From: Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>
To: "Wink Saville" <wink-hKg/bvL8yClBDgjK7y7TUQ@public.gmane.org>
Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [PATCH 1/4] ACE documentation
Date: Mon, 7 May 2007 01:04:55 +0200 [thread overview]
Message-ID: <200705070104.56130.arnd@arndb.de> (raw)
In-Reply-To: <d4cf37a60705061059t282a70d8j572447f27ceb5f10-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Sunday 06 May 2007, Wink Saville wrote:
> >
> > > Thus code
> > > +executing within the ACE area can also be executed from user space or
> > > +kernel space. This is accomplished by using spin locks when executing
> > > +within the ACE area and changes to arch/x86_64/kernel/entry.S such that
> > > +when an interrupt occurs while executing code in the ACE area that code
> > > +will be completed before the interrupt is dispatched.
> >
> > I don't understand how you can write to the spinlock when coming from
> > user space. If the page is writable, how do you make sure the user can't
> > write malicious code or data into it?
>
> Trusted code should only be allowed access to the feature, at the moment
> it is enforced by requiring the applications to have root permissions to
> open the character device driver.
This is a serious problem. There is a reason why we normally do things
with system calls. Unless you can come up with a safe and reasonably clean
way for unprivileged applications to use your code, I don't see how you
expect it to get merged in the kernel.
> > Can't you put this into the vdso? Calling into the right place sounds
> > like a problem that is already solved.
>
> Possibly, but it isn't universally available, I hope to use this technique
> on other architectures.
It should be possible to implement vdso on any architecture that is still
missing it. Not easy, but it's an established way of doing things and a lot
cleaner than making up your own linkage model.
Arnd <<<
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
next prev parent reply other threads:[~2007-05-06 23:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-06 1:54 [PATCH 1/4] ACE documentation Wink Saville
[not found] ` <463D3553.1040403-hKg/bvL8yClBDgjK7y7TUQ@public.gmane.org>
2007-05-06 14:49 ` Arnd Bergmann
[not found] ` <200705061649.38252.arnd-r2nGTMty4D4@public.gmane.org>
2007-05-06 17:59 ` Wink Saville
[not found] ` <d4cf37a60705061059t282a70d8j572447f27ceb5f10-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-05-06 23:04 ` Arnd Bergmann [this message]
[not found] ` <200705070104.56130.arnd-r2nGTMty4D4@public.gmane.org>
2007-05-07 2:14 ` Wink Saville
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705070104.56130.arnd@arndb.de \
--to=arnd-r2ngtmty4d4@public.gmane.org \
--cc=kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=wink-hKg/bvL8yClBDgjK7y7TUQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox