From owner-freebsd-current@FreeBSD.ORG Fri Jun 14 07:15:46 2013 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 0BE63AE2 for ; Fri, 14 Jun 2013 07:15:46 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id D86DE1737 for ; Fri, 14 Jun 2013 07:15:45 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-237-17.lns20.per1.internode.on.net [121.45.237.17]) (authenticated bits=0) by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id r5E7FX7q093752 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 14 Jun 2013 00:15:37 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <51BAC30F.1090208@freebsd.org> Date: Fri, 14 Jun 2013 15:15:27 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: Florent Peterschmitt Subject: Re: Handle kernel module crashes References: <51B5E040.2030709@peterschmitt.fr> In-Reply-To: <51B5E040.2030709@peterschmitt.fr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jun 2013 07:15:46 -0000 On 6/10/13 10:18 PM, Florent Peterschmitt wrote: > Hello, > > It's not a problem but a question, and it's quite simple: > > How does FreeBSD handle crash from a single kernel module ? > > If the module internally crashes, does the entire system does too or > FreeBSD will continue to live ? > > Thanks > a Module is by definition a part of the kernel with no barriers to prevent it from damaging the kernel. In a monolithic kernel (such as FreeBSD, or Linux) the module is loaded into the protection domain of the kernel. Much research was done in the 90s (and continues) with microkernels where some of the functionality of modules is instead given to "processes" which can be limited in the damage they can do. Some work is ongoing to sandbox drivers (for example) but it always comes at an expense of performance.