On Fri, Mar 28, 2008 at 7:04 PM, Erik Mouw <mouw@xxxxxxxxxxxx> wrote: > It's a great way to be sure a single error in your userland program > will indeed crash the whole system. IOW: It sacrifies the protection > the kernel provides for a very minimal speed increase. True I agree with you. But there is a reason for - specifically pertaining to malware. For various reason (due to limitation of available bytes transfer into kernel, or due to ease of programming), the size of malware has to be as small as possible - so no choice but userland's shared libraries functions have to be used. (eg, ftp/ssh functionalities for network transfer). The malware started its life in the kernel, and to remain stealthy, it has to remain in the kernel. For all thse reasons, executing userland's codes in the kernel is used. For the Windows' version of similar concept: http://www.wd-3.com/archive/KernelDlls.htm And the problem to do these is non-trivial too. The shared libraries are always compiled as a position-independent codes. So it can be loaded anywhere in memory. But for each loading, it is necessary to resolve all the import and export tables and its function pointers. Then there is the relocation tables, which shows all the area in the shared libraries that have to be modified per memory loading. Then there is segment loading ......etc. All these are assuming you want to load the userland shared libraries and reused it in kernel's memory. A lot of memory is needed I guessed. Alternatively u can always execute the codes that exists in the userspace memory directly, but I think to do that u may need to modify the memory attributes, to overcome the hardware control provided by Intel x86 chip, and also to solve the problem of another thread switching back to userland, only to find all its memory attributes changed. Thus I don't think it is possible to use this approach. Sorry...do all these make sense? Just my analysis - may be completely wrong :-). -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
