Re: Reliability of RPC services

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliability of RPC services

From:	Michal Suchanek
Subject:	Re: Reliability of RPC services
Date:	Thu, 27 Apr 2006 17:35:03 +0200

On 4/27/06, Jonathan S. Shapiro <address@hidden> wrote:
> On Wed, 2006-04-26 at 19:32 -0500, Jesse D. McDonald wrote:
> > On Wednesday 26 April 2006 19:17, Jonathan S. Shapiro wrote:
> > > On Wed, 2006-04-26 at 19:05 -0500, Jesse D. McDonald wrote:
> > > > This appears to be the primary point of contention for at least one
> > > > version of this thread, but the resolution is simple. In no case would 
> > > > an
> > > > untrusted device driver loaded by the user be granted free access to
> > > > either the PCI bus (or any device thereon, given their DMA capabilities)
> > > > or the system I/O space.
> > >
> > > Good. Then we are done, because this is basically the universal set of
> > > all devices.
> >
> > It's actually a fairly limited set of devices. It doesn't include, for
> > example, USB or IEEE-1394 devices (even if they happen to be accessed 
> > through
> > a PCI controller), or (probably) ATA devices (it depends on the ATA
> > protocol).
>
> Jesse:
>
> If you believe that, you need to go read the respective specifications
> more carefully. USB and IEEE-1394 *definitely* allow remote devices to
> be masters. ATA is more SCSI-like every day. I haven't checked, but I
> bet that ATA allows it too. In fact, I'm pretty sure I remember
> disconnected operations in ATA-6, which amounts to the same thing.

As I understand USB there is exactly one root hub on the bus (in the
host adapter in a PC) that controls the bus. An attached device might
break the bus (ie simply by emitting noise) but should not be able to
compromise the PC.

On a FireWire or SCSI bus the devices are more-or-less equivalent in
their roles. They can do transfers from one dedive to antoher, and one
of these devices is the PC.

I heared that for firewire controllers there is some means for
protecting the PC from the other devices but it is impractical and is
not used. In fact, FreeBSD uses FireWire for kernel debugging.

With SCSI the device can transfer data to the SCSI controller. But
what that means probably depends on the controller. For hardware RAID
controllers it would be impractical to transfer the data to the main
memory directly because they have to decode it first. Simpler
controllers may be more straightforward and use the main memory
directly. But they still may limit their transfers to preallocated
buffers.

Thanks

Michal

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Reliability of RPC services, (continued)
- RE: Reliability of RPC services, Christopher Nelson, 2006/04/26
  - Re: Reliability of RPC services, Marcus Brinkmann, 2006/04/26
- RE: Reliability of RPC services, Christopher Nelson, 2006/04/26
  - Re: Reliability of RPC services, Jesse D. McDonald, 2006/04/26
    - Re: Reliability of RPC services, Jonathan S. Shapiro, 2006/04/26
    - Re: Reliability of RPC services, Jesse D. McDonald, 2006/04/26
    - Re: Reliability of RPC services, Jonathan S. Shapiro, 2006/04/26
    - Re: Reliability of RPC services, Jesse D. McDonald, 2006/04/26
    - Re: Reliability of RPC services, Michal Suchanek <=
- RE: Reliability of RPC services, Christopher Nelson, 2006/04/26
  - Re: Reliability of RPC services, Marcus Brinkmann, 2006/04/26
- RE: Reliability of RPC services, Christopher Nelson, 2006/04/27
  - Re: Reliability of RPC services, Bas Wijnen, 2006/04/27
  - Re: Reliability of RPC services, Marcus Brinkmann, 2006/04/27

Prev by Date: RE: Reliability of RPC services
Next by Date: Re: the deadly hypercube of death, or: handling permissions
Previous by thread: Re: Reliability of RPC services
Next by thread: RE: Reliability of RPC services
Index(es):
- Date
- Thread