[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A Question to throw at you guys

From: Christian Helmuth
Subject: Re: A Question to throw at you guys
Date: Tue, 14 Nov 2006 12:25:37 +0100
User-agent: Mutt/1.5.12-2006-07-14


(Please, no direct answer, I'm on the list.)

On Tue, Nov 14, 2006 at 12:10:07PM +0100, address@hidden wrote:
> hi,
> On Tue, Nov 14, 2006 at 10:44:41AM +0100, Christian Helmuth wrote:
> > IMO the required capabalities for a driver to work can be derived from
> > the I/O resource and device structure. So devices attached to buses
> > are dominated by the bus drivers (which may be dominated by host
> > drivers or bus drivers again, e.g. PCI - USB - USB device). This
> > requires more trust into bus drivers than into drivers for the
> > attached devices, but could help to design a trusted driver tree.
> > Opinions?
> This works for some busses, but not all.

Which busses are you talking about? Could you be a bit more specific here?

> Also, it solves only part of the problem -- the driver is limited to the
> registers belonging to the actual device, but the device itself can
> often be programmed to acces system resources in an uncontrolled manner
> (e.g. through DMA).

Solutions to the DMA problem are in the pipe, e.g. intel VT-d. Regarding
other issues with device capabilities circumventing security mechanisms
IMO make these device obsolete.

BTW: I answered to Tom's statement:

> How would you expect that to work? The problem, as you stated above, is
> _not_ that we cannot limit what the driver is allowed to do, but that we
> have to believe it that it really needs the capabilities it asked for.

Christian Helmuth

TU Dresden, Dept. of CS
Operating Systems Group

reply via email to

[Prev in Thread] Current Thread [Next in Thread]