| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4581C84E.3080209@iinet.net.au> Date: Fri, 15 Dec 2006 08:55:26 +1100 From: Ben Nizette <ben.nizette@...et.net.au> To: "linux-os (Dick Johnson)" <linux-os@...logic.com> CC: Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org, tglx@...utronix.de Subject: Re: Userspace I/O driver core linux-os (Dick Johnson) wrote: > On Wed, 13 Dec 2006, Greg KH wrote: >> >> If anyone has any questions on how to use this interface, or anything >> else about it, please let me and Thomas know. >> >> thanks, >> >> greg k-h [snip] > There are well thought-out methods of creating hardware interfaces that > have a successfully history of implementation both in Linux and Unix. > There are well established APIs that are used to expose devices to > user-space with controlled privilege, access mechanisms, and built-in > locking to provide atomic access to the functionality of the devices > without user-space code needing to understand the device intricacies > (and probably getting it wrong). > > I recently returned from a conference where somebody had designed a > driver that exposes PCI registers and FPGA device registers to > user-space. Their problem was how to provide "call-backs" when an > interrupt occurred. They were convinced that all they had to do was > to have some user-space procedure that could be called when an > interrupt occurred. Then their so-called driver would work. They had > no clue about the fact that an interrupt can occur at any time not > just when somebody is ready and waiting for it, that one usually has > sections of code that must not be interrupted, etc. This is almost exactly the situation I find myself in and a situation for which UIO is perfect. UIO is not a hole through the kernel in to memory, it is a well defined API of the type you describe above (albeit not 'established' yet). UIO interrupts are _handled_ in kernel space but subsequently _signalled_ in userspace. There are no issues of kernel code directly calling any userspace functionallity. > > Driver code needs to be protected from undue user-space interference > otherwise the device can't be synchronized, shared, or accessed > through the operating system's APIs. And this is what UIO does, it allows userspace interaction without userspace interference. It provides a safe an sanitized view of the hardware to processes which make more sense in userland. > > Every time I showed how the driver couldn't work properly, the > designer so convinced of his superior methods, would devise a > work-around. For instance, to protect a section of code from being > modified in an interrupt, the user-space driver was to be executed > with iopl(3) and interrupts disabled. To protect the kernel from the > ISR being modified or replaced, the code would be checksummed every > time an interrupt occurred, etc. I could go on. Drivers have no place > user space. > No, dumb drivers with dodgy kernel interfaces don't have a place _anywhere_. If this under-educated person was using UIO there would be no need for any of his hacks, a userspace driver would be feasible, clean, neat and perfectly allowable. Regards, Ben - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists