Slashdot Mirror

← Back to Stories (view on slashdot.org)

Plex86 Lives, As Lightweight VM Technology

Posted by timothy on from the lightenment dept.

Kevin P. Lawton writes "Plex86 has been completely overhauled, and simplified to be a user (application) code only Virtual Machine technology. For running user code, many of the heavy weight x86-VM techniques are unnecessary. But the bonus is, Linux can easily be made to run inside the plex86 VM, so that the kernel is actually 'pushed down' to user privilege level. This has been demonstrated on both Linux 2.4 and 2.5 kernels. Thus, Linux can run in a plex86 VM without the need for any heavy virtualization. My goal is to keep the code base trim, tight, auditable and get to usable releases quickly. And to favor those goals over adding unnecessary complexities. The first milestones have just been reached, so it's still early in development. There are email lists available on the main plex86 site."

2 of 189 comments (clear)

  1. Re:UML by Anonymous Coward · · Score: 5, Informative
    User mode Linux has been invented and merged to the kernel already, no need for any additional software.

    Yes, but UML uses almost 80% of the processor's MTRR registers as a scratchpad to save state. Therefore, any kernel drivers that require real-time interrupt service (NET, SCSI) have to use cut-through emulation, instead of the much faster native emulation.

    The bottom line is UML works fine, and exhibits quite decent responsiveness, until you start trying to push disk and or network I/O.

    It's a fundemental flaw of UML. But UML's proponents consider it a necessary evil in the name of portability and lightweight robustness. I'm not sure I disagree with them.

  2. Re:User-Mode Linux? by Abcd1234 · · Score: 4, Informative

    This will change once SKAS mode goes into the mainline UML distribution. To quote from the UML website:

    "In short, the changes cause the UML kernel to run in an entirely different host address space from its processes. This solves the security and honeypot fingerprinting problems by making the UML kernel totally inaccessible to UML processes. Their address spaces are identical to what they would be on the host. This also provides a noticable speedup by eliminating the signal delivery that used to happen for every UML system call."

    So, there you have it. It requires a kernel patch, but basically solves all the old UML security issues. I don't believe it's quite ready for primetime, though. :) The SKAS page can be read here.