How to build and use glibc for Kernel Mode Linux

With a recent glibc, the overhead of system calls in existing binaries can be eliminated without modifying them. At the writing of this article, however, only developing version of glibc enables this. Therefore we explains how to build and use glibc in this article.

1. Requirements

Building recent glibc requires

2. How to build

2.1. Get the source from the GNU C Library site

% cd /tmp
% wget of glibc).tar.gz
% tar xzf glibc-(version of glibc).tar.gz
You may need patches in some cases.
(At the writing of this article, the most recent version of the GNU C Library is 2.11.)

2.2. Configure

% cd ..
% mkdir glibc-build
% cd glibc-build
% ../glibc-(version of glibc)/configure --prefix=/usr/local/lib/glibc-testing --with-tls --enable-add-ons=nptl

If you specify the "/usr" directory at the configuration (e.g., --prefix=/usr), system's glibc will be overwritten. We DO NOT recommend to overwrite system's glibc because replacing system's libc is as danger as replacing system's kernel.

2.3. Build glibc

% make

3. How to install

3.1. Install glibc

% make install

3.2. Install the dynamic loader into the "/trusted" directory

% mkdir -p /trusted/local/lib/glibc-testing/lib
% cd /trusted/local/lib/glibc-testing/lib
% cp /usr/local/lib/glibc-testing/lib/ld-(version of glibc).so ./
% ln -s ld-(version of glibc).so

4. How to use

Using the glibc's dynamic loader installed in the "/trusted" directory, existing binaries can be executed in the kernel-mode and the overhead of system calls can be eliminated without modifying them. (We have successfully executed many programs in the kernel-mode with this approach. For example, The Apache HTTP Server and PostgreSQL have been executed in the kernel-mode.)

For example, /usr/bin/find can be executed in the kernel-mode with the following command:

% /trusted/local/lib/glibc-testing/lib/ /usr/bin/find /usr

If you program requires shared libraries, the path to the libraries can be specified with the "--library-path" option as follows:

% /trusted/local/lib/glibc-testing/lib/ --library-path /usr/local/lib/glibc-testing/lib:/lib:/usr/lib /usr/bin/find /usr

When specifying the library path, please don't forget to specify the path to the installed glibc's libraries first.

Executing programs in the kernel-mode in KML is not as danger as you might think because the programs are executed as ordinary user processes. For example, paging and scheduling mechanism work in KML. However, if the programs behave awfully (for example, first disable hardware interruptions, then enter an infinite loop), your system will be broken, of course.

However, please keep in mind that programs executed in kerne mode can freely access the kernel, so some serious security breaches will be introduced. For example, if the permission settings of the "/trusted" directory (and the files under the directory) allow arbitrary users to write and/or execute programs, the users can hijack your system.