Avoiding syscall Overhead
At the moment the setproctitle call is implemented with a sysctl, this has the unfortunate side effect that this simple call locks the Giant-lock. As this call is a simple matter of setting a value, it could be better implemented with shared memory between the kernel and user-space.
This project purposes a scheme to securely share process specific data, between the kernel and a user-space process. This is done by having each process allocate a special memory page, on which the kernel and user-space process can share data. This will give the security needed, as the VM-system will make sure that no outside processes can fiddle with a process' data. As everything is going on it user-space, there is no concern about a rogue process could write inside the kernel memory. There is still a locking concern, which will be addressed either by locking the entire page, or micro-locking each data field on the page. To test the scheme, I will implement the setproctitle call with share memory as oppose to the current syscall version.
Update: Howard Su has sugested a a multi page scheme, where a read/write page is used for things like get/setproctitle and a read-only page for things like getpid. And maybe a system wide read-only page for things like getdomain, gethostname etc. More on this to follow.
This is a list of milestone, and the order in which I will take them.
Allocate a page in each process on creation.
Deallocate the page.
Write something to the page.
Read and write to the page from user space.
Figure out a suitable data structure.
- Figure out a locking scheme.
- Add the new scheme to setproctitle, running along side the old.
- Phase out the old scheme.
Completed milestones will be marked with ( ).
Have milestones 1-4 completed before the midterm evaluation.
Think up the data structure and locking scheme (milestones 5 and 6).
The two last milestone, and delivery.
All weeks included.
This should add a working getpid() through the page-scheme. A page is allocated on fork() and exec() and its address is accesible through the kern.usrsysshm sysctl. There is a struct on the page which is hold the pid, the pid is set from the kernel, and is accessible directly from the user process' vmspace.
This project is for the 2007 Google Summer of Code. Jesper B. Rosenkilde will be working on it with Jeff Roberson as mentor