From: Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>
To: "Wink Saville" <wink-hKg/bvL8yClBDgjK7y7TUQ@public.gmane.org>
Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [PATCH 1/4] ACE documentation
Date: Mon, 7 May 2007 01:04:55 +0200 [thread overview]
Message-ID: <200705070104.56130.arnd@arndb.de> (raw)
In-Reply-To: <d4cf37a60705061059t282a70d8j572447f27ceb5f10-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Sunday 06 May 2007, Wink Saville wrote:
> >
> > > Thus code
> > > +executing within the ACE area can also be executed from user space or
> > > +kernel space. This is accomplished by using spin locks when executing
> > > +within the ACE area and changes to arch/x86_64/kernel/entry.S such that
> > > +when an interrupt occurs while executing code in the ACE area that code
> > > +will be completed before the interrupt is dispatched.
> >
> > I don't understand how you can write to the spinlock when coming from
> > user space. If the page is writable, how do you make sure the user can't
> > write malicious code or data into it?
>
> Trusted code should only be allowed access to the feature, at the moment
> it is enforced by requiring the applications to have root permissions to
> open the character device driver.
This is a serious problem. There is a reason why we normally do things
with system calls. Unless you can come up with a safe and reasonably clean
way for unprivileged applications to use your code, I don't see how you
expect it to get merged in the kernel.
> > Can't you put this into the vdso? Calling into the right place sounds
> > like a problem that is already solved.
>
> Possibly, but it isn't universally available, I hope to use this technique
> on other architectures.
It should be possible to implement vdso on any architecture that is still
missing it. Not easy, but it's an established way of doing things and a lot
cleaner than making up your own linkage model.
Arnd <<<
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
next prev parent reply other threads:[~2007-05-06 23:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-06 1:54 [PATCH 1/4] ACE documentation Wink Saville
[not found] ` <463D3553.1040403-hKg/bvL8yClBDgjK7y7TUQ@public.gmane.org>
2007-05-06 14:49 ` Arnd Bergmann
[not found] ` <200705061649.38252.arnd-r2nGTMty4D4@public.gmane.org>
2007-05-06 17:59 ` Wink Saville
[not found] ` <d4cf37a60705061059t282a70d8j572447f27ceb5f10-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-05-06 23:04 ` Arnd Bergmann [this message]
[not found] ` <200705070104.56130.arnd-r2nGTMty4D4@public.gmane.org>
2007-05-07 2:14 ` Wink Saville
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705070104.56130.arnd@arndb.de \
--to=arnd-r2ngtmty4d4@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=wink-hKg/bvL8yClBDgjK7y7TUQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.