linux kernel implementation?
Nicholas Murphy
nmurphy at cs.washington.edu
Wed Dec 13 18:39:16 CET 2006
Actually, no...for performance reasons. I don't propose actually
merging GMP into the kernel source tree. I'm just after a version
that will compile into a kernel module for experimental purposes.
Specifically, I'm experimenting with cryptographically signing and
verifying network packets, and it's too expensive to do a userland
transition every time.
Thanks,
Nick
On Dec 13, 2006, at 9:02 AM, Linas Vepstas wrote:
> On Tue, Dec 12, 2006 at 11:11:40PM -0800, Nicholas Murphy wrote:
>> Has anyone ever tried to port GMP for use within the Linux kernel?
>> If not, any idea what would be involved? Would it just be a matter
>> of stripping out printf's and replacing malloc with kmalloc, etc.?
>
> Well, although there's some basic crypto in the kernel, I doubt
> the kernel hackers would allow gmp code into the kernel. Most
> want less, not more, code in the kernel. Thus, the canonical
> rejoinder is to do it in user space, and communicate with kernel
> with a netlink.
>
> I presme the point of putting it in the kernel is to gain additional
> security. For that, I suggest that the gmp-using server run in its
> own security domain (if using selinux), or, what surely is easier, run
> it in its own virtual domain (using vserver). If its acceptable to
> run only on the latest hardware, then look at using the hypervisor
> features to isolate your server from the bad guys.
>
> --linas
More information about the gmp-discuss
mailing list