[Xorg] The big multiconsole nasty

[Keith Packard]

Around 14 o'clock on Jul 7, Egbert Eich wrote:

> For HW access this is certainly true, but it also deosn't make the kernel
> a better choice than user land.

Yes, that's exactly right.  We need to treat any such code with the same 
care one would treat the kernel itself, it's all essentially equivalent.

> On the other hand a sloppy written user land code will probably just 
> segfault while similar flaws in a kernel module may mess up your entire
> system.

The contrarary is equally true; kernel mistakes often result in benign 
(from the system perspective) oopses while user-level mistakes can easily 
lock up the PCI bus.  Touching device registers is like that; there's no 
magic bullet here.

> From a security point of view it is certainly the correct apporach to 
> separate the scary parts from the rest of the Xserver.

I think this should be our goal -- address space separation of the 'scary' 
parts of the X server and a common sharable API to access them.

Security and stability are the goals here; a separate device configuration 
mechanism should allow:

 1)	Automatic recovery from X server crashes
 2)	'printk' support while X is running
 3)	Multi-seat X support
 4)	Support for other graphics systems (GL-solo in particular)

-keith


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20040707/23c7b4d1/attachment.pgp>