L4 Driver Security
Björn Döbel
doebel at os.inf.tu-dresden.de
Wed Jun 20 12:24:37 CEST 2012
Hi again,
>> 3. Untrusted, untested drivers can cause system crashes.
>
> Of course.
There's one thing to add, though: By running device drivers in dedicated
user-level processes, a crashing driver in the common case only takes
down its own process, but the rest of the system continues to run.
That's a major advantage, because you can have a monitoring process that
then restarts the driver [1] this way.
However, even a user space driver can still crash the system if it goes
rampant by misprogramming the DMA engine and you don't use an IOMMU.
Bjoern
[1] J. Herder et al. "Failure resilience for device drivers", DSN 2007
More information about the l4-hackers
mailing list