy kernel module can crash the kernel in the same way
   as any other buggy kernel routine anyway

2) tracking resource usage will be a never ending story at this level
   you will for sure oversee tons of dependency thus introducing(!) lot of
   new bugs instead removing bugs

3) such fatal bugs you are able to detect are fixed in a short time
   (bugs you can detect are maybe wrong API usage or such simple things)

In summary, if you spent the needed work on this into fixing bugs insteadwe have a bug free kernel in the next time. If you try to implement thisyou will for sure introduce a lot more of new bugs instead detecting andremoving existing bugs.

Per definition a kernel module is the same trusted code as the main kernelcode itself (as I said it's directly part of the kernel). You can'tdifference in kernel mode.

Or as question, if you don't trust kernel code, what code do you trustthem?

You can for sure go into the microkernel architecture. The idea behind isis to reduce the kernel code to a minimum and to put most things into userspace server applications. The main drawback of this design is the neededcommunication overhead between the user space server applications.



Regards,
Frank

--
ATARI FALCON 060 // MILAN 060
-----------------------------------------
e-Mail: fnaumann@freemint.de

References:
- [MiNT] Kernel modules idea
  - From: Adam Klobukowski <atari@gabo.pl>

Prev by Date: [MiNT] Kernel modules idea
Next by Date: Re: [MiNT] Kernel modules idea
Previous by thread: [MiNT] Kernel modules idea
Next by thread: Re: [MiNT] Kernel modules idea
Index(es):
- Date
- Thread