From owner-freebsd-arch@FreeBSD.ORG Fri Jun 9 14:16:35 2006 Return-Path: X-Original-To: freebsd-arch@freebsd.org Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEB1E16A41A; Fri, 9 Jun 2006 14:16:35 +0000 (UTC) (envelope-from zec@icir.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12A7F43D72; Fri, 9 Jun 2006 14:16:35 +0000 (GMT) (envelope-from zec@icir.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 3F76E9B655; Fri, 9 Jun 2006 16:16:33 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.1.1 Received: from [192.168.200.106] (zec2.tel.fer.hr [161.53.19.79]) by xaqua.tel.fer.hr (Postfix) with ESMTP id 3B2839B649; Fri, 9 Jun 2006 16:16:18 +0200 (CEST) From: Marko Zec To: freebsd-arch@freebsd.org Date: Fri, 9 Jun 2006 16:16:14 +0000 User-Agent: KMail/1.9.1 References: <1149610678.4074.42.camel@berloga.shadowland> <1149786697.3222.91.camel@berloga.shadowland> <44897693.5050306@elischer.org> In-Reply-To: <44897693.5050306@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200606091616.15042.zec@icir.org> Cc: Alex Lyashkov , Robert Watson , Julian Elischer Subject: Re: jail extensions X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jun 2006 14:16:35 -0000 On Friday 09 June 2006 13:24, Julian Elischer wrote: > Alex Lyashkov wrote: > >>2) at MOD_LOAD case run loop for each prisons and init private data for > >>this module at all contexts. At this way module always 'exist' at all > >>contexts. > >>and disable module compiling (loading) when module don`t marked jail > >>safe. > > > >example for this way. > >http://cvs.freevps.com/index.cgi/kernel/include/linux/freevps/s_context_xf > >rm.h?rev=1.3 > > http://cvs.freevps.com/index.cgi/kernel/net/ipv4/ah4.c?rev=1.3 > >ah4_init/ah4_fini functions. > > this is the bit that is obvious. > > The hard bit is the non obvious difficulty of changing all existing > modules in such away that > they can be compiled both in the new way, and in a way that they are > still compiled to the old way. > > You need to put all the currently global variables into a structure that > can be instantiated > for each jail, but in order to make this continue to work in the > existing system, they still need to > be compiled as a global when the normal buold is made. > > for this reason Marco and I were looking at various macros that can be > defined to > allow the variables to be compiled both ways. > > For example : > > > int xx; > static int yy; > struct a { > int aa; > int bb; > } cc; > > might become: > > VM_GLOBAL_START(modname) > int xx; > VMG_STATIC int yy; > struct a { > int aa; > int bb; > } cc; > VM_GLOBAL_STOP(modname) > > > You would access these as: > VM_GLOBAL(modname, yy) = 2 > foobar( VM_GLOBAL_STRUCT(cc, modname)->bb); One of the questions I have no answers to is what should we do with the "static" modifier semantics in a virtualized world order. I.e. once th e virtualized symbols are placed in a structure generated by whatever macros we design, it will become difficult to efficiently discriminate between globally and locally visible parts of that structure... Marko