With a recent glibc, the overhead of system calls in existing binaries can be eliminated without modifying them. At the writing of this article, however, only developing version of glibc enables this. Therefore we explains how to build and use glibc in this article.
% cd /tmpYou may need patches in some cases.
% wget http://ftp.gnu.org/pub/gnu/glibc/glibc-(version of glibc).tar.gz
% tar xzf glibc-(version of glibc).tar.gz
% cd ..
% mkdir glibc-build
% cd glibc-build
% ../glibc-(version of glibc)/configure --prefix=/usr/local/lib/glibc-testing --with-tls --enable-add-ons=nptl
If you specify the "/usr" directory at the configuration (e.g., --prefix=/usr), system's glibc will be overwritten. We DO NOT recommend to overwrite system's glibc because replacing system's libc is as danger as replacing system's kernel.
% make install
% mkdir -p /trusted/local/lib/glibc-testing/lib
% cd /trusted/local/lib/glibc-testing/lib
% cp /usr/local/lib/glibc-testing/lib/ld-(version of glibc).so ./
% ln -s ld-(version of glibc).so ld-linux.so.2
Using the glibc's dynamic loader installed in the "/trusted" directory, existing binaries can be executed in the kernel-mode and the overhead of system calls can be eliminated without modifying them. (We have successfully executed many programs in the kernel-mode with this approach. For example, The Apache HTTP Server and PostgreSQL have been executed in the kernel-mode.)
For example, /usr/bin/find can be executed in the kernel-mode with the following command:
% /trusted/local/lib/glibc-testing/lib/ld-linux.so.2 /usr/bin/find /usr
If you program requires shared libraries, the path to the libraries can be specified with the "--library-path" option as follows:
% /trusted/local/lib/glibc-testing/lib/ld-linux.so.2 --library-path /usr/local/lib/glibc-testing/lib:/lib:/usr/lib /usr/bin/find /usr
When specifying the library path, please don't forget to specify the path to the installed glibc's libraries first.
Executing programs in the kernel-mode in KML is not as danger as you might think because the programs are executed as ordinary user processes. For example, paging and scheduling mechanism work in KML. However, if the programs behave awfully (for example, first disable hardware interruptions, then enter an infinite loop), your system will be broken, of course.
However, please keep in mind that programs executed in kerne mode can freely access the kernel, so some serious security breaches will be introduced. For example, if the permission settings of the "/trusted" directory (and the files under the directory) allow arbitrary users to write and/or execute programs, the users can hijack your system.