From owner-freebsd-current@FreeBSD.ORG  Fri Jun 14 07:15:46 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 0BE63AE2
 for <current@freebsd.org>; Fri, 14 Jun 2013 07:15:46 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 by mx1.freebsd.org (Postfix) with ESMTP id D86DE1737
 for <current@freebsd.org>; Fri, 14 Jun 2013 07:15:45 +0000 (UTC)
Received: from jre-mbp.elischer.org
 (ppp121-45-237-17.lns20.per1.internode.on.net [121.45.237.17])
 (authenticated bits=0)
 by vps1.elischer.org (8.14.5/8.14.5) with ESMTP id r5E7FX7q093752
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Fri, 14 Jun 2013 00:15:37 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Message-ID: <51BAC30F.1090208@freebsd.org>
Date: Fri, 14 Jun 2013 15:15:27 +0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Florent Peterschmitt <florent@peterschmitt.fr>
Subject: Re: Handle kernel module crashes
References: <51B5E040.2030709@peterschmitt.fr>
In-Reply-To: <51B5E040.2030709@peterschmitt.fr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 07:15:46 -0000

On 6/10/13 10:18 PM, Florent Peterschmitt wrote:
> Hello,
>
> It's not a problem but a question, and it's quite simple:
>
> How does FreeBSD handle crash from a single kernel module ?
>
> If the module internally crashes, does the entire system does too or
> FreeBSD will continue to live ?
>
> Thanks
>
a Module is by definition a part of the kernel with no barriers to 
prevent it
from damaging the kernel.
In a monolithic kernel (such as FreeBSD, or Linux) the module is 
loaded into the
protection domain of the kernel.

Much research was done in the 90s (and continues) with microkernels 
where some of the functionality of modules is instead given to 
"processes" which can be limited in the damage
they can do.

Some work is ongoing to sandbox drivers (for example) but it always 
comes at an expense of
performance.