Rhoads, Rob wrote:
> Project Announcement:
> We've started a new project on sourceforge.net w/ focus
> on hardening Linux device drivers for highly available
> systems. This project is being worked on with folks from
> OSDL's CGL and DCL projects as well.
> Hardened Driver Project Overview:
> Device drivers have traditionally been a significant source
> of software faults. For this reason, they are of key concern
> in improving the availability and stability of the operating
> system. A critical element in creating Highly Available (HA)
> environment is to reduce the likelihood of faults in key
> drivers, a methodology called driver hardening.
> To minimize instability contributed by device drivers and to
> enhance the availability of HA systems, we've attempted to
> define a set of requirements that a device driver should
> adhere to in order to be considered a hardened driver. We
> then define different hardening traits and the required
> programming interfaces to support these hardening traits.
> We've identified four areas in which drivers can be hardened:
> o Hardening with code robustness
> o Hardening with event logging
> o Hardening with diagnostics
> o Hardening with resource monitoring and statistics
> We've also identified some key areas we feel are most critical
> to overall system stability and plan to focus initial hardening
> efforts on drivers for network interface cards, physical storage,
> and logical storage.
While the goal is certainly good and true, the implementation really stinks.
You simply cannot "harden" drivers by adding additional statistics nor
by printing diagnostic messages via printk(). Further, centralizing
--domain-specific-- diagnostics and statistics is just plain moving in
the wrong direction.
Hardening drivers is a __human__ problem. People use existing APIs and
fuck up, thus creating bugs. You are attempting to paper it over with
buzzword-compliant features, but not actually addressing the real
problem. Adding silly APIs does not fix this. You can't avoid getting
down and dirty and actually fixing the drivers, and fixing up the
_existing_ APIs so that humans create fewer bugs.
I fully support hardening, and "carrier grade linux." This just ain't
the way to do it.
[no offense intended. if you think my comments harsh, wait until Al
Viro sees your sample driver...]
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Sep 23 2002 - 22:00:32 EST