On 4/27/06, Jonathan S. Shapiro <[EMAIL PROTECTED]> wrote: > On Wed, 2006-04-26 at 19:32 -0500, Jesse D. McDonald wrote: > > On Wednesday 26 April 2006 19:17, Jonathan S. Shapiro wrote: > > > On Wed, 2006-04-26 at 19:05 -0500, Jesse D. McDonald wrote: > > > > This appears to be the primary point of contention for at least one > > > > version of this thread, but the resolution is simple. In no case would > > > > an > > > > untrusted device driver loaded by the user be granted free access to > > > > either the PCI bus (or any device thereon, given their DMA capabilities) > > > > or the system I/O space. > > > > > > Good. Then we are done, because this is basically the universal set of > > > all devices. > > > > It's actually a fairly limited set of devices. It doesn't include, for > > example, USB or IEEE-1394 devices (even if they happen to be accessed > > through > > a PCI controller), or (probably) ATA devices (it depends on the ATA > > protocol). > > Jesse: > > If you believe that, you need to go read the respective specifications > more carefully. USB and IEEE-1394 *definitely* allow remote devices to > be masters. ATA is more SCSI-like every day. I haven't checked, but I > bet that ATA allows it too. In fact, I'm pretty sure I remember > disconnected operations in ATA-6, which amounts to the same thing.
As I understand USB there is exactly one root hub on the bus (in the host adapter in a PC) that controls the bus. An attached device might break the bus (ie simply by emitting noise) but should not be able to compromise the PC. On a FireWire or SCSI bus the devices are more-or-less equivalent in their roles. They can do transfers from one dedive to antoher, and one of these devices is the PC. I heared that for firewire controllers there is some means for protecting the PC from the other devices but it is impractical and is not used. In fact, FreeBSD uses FireWire for kernel debugging. With SCSI the device can transfer data to the SCSI controller. But what that means probably depends on the controller. For hardware RAID controllers it would be impractical to transfer the data to the main memory directly because they have to decode it first. Simpler controllers may be more straightforward and use the main memory directly. But they still may limit their transfers to preallocated buffers. Thanks Michal
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
