LCA: Andrew Tanenbaum on creating reliable systems
LCA: Andrew Tanenbaum on creating reliable systems
Posted Jan 18, 2007 11:28 UTC (Thu) by nix (subscriber, #2304)In reply to: LCA: Andrew Tanenbaum on creating reliable systems by jwb
Parent article: LCA: Andrew Tanenbaum on creating reliable systems
What's more, banning DMA has a *really* high price. Yes, bus-mastering DMA means that misprogrammed hardware can scribble over any memory it likes: but the cost of avoiding it is immense (certainly far more than 5% in e.g. I/O-bound loads).
What we really need is a better MMIO controller such that devices can have multiple privilege rings (or capability tokens); with that in place, it could be made *impossible* for devices to DMA into memory other than that the CPU wants it to DMA into.
But as far as I know nobody has written such a controller, let alone put it in any sort of affordable hardware. I'd be overjoyed to be corrected.
Posted Jan 18, 2007 12:08 UTC (Thu)
by Los__D (guest, #15263)
[Link] (6 responses)
The ban was on mmap.
Dennis
Posted Jan 18, 2007 14:19 UTC (Thu)
by nix (subscriber, #2304)
[Link] (4 responses)
Posted Jan 18, 2007 15:28 UTC (Thu)
by gnb (subscriber, #5132)
[Link] (3 responses)
Posted Jan 18, 2007 15:41 UTC (Thu)
by cventers (guest, #31465)
[Link] (2 responses)
Posted Jan 18, 2007 16:17 UTC (Thu)
by nix (subscriber, #2304)
[Link] (1 responses)
I remain impressed that Dave Airlie and the other free software graphics cards retain their sanity. I'm sure I wouldn't.
Posted Jan 18, 2007 17:19 UTC (Thu)
by nix (subscriber, #2304)
[Link]
(I'll, um, blame it on the weather. I was warned that `high winds and heavy rain are forecast and this will disruption', so presumably as well as disrupting their grammar it's disrupted my posts.)
Posted Jan 19, 2007 2:17 UTC (Fri)
by vonbrand (subscriber, #4458)
[Link]
Doing the "banning" right presumes faultless software (elsewhere). I don't see that that software will be any simpler (and thus more probably right) than the one futzing around. Looks to me like the sum total will be buggier.
He talked about constraining DMA to the memory areas needed, not banning DMA... If the first is possible without the last, I have no idea.LCA: Andrew Tanenbaum on creating reliable systems
Banning mmap() of hardware would be reasonable except that... anything a bug can do to a memory-mapped region, external hardware can do to you anyway through a bug in DMA programming.LCA: Andrew Tanenbaum on creating reliable systems
So you need an IOMMU. They are arriving on server-grade x86 hardware, so LCA: Andrew Tanenbaum on creating reliable systems
I assume they'll make their way into people's desktops eventually. And
eventually into sub-PC priced devices.
Even then, isn't it fairly trivial to hang the bus on common PC LCA: Andrew Tanenbaum on creating reliable systems
architecture?
Certainly a lot of hardware has bugs/misfeatures whereby it can be convinced to grab the bus and never let it go: again, graphics cards are the most common crashers. Graphics card interfaces always seem to me to have been written by madmen, from state machines where if you don't do exactly the right thing the bus locks up, through write-only memory locations, to entire undocumented languages on modern cards...LCA: Andrew Tanenbaum on creating reliable systems
Um, the other free software graphics card *hackers*. As far as I know you can't buy Dave on the high street yet (and I'm not sure how fast he'd be able to do 3D rendering).LCA: Andrew Tanenbaum on creating reliable systems
LCA: Andrew Tanenbaum on creating reliable systems