jail extensions

Fri Jun 9 14:16:35 UTC 2006

On Friday 09 June 2006 13:24, Julian Elischer wrote:
> Alex Lyashkov wrote:
> >>2) at MOD_LOAD case run loop for each prisons and init private data for
> >>this module at all contexts. At this way module always 'exist' at all
> >>contexts.
> >>and disable module compiling (loading) when module don`t marked jail
> >>safe.
> >
> >example for this way.
> >http://cvs.freevps.com/index.cgi/kernel/include/linux/freevps/s_context_xf
> >rm.h?rev=1.3
> > http://cvs.freevps.com/index.cgi/kernel/net/ipv4/ah4.c?rev=1.3
> >ah4_init/ah4_fini functions.
>
> this is the bit that is obvious.
>
> The hard bit is the non obvious difficulty of changing all existing
> modules in such away that
> they can be compiled both in the new way, and in a way that they are
> still compiled to the old way.
>
> You need to put all the currently global variables into a structure that
> can be instantiated
> for each jail, but in order to make this continue to work in the
> existing system, they still need to
> be compiled as a global when the normal buold is made.
>
> for this reason Marco and I were looking at various macros that can be
> defined to
> allow the variables to be compiled both ways.
>
> For example :
>
>
> int xx;
> static int yy;
> struct a {
>   int aa;
>   int bb;
> } cc;
>
> might become:
>
> VM_GLOBAL_START(modname)
>    int xx;
>    VMG_STATIC int yy;
>    struct a {
>      int aa;
>      int bb;
>    } cc;
>  VM_GLOBAL_STOP(modname)
>
>
> You would access these as:
>  VM_GLOBAL(modname, yy) = 2
>  foobar( VM_GLOBAL_STRUCT(cc, modname)->bb);

One of the questions I have no answers to is what should we do with the 
"static" modifier semantics in a virtualized world order.  I.e. once th e 
virtualized symbols are placed in a structure generated by whatever macros we 
design, it will become difficult to efficiently discriminate between globally 
and locally visible parts of that structure...  

Marko