Re: Ada OS Kernel features

[Ole-Hjalmar Kristensen <ohk@clustra.com>]

"Brian Catlin" <briancatlin@mindspring.com> writes:

> "chris.danx" <chris.danx@ntlworld.com> wrote in message
> news:3%ul7.3362$9z1.440040@news6-win.server.ntlworld.com...
> >
> > > > You should be able to "overload" a driver. What I mean ?  Lets assume
> > > > you have a simple grafic driver on bootup, then you load a "better"
> > > > (more complex, higher resolution, 3D excelerator ...) one. If this one
> > > > crashes, then it should simply be unloaded and the system should
> > > > continue work with the (simple) default driver - instead of showing a
> > > > "blue screen" ;-)
> > >
> > > My first reaction to this was "Not Possible".  However, that isn't
> > > entirely true; it is just *VERY VERY* difficult.
> >
> > Only in the "drivers in supervisor mode" model.
> >
> > > A driver runs in kernel mode,
> >
> > Why?  Why not just have it in user mode?  It makes more sense to have them
> > in user mode, at least to me.  They can only corrupt themselves then, etc.
> >
> > > and has access to system data structures.
> >
> > Why should it?  In your model a driver can screw a system up good and
> > proper, but if you put the driver in user mode then the associated problems
> > go away.  New ones do crop up, but there's ways and means to deal with them.
> 
>  This has been well studied and the reasons will show up in just about any
> search of the relevant literature (in case my explanation does not make sense,
> or are not complete enough for you).  A driver typically runs in two contexts,
> the context of the requesting process, because it needs to access the user's
> buffers, and "system" context (strictly, arbitrary process context) where the
> driver does not need access to the requesting process' address space.  If a
> driver is running in its own process, how can it gain efficient access to the
> requesting process' buffers?  Also, drivers spend most of their time running at

It is possible (and has been done) to associate privileges with the
memory segment you are currently executing in, not which process you
are running in. In this way it is possible to get both speed and
safety, by having special libraries with sufficient privileges. Kind
of like the monitor/protected object idea, which lets you execute
code within it without process switching.

<stuff deleted>

-- 
Kabelsalat ist gesund.

Ole-Hj. Kristensen