From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,6394e5e171f847d1 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-09-05 13:19:03 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!cpk-news-hub1.bbnplanet.com!news.gtei.net!newshub2.home.com!news.home.com!news.mindspring.net!not-for-mail From: "Brian Catlin" Newsgroups: comp.lang.ada Subject: Re: Ada OS Kernel features Date: Wed, 5 Sep 2001 13:18:51 -0700 Organization: Sannas Consulting Message-ID: <9n61dg$h3k$1@slb5.atl.mindspring.net> References: <9n4euv$t9m$1@slb6.atl.mindspring.net> <3B964C7A.BC04374E@icn.siemens.de> <9n5o9n$37a$1@slb7.atl.mindspring.net> <3%ul7.3362$9z1.440040@news6-win.server.ntlworld.com> NNTP-Posting-Host: d1.56.dc.81 X-Server-Date: 5 Sep 2001 20:20:00 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Xref: archiver1.google.com comp.lang.ada:12772 Date: 2001-09-05T20:20:00+00:00 List-Id: "chris.danx" wrote in message news:3%ul7.3362$9z1.440040@news6-win.server.ntlworld.com... > > > > You should be able to "overload" a driver. What I mean ? Lets assume > > > you have a simple grafic driver on bootup, then you load a "better" > > > (more complex, higher resolution, 3D excelerator ...) one. If this one > > > crashes, then it should simply be unloaded and the system should > > > continue work with the (simple) default driver - instead of showing a > > > "blue screen" ;-) > > > > My first reaction to this was "Not Possible". However, that isn't > > entirely true; it is just *VERY VERY* difficult. > > Only in the "drivers in supervisor mode" model. > > > A driver runs in kernel mode, > > Why? Why not just have it in user mode? It makes more sense to have them > in user mode, at least to me. They can only corrupt themselves then, etc. > > > and has access to system data structures. > > Why should it? In your model a driver can screw a system up good and > proper, but if you put the driver in user mode then the associated problems > go away. New ones do crop up, but there's ways and means to deal with them. This has been well studied and the reasons will show up in just about any search of the relevant literature (in case my explanation does not make sense, or are not complete enough for you). A driver typically runs in two contexts, the context of the requesting process, because it needs to access the user's buffers, and "system" context (strictly, arbitrary process context) where the driver does not need access to the requesting process' address space. If a driver is running in its own process, how can it gain efficient access to the requesting process' buffers? Also, drivers spend most of their time running at elevated IPL (interrupt priority level), which can only be done in kernel mode. It is possible to build a general purpose operating system as you suggest, but the performance would suck. You would lose a lot of time doing translation buffer invalidates and switching between modes. > > If a driver corrupts a system data structure, how do you detect this, > repair it, and continue? > > I really don't get why a driver must have access to system structures or > atleast those in kernel space, can you explain this? A driver needs to access privileged APIs and data structures in the normal course of its work; for example, mapping DMA transfers, sending I/O requests to other drivers, etc. These APIs and data structures are specifically put in kernel mode to prevent user's from accessing them. -Brian