Information Technology Reference
In-Depth Information
A
P
P
A
P
P
Guest OS
Guest OS
le system,
networking,...
device drivers
Virtual Machine Monitor
Hardware
Figure3.14: Legacy device drivers can be run inside a guest operating system
on top of a virtual machine in order to isolate the effect of implementation
errors in driver code.
Microsoft does this on a wide scale. With hundreds of millions of installed
computers, even a low rate of failure can yield millions of bug reports per
day. Many crashes happen inside the device driver itself, but even those
that do not can sometimes be tracked down. For example, if failures are
correlated with the presence of a particular device driver, or increase after
the release of a new version of the driver, that can indicate the source of
a problem.
Driver sandboxing. Some researchers have proposed running device
drivers in their own restricted execution environment, using some of the
techniques described in the previous chapter for implementing application
process isolation. This way, a buggy driver can only affect its own internal
data structures and not the rest of the operating system kernel. Of course,
this requires lightweight sandboxing techniques, a topic we'll return to in
a later chapter.
Although driver sandboxing is likely to be adopted over the long term, in
the short term it is has proven dicult to implement in current operat-
ing systems. There is a huge amount of existing device driver code that
makes use of the ability to directly address internal kernel data structures;
drawing a boundary around these drivers has proven dicult. Supporting
legacy drivers is likely to be less of a problem as completely new hard-
ware and operating system platforms, such as smartphones and tablets,
are developed.
In the meantime, one approach that has gained some traction is to run all
