From: Piotr Wyderski on
Terje Mathisen wrote:

> I.e. a driver had full-speed access, but only to those hardware
> resources the OS would agree to give it

If it has access to DMA registers, and most PCI device drivers
must have it in order to work, then it can easily wipe out the kernel
and replace it with any code it wishes.

> so a buggy driver had less chance of messing up some
> unrelated hardware/software subsystem.

Direct access to physical memory == no security, no
matter which protection ring it runs at.

Best regards
Piotr Wyderski
From: Terje Mathisen "terje.mathisen at on
Piotr Wyderski wrote:
> Terje Mathisen wrote:
>> so a buggy driver had less chance of messing up some
>> unrelated hardware/software subsystem.
>
> Direct access to physical memory == no security, no
> matter which protection ring it runs at.

Afair the key idea was to help driver writers catch bugs, not to
guarantee security which is effectively impossible for anything that can
access hw directly.

Terje

--
- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"