[cap-talk] Midori in The Register
Bill Frantz
frantz at pwpconsult.com
Tue Aug 5 20:45:21 CDT 2008
shap at eros-os.com (Jonathan S. Shapiro) on Tuesday, August 5, 2008 wrote:
>On Wed, 2008-08-06 at 10:52 +1000, James A. Donald wrote:
>> The problem is that these guarantees are a little *too* strong for
>> device drivers.
>
>In principle I do not see why. In the absence of DMA, it is obviously
>possible to write fully safe device drivers. In the presence of DMA, it
>is certainly possible to write fully safe device drivers so long as the
>low-level DMA interface is understood and mediated by the VM. That is
>not as difficult as it may initially seem.
VM/370 did exactly that. The DMA interface was the Channel
Program[1]. The only way a channel program could be executed was
through privileged instructions. VM intercepted the instructions,
translated the channel program, insuring its safety, and then
executed it. With a suitably constrained interface to the DMA
hardware, other architectures can perform similarly.
Cheers - Bill
[1] <http://en.wikipedia.org/wiki/Channel_program>
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345 Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, CA 95032
More information about the cap-talk
mailing list