Kernels that don't share address space with user processes
Posted: Fri Nov 22, 2024 4:15 pm
I've got an architecture in mind where the kernel shares as little address space with user processes as possible. In my concept I do not intend to use an actual microkernel design. This is an offset of a topic I started about how to get the linker to deal with a kernel that is spread around in it's address space: /viewtopic.php?p=350146.
This hypothetical architecture would avoid a standard higher-half kernel design and have a minimal trampoline area that is the only part of the address space that is shared between the kernel and user space. Here is a diagram of the address space layout and page mapping types I'm thinking of:
In my linker question post some discussion started related to the validity and merit of this architecture. I'd like to open up a discussion on those topics in the right place instead of having it in a post about a linker question.
First, this design is something I came up with because to me it "feels right." Sharing as little address space between the kernel and user space makes sense to me and my sysadmin brain. This design isn't based off anything else besides my gut telling me what to do. I also have barely any idea what I am doing.
Here are the pros of the design that I've come up with:
This hypothetical architecture would avoid a standard higher-half kernel design and have a minimal trampoline area that is the only part of the address space that is shared between the kernel and user space. Here is a diagram of the address space layout and page mapping types I'm thinking of:
In my linker question post some discussion started related to the validity and merit of this architecture. I'd like to open up a discussion on those topics in the right place instead of having it in a post about a linker question.
First, this design is something I came up with because to me it "feels right." Sharing as little address space between the kernel and user space makes sense to me and my sysadmin brain. This design isn't based off anything else besides my gut telling me what to do. I also have barely any idea what I am doing.
Here are the pros of the design that I've come up with:
- User mode process gets access to as much address space as is possible. This probably only matters for a 32 bit system and then also only matters for some rather specific cases where a program would need so much address space.
- Likewise the kernel gets access to as much address space as possible. The benefit here I can think of is that the extra address space over a higher-half kernel could be used to maintain even larger filesystem and other caches.
- Inherently resistant to the meltdown data exfiltration attack.
- Every transition between user space to kernel space or kernel space to user space requires the TLB to be flushed. This is going to have performance implications. Exactly how bad the performance hit is and how different it would be from a microkernel design is not clear to me.
- Identifying a pointer from user space is now more complicated than the higher-half kernel approach of seeing if the numerical value of the pointer is above the 1/2 of the address space.
- Using a user mode pointer will either involve setting up page table entries just for the pointer or doing manual address space translation and copying what the pointer actually points at. I also suspect setting up page table entries just for the pointer won't work correctly since the kernel is supposed to be able to use anything in it's address space as part of it's heap.