Driver API enhancements
From looking at the driver infrastructure I've got a few suggestions for enhancements.
I seems to me that we should strive to make JNode as secure and stable as possible. One way to achieve this is only allow subsystems access to the specific resources they need. This discourages the use of 'tricks' and curtails the effects of trojans. To apply this principle to the driver infrastructure: instead of the driver requesting the resources it needs, why not give these resources to the driver. Correct me if i'm wrong but by probing the PCI bus we can find the memory ranges, IRQs and port ranges the device wants anyway. If there are caveats, eg the device wants an extra interupt or can only run on specific interrupts these can be described in an special XML file anyway.
So for a driver we could have a start/stop interface. If we want to re-instate the device, e.g. change an interrupt setting we'd call stop on the driver object then clear the object from memory and re-create the driver object and call start again. I think this approach is good because it stops the driver object holding onto its old IRQ line for example. And efficiency is not so much of a concern as these type of opperation will occur vary rarely if at all.
So as a rough cut for a driver interface:
- void start(IRQ[] irqs, MemoryRange[] memoryRanges, PortRange[] portRanges) throws DeviceStartException
- void stop() throws DeviceStopException
The above interface should also simplify the actual writing of the device driver. The drive driver auther can assume the given resources are correct without having to check them. Also it relieves the auther of the responsibilty of going on a ishing expidition for resources, what happens when the preffered resource is busy etc.
I understand that part of the driver may need to run to determine if its a suitable driver for the device, but this is separate functionality from the actual running of the driver and so should be a separate system. Of course this functionality would be bundled with the driver. The selection code may be specific to the hardware.
I do not believe in giving drivers any special priviledge, although of course we would want the actual install of drivers to be a priveledged operation.
This is a rough cut of my idea, what do people think? Good idea, bad idea?
- Nathan
- Login to post comments
Sounds interesting
Nathan,
I've considered these options in the past, but at that time, it was to early since not all resources we're available.
I'll consider these ideas for the near future, although i think different about the API.
I think more in terms of driver.addResource(...) which are called before the device is actually started.
Driver Interface
Great Idea! Implementing any type of management system that acts as a security controle point, will only add to the stability and regularity of the os.