On Tue, Mar 28, 2017 at 10:36:52PM +0200, Maxime Villard wrote: > I already thought about this a few months ago, and my conclusion back then > was that it is very difficult to achieve if we want both good performance > and good security. This is a little off-topic, but the idea would consist in > having two identical kernel text segments mapped at different addresses. Only > one kernel is active at a time. Every once in a while we randomize the other > kernel, wait for interrupts to happen in the currently running lwps, and > migrate these lwps to the new kernel, dropping refcounts along the way. When > it reaches zero, everybody uses the new kernel, and we unmap the previous > one. And we keep jumping between kernels this way regularly. I also had other > magic tricks for .data and .rodata, but that's another debate.
This would be a step in the direction of allowing updating running kernels, wouldn't it? Thomas