Recent Features
| |||||||||||||
LCA: Andrew Tanenbaum on creating reliable systemsLCA: Andrew Tanenbaum on creating reliable systemsPosted Jan 18, 2007 11:28 UTC (Thu) by nix (subscriber, #2304)In reply to: LCA: Andrew Tanenbaum on creating reliable systems by jwb Parent article: LCA: Andrew Tanenbaum on creating reliable systems
What's more, banning DMA has a *really* high price. Yes, bus-mastering DMA means that misprogrammed hardware can scribble over any memory it likes: but the cost of avoiding it is immense (certainly far more than 5% in e.g. I/O-bound loads).
What we really need is a better MMIO controller such that devices can have multiple privilege rings (or capability tokens); with that in place, it could be made *impossible* for devices to DMA into memory other than that the CPU wants it to DMA into.
But as far as I know nobody has written such a controller, let alone put it in any sort of affordable hardware. I'd be overjoyed to be corrected.
(Log in to post comments)
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 18, 2007 12:08 UTC (Thu) by Los__D (guest, #15263) [Link] He talked about constraining DMA to the memory areas needed, not banning DMA... If the first is possible without the last, I have no idea.
The ban was on mmap.
Dennis
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 18, 2007 14:19 UTC (Thu) by nix (subscriber, #2304) [Link] Banning mmap() of hardware would be reasonable except that... anything a bug can do to a memory-mapped region, external hardware can do to you anyway through a bug in DMA programming.
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 18, 2007 15:28 UTC (Thu) by gnb (subscriber, #5132) [Link] So you need an IOMMU. They are arriving on server-grade x86 hardware, soI assume they'll make their way into people's desktops eventually. And eventually into sub-PC priced devices.
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 18, 2007 15:41 UTC (Thu) by cventers (subscriber, #31465) [Link] Even then, isn't it fairly trivial to hang the bus on common PCarchitecture?
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 18, 2007 16:17 UTC (Thu) by nix (subscriber, #2304) [Link] Certainly a lot of hardware has bugs/misfeatures whereby it can be convinced to grab the bus and never let it go: again, graphics cards are the most common crashers. Graphics card interfaces always seem to me to have been written by madmen, from state machines where if you don't do exactly the right thing the bus locks up, through write-only memory locations, to entire undocumented languages on modern cards...
I remain impressed that Dave Airlie and the other free software graphics cards retain their sanity. I'm sure I wouldn't.
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 18, 2007 17:19 UTC (Thu) by nix (subscriber, #2304) [Link] Um, the other free software graphics card *hackers*. As far as I know you can't buy Dave on the high street yet (and I'm not sure how fast he'd be able to do 3D rendering).
(I'll, um, blame it on the weather. I was warned that `high winds and heavy rain are forecast and this will disruption', so presumably as well as disrupting their grammar it's disrupted my posts.)
LCA: Andrew Tanenbaum on creating reliable systems Posted Jan 19, 2007 2:17 UTC (Fri) by vonbrand (subscriber, #4458) [Link] Doing the "banning" right presumes faultless software (elsewhere). I don't see that that software will be any simpler (and thus more probably right) than the one futzing around. Looks to me like the sum total will be buggier.
|
|||||||||||||