On Tue, 15 Mar 2005 14:47:42 +1100, Peter Chubb <[EMAIL PROTECTED]> wrote: > What I really want to do is deprivilege the driver code as much as > possible. Whatever a driver does, the rest of the system should keep > going. That way malicious or buggy drivers can only affect the > processes that are trying to use the device they manage. Moreover, it > should be possible to kill -9 a driver, then restart it, without the > rest of the system noticing more than a hiccup. To do this, > step one is to run the driver in user space, so that it's subject to > the same resource management control as any other process. Step two, > which is a lot harder, is to connect the driver back into the kernel > so that it can be shared. Tun/Tap can be used for network devices, > but it's really too slow -- you need zero-copy and shared notification.
Have you considered running the drivers in a domain under Xen? > > -- > Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au > The technical we do immediately, the political takes *forever* > -- Jon Smirl [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
