Hi Ian, Would you be interested in merging (future, currently vapourware) patches to bring something akin to the "COLA kernel abstraction" to Maru? Would you like this kind of thing as a user-contributed module, or incorporated as a core feature?
For those who haven't read the paper: http://www.vpri.org/pdf/m2009007_COLA_kern.pdf The intent will be eventually to virtualise all functionality that can affect resource usage (i.e. security holes, denial of service, infinite loops, allocations). Here is how I imagine it working. For efficiency, the traps would be stored as a flat vector of functions each with their own unique integer ID offset rather than a single function taking arbitrary arguments and a data array as in the paper. This tradeoff makes trap numbers more valuable (and potentially exhaustible), but at least they can be dynamically allocated so that they are only present if your code actually uses them. The bootstrap trap vector will contain just one trap number: ;; Trap to allocate a new trap number. (define TRAP_NEW_TRAP_NUMBER 1) To fully virtualise and close off all trap number exhaustion denial-of-service attacks, that trap can be replaced for a locked-down version that just throws an error. The other primitives are: ;; Invoke a trap identified by a function stored in the current trap ;; vector at offset TRAPNUM (trap TRAPNUM ARG...) (apply-trap TRAPNUM ARGS) ;; Create a new trap vector, inheriting from the current trap vector ;; and override the new vector with the non-nil trap entries in VECTOR ;; Run (apply FUN ARGS), and when finished, restore the prior trap vector (apply-with-traps VECTOR FUN ARGS) For bootstrap, I can imagine something like this: ;; Virtualised exit function. (define TRAP_EXIT (trap TRAP_NEW_TRAP_NUMBER)) ;; Set up the vector for first virtualisation (let ((boot-traps (new-<array> 0))) (array-at-set boot-traps TRAP_EXIT exit) (define-function subr_exit (args env) (let ((status (and (is <long> (k_car args)) (get_long (k_car args))))) (trap TRAP_EXIT status))) ;; Enter the virtualised environment... (apply-with-traps boot-traps main argv)) Thoughts? -- Michael FiG <mich...@fig.org> //\ http://michael.fig.org/ \// _______________________________________________ fonc mailing list fonc@vpri.org http://vpri.org/mailman/listinfo/fonc
