Even before IOMMU existed, the programming model of letting drivers setup DMA themselves rather than going through a safe public interface that could have imposed IOMMU on them with no source-level changes was bad design.
Conversation
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
iOS implements TCP/IP in userspace and most operating systems have drivers at least partially implemented in userspace. Many of the secondary processors in a computer run a microkernel with isolated components. Most smartphones have *at least* one L4 implementation in them.
1
2
You talk about microkernels / isolated drivers and memory safe languages as if they're not already been broadly used in the wild. Most code is written in memory safe languages these days. Systems code is increasingly moving to them too. Kernels and drivers are *mostly* not yet.
1
1
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
That's not at all based in reality. Splitting things up into smaller, more easily understood components that are isolated from each other isn't something poorly understood. Monolithic kernels with shared everything threads have far more communication / concurrency complexity.
1
This Tweet was deleted by the Tweet author. Learn more
Okay, and the Linux kernel doesn't even try and just has millions of lines of code in the same address with no isolation, no security boundaries, no actual design or protocols for communication between them, etc. It's not at a human scale of understanding at all. It's far beyond.
1
2
There are not people with even a basic idea of how everything fits together in the Linux kernel. The concurrency is extremely poorly understood and defined. The memory model is not well defined. It's not well understood how it interacts with the C standard, compilers or itself.
It's pretty much the absence of design or thought put into how to architect / design something that is actually robust and secure. Having a monolithic kernel with fine-grained locking, enormous complexity, etc. just doesn't provide that, especially when it's written in C.
2