Hi again,
- Untrusted, untested drivers can cause system crashes.
Of course.
There's one thing to add, though: By running device drivers in dedicated user-level processes, a crashing driver in the common case only takes down its own process, but the rest of the system continues to run. That's a major advantage, because you can have a monitoring process that then restarts the driver [1] this way.
However, even a user space driver can still crash the system if it goes rampant by misprogramming the DMA engine and you don't use an IOMMU.
Bjoern
[1] J. Herder et al. "Failure resilience for device drivers", DSN 2007