Re: [PATCH][RFC] x86 multiple user-mode privilege rings

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Luca Barbieri <ldb@ldb.ods.org>
Cc: Linux-Kernel ML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH][RFC] x86 multiple user-mode privilege rings
Date: 27 Oct 2002 10:06:40 -0700	[thread overview]
Message-ID: <m11y6blskf.fsf@frodo.biederman.org> (raw)
In-Reply-To: <1035686893.2272.20.camel@ldb>

Luca Barbieri <ldb@ldb.ods.org> writes:

> Short explaination: 
> This patch implements a feature called "x86 multiring", which is a
> shorthand for x86 multiple user-mode privilege rings support. 
> It allows user-mode programs to create DPL 1 and 2 segments and get a
> modifiable per-process copy of IDT. 
> 
> User Mode Linux can use these features to implement a syscall mechanism
> identical to the one used by the kernel-mode kernel, and thus much
> faster than the current one, with free memory protection and with zero
> context switches. 

But there are privilege switches.

> Wine could also use it to achieve fast syscall-level emulation of
> Windows NT (and, to a lesser extent, Windows 3.1 and 9x). 
> 
> Obviously there is some risk of the patch creating security holes. 

Let me get the gist of the idea.
To accelerate UML, and wine type applications:
1) setup segments with restricted limits, so their children cannot
   write into their supervisor process even though they share a mm.
2) load a special system call table that switches processor modes
   when any system call is activated.

Unless I am mistaken all of the above can be accomplished without
using the cpus multiple rings of privilege.  Which would allow nesting
only limited by the address space reduction of each task.

Eric

next prev parent reply	other threads:[~2002-10-27 17:02 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-27  2:48 [PATCH][RFC] x86 multiple user-mode privilege rings Luca Barbieri
2002-10-27 17:06 ` Eric W. Biederman [this message]
2002-10-27 19:19   ` Luca Barbieri
2002-10-28 12:12 ` Daniel Phillips
2002-10-28 15:43   ` Karim Yaghmour

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m11y6blskf.fsf@frodo.biederman.org \
    --to=ebiederm@xmission.com \
    --cc=ldb@ldb.ods.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox