Re: User mode drivers: part 1, interrupt handling (patch for 2.6.11)

From: Peter Chubb
Date: Mon Mar 14 2005 - 23:13:21 EST

>>>>> "Jon" == Jon Smirl <jonsmirl@xxxxxxxxx> writes:

Jon> On Tue, 15 Mar 2005 14:47:42 +1100, Peter Chubb
Jon> <peterc@xxxxxxxxxxxxxxxxxx> wrote:
>> What I really want to do is deprivilege the driver code as much as
>> possible. Whatever a driver does, the rest of the system should
>> keep going. That way malicious or buggy drivers can only affect
>> the processes that are trying to use the device they manage.
>> Moreover, it should be possible to kill -9 a driver, then restart
>> it, without the rest of the system noticing more than a hiccup. To
>> do this, step one is to run the driver in user space, so that it's
>> subject to the same resource management control as any other
>> process. Step two, which is a lot harder, is to connect the driver
>> back into the kernel so that it can be shared. Tun/Tap can be used
>> for network devices, but it's really too slow -- you need zero-copy
>> and shared notification.

Jon> Have you considered running the drivers in a domain under Xen?

See the paper presented by Karlsruhr at OSDI:

Joshua LeVasseur, Volkmar Uhlig, Jan Stoess, and Stefan Götz:
Unmodified Device Driver Reuse and Improved System Dependability via
Virtual Machines. OSDI '04.

They're using L4, rather than Xen as the paravirtualisation layer.

Dr Peter Chubb peterc AT
The technical we do immediately, the political takes *forever*
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at