Thursday, June 11, 2009

Per-function memory protection

There should be a way for the CPU to support confining a function's memory access without putting that function in another thread. By modularizing something in that way you incur the overheads of context switching and IPC, but without it a module carries the risk of corrupting the memory for the whole process and making the caller unstable. What's needed is for the CPU to support memory segments that apply only for a particular function call, so that if it segfaults we can catch that and have the function return a failure. So how do we do this?

* We could provide an opcode for switching only the segment registers
* We could set up associations for the MMU beteen certain EIP ranges and certain segments
* We could create a second "call" opcode that takes a second parameter which is an index to a segment context

Would this actually save any time, or does switching segments actually imply most of the overhead you'd get from a complete context-switch anyway?

If it works, this would allow us to have the benefits of a monolithic kernel and a microkernel at the same time.

No comments: