From: ebiederm@xmission.com (Eric W. Biederman)
To: Jeff Dike <jdike@karaya.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [uml-devel] new virtualization syscall to improve uml performance?
Date: 20 Jan 2002 17:28:15 -0700 [thread overview]
Message-ID: <m1lmesh7j4.fsf@frodo.biederman.org> (raw)
In-Reply-To: <200201182335.SAA05269@ccure.karaya.com>
In-Reply-To: <200201182335.SAA05269@ccure.karaya.com>
It sounds like there are a couple of good ideas here. Let me add my
refinements.
new_addr(); /* to get a secondary address space */
struct sandbox_params {
int return_reason;
int return_data;
int eax;
int ebx;
};
run_sandbox(int address_space, struct sandbox_params *params); /* to start a sandbox */
int fmmap(int address_space, void *start, size_t length, int prot,
int flags, int fd, off_t offset);
int fmunmap(int addresss_space, void *start, size_t length);
With the secondary address spaces being completely setup by uml.
And run_sandbox being the entry/exit point. The nice thing here is
that because they would share the same kernel stack/process most
registers can be left in registers. With run_sandbox putting as much
as possible on a fast path.
And then new_addr, fmmap, fmunmap would be all that you would really
need to manipulate those address spaces.
Usually processors only support a kernel/user space differentiation in
their page tables, and the sometimes support caching multiple address
spaces simultaneously cached in their tlbs. So I have designed this
interface to take advantage of the common processor features, and
additionally look as much like normal process execution as possible.
Any other implementation would need someone manually modify the page
tables, either the kernel or uml calling mprotect.
Any trap taken in the sandboxed address space should fill the
appropriate fields in struct sandbox_params and switch address spaces
back to the master process.
This interface is as cheap as I can imagine making it. And with
a little care can be really optimized on the kernel side if uml
becomes a common case.
Eric
next prev parent reply other threads:[~2002-01-21 0:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-18 23:35 [uml-devel] new virtualization syscall to improve uml performance? Jeff Dike
2002-01-21 0:28 ` Eric W. Biederman [this message]
2002-01-21 2:28 ` Jeff Dike
2002-01-21 6:00 ` Eric W. Biederman
2002-01-21 20:21 ` Jeff Dike
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1lmesh7j4.fsf@frodo.biederman.org \
--to=ebiederm@xmission.com \
--cc=jdike@karaya.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox