Re: User vs. Kernel (was: To be smug, or not to be smug, that is , the question)

MOLNAR Ingo (mingo@chiara.csoma.elte.hu)
Sat, 23 Jan 1999 16:32:15 +0100 (CET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Guest section DW: "Re: VFAT bug?"
Previous message: Stanislav Meduna: "Netscape buggy, kernel OK - some test results"
In reply to: Kelly French: "Re: Status of ROOT_NFS feature?"
Next in thread: Stanislav Meduna: "Re: Netscape buggy, kernel OK - some test results"
Reply: Stanislav Meduna: "Re: Netscape buggy, kernel OK - some test results"

On Sat, 23 Jan 1999, Albert D. Cahalan wrote:

> >> * Lack of generalized message passing
> >
> > (RT-signals in Linux, a feature of Linux 2.2)
>
> Could user acahalan send 42 bytes to user mmuscovi?

sure, 'mail mmuscovi < ./42bytefile'. What are you trying to achieve and
why?

> >> * Lack of a decent privilege/capability model
> >
> > (i guess you missed include/linux/capability.h, a feature of 2.2.
> > Not completely finished, but the main mechanizm is in there.)
>
> I believe he means "true" capability support. In any case,
> Linux can't revoke normal user capabilities.

what do you mean by 'true'. what is 'user capabilities'. If you mean
military grade security, where one can restrict a user to be able only to
execute the 'nop' assembly instruction, then you are right, Linux's doesnt
want to do that. Linux has a capability model that splits up _system_
priviledges (thus risks) so that eg. a security hole in 'ping' doesnt mean
a full system compromise.

> >> * Blocking I/O
> >
> > (whats your problem with that?)
>
> This limits concurrency. Within the kernel, IO events need not be
> serialized. User-space can only get this ability with threads.
> Threads are quite a bit of overhead for such a simple need, plus
> the use of threads tends to promote bugs.

take a look at async networking IO, fcntl(SETSIG), etc, implemented by
Stephen Tweedie recently. (it's in 2.2)

> >> * Interruptible system calls
> >
> > (what is your point here)
>
> It is not good to return to userspace, loop around, and make the system
> call a second time. The overhead [...]

Albert, do you have the slightest clue how often it happens to restart a
system call, in a typical Linux system? Just for kicks, i've added a small
hack to my kernel 5 minutes ago to count them:

total syscalls: 28456
restarted syscalls: 7

what overhead exactly are you complaining about? ...

> [...] and app code complexity are annoying.

the application sees _nothing_ from a system call restart to begin with.
It's handled in libc.

-- mingo

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Guest section DW: "Re: VFAT bug?"
Previous message: Stanislav Meduna: "Netscape buggy, kernel OK - some test results"
In reply to: Kelly French: "Re: Status of ROOT_NFS feature?"
Next in thread: Stanislav Meduna: "Re: Netscape buggy, kernel OK - some test results"
Reply: Stanislav Meduna: "Re: Netscape buggy, kernel OK - some test results"