On Tue, 1 Apr 1997, Fabio Olive Leite wrote:
> Hi there,
Howdy.
> Linux already has a micro-kernel-like design, considering the module
> support. People say "Hey, Mach is so cool 'cause I can debug a filesystem
> driver without rebooting". We already have an answer for that with all
> that wonderful module stuff.
>
> And we even don't have the context switching/message passing overhead, as
> modules are dinamically linked to the running kernel. The problem is that,
> AFAIK, modules can access kmem directly, and thus a buggy net card module
> can suddenly overwrite VFS code, or something else. That doesn't happen on
> micro-kernels, 'cause things run on userspace.
>
> The question is, is it feasible to have memory protection on modules? How
> would that be? That would be kind of a context switch inside the kernel, I
> think. But it would get Linux _much_ more stable, and we would be able to
> say exactly why it is so good.
>
I have had thoughts along the same line. It would be interesting to have
modules run in ring 1 (if I am correct, kernel runs in ring 0 and user in
ring 3 at the moment on x86). Protection level 1 would offer more
protection than running back to back with kernel, and would allow for
nifty whiz-bang things like module watching/tracing and sophisticated
debugging.
The tradeoff (isn't there always one) is performance; and it's a BIG
tradeoff. In a theoretical world, if you ran Linux as close to
micro-kernel as possible with all drivers at a different protection level,
the overall system performance would drop like a rock. Those ring context
switchs are *expensive*, and when you have to hit your SCSI driver
thousands of times a second, ... ouch ... I'm not sure what the actual
numbers would be, but I would guess 25% or more performance loss.
Netware 4 had an interesting option with it's NLM (Netware Loadable
Modules), wherein you could choose to run an NLM in a higher protection
level, for safety/development purposes. Once you had fully (or as fully
as possible) verified it's safety, you could load it back into ring 0 to
achieve full performance. There is some interesting hack value, and
possible real-world value too, to implement this under Linux. Big project
though....
+-------------------------------------------------------------------+
+ -- Finger: flood@evcom.net for my PGP public key -- +
+-------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM0G/phsjWkWelde9AQGjBwQA1uhaMfTVGrpU5fxVy6Xyr/V9Ncirk9o4
hOfvWPJyeEcthRfDkIyqOnu3C2UksQ8y1QjYZJfpJ8oQMt5pv7Tohz/GDfYqb7lk
sEprf4boKl658ZPsoI6cZfwJULEE/TI2JdE/sXISvytw4tdgXxd5cg8apCjynJ3q
9PXSOv/1YO8=
=sEKI
-----END PGP SIGNATURE-----