Yann POUPET writes: > "Hurg ! It seems your naughty sound card driver has crashed. > Do you want to try to reset it ? [YES] [NO] > Do you want to unload and reload it ? [YES] [NO] > Do you want to send a bug report to the maintainer ? [YES] [NO] > Do you want to be informed by email when it is fixed ? [YES] [NO]
The missing bit here is that there's just no protection inside the kernel. A "crashed" kernel extension means that we can no longer really trust anything about the overall kernel integrity. If we assume that avoiding data corruption is the highest priority (historically for Solaris this is true), then the only option left is to take down the system. This argues that, when folks are designing kernel extensions, it's worthwhile to pay some attention to what functionality belongs in the kernel and what bits can profitably be left in user space. Often, though perhaps not always, the complex bits (and the ones that are likely to have bugs) are also the bits that are not involved directly with data handling, and are instead control-path issues, and can often be factored out into user space. Having general memory protection in the kernel (such that a "crashed" driver can be known not to have damaged anything else) sounds like an interesting project, but nowhere near where we are today. -- James Carlson, KISS Network <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
