Hi,
onlyonemac wrote:
Sounds interesting from a security point of view - only privileged (and presumably trusted) code can enter the kernel address space.
Not really - the "always present" part of the kernel would have to enable/map the majority of the kernel every time the kernel needs to do anything; which means the only time the "temporarily not mapped" part of the kernel would actually be "not present" is when you're running at CPL=3 and wouldn't be able to touch it if it was present.
Essentially; it probably won't be any better for security than a traditional micro-kernel. It'll just be much much slower due to frequent "kernel TLB flush" problems.
Cheers,
Brendan