Overview of the Process
Hardening is the process of ensuring that a driver works correctly in spite of faults in the I/O device that it controls or other faults originating outside the system core. A hardened driver must not panic, hang the system, or allow the uncontrolled spread of corrupted data as the result of any such faults.
A hardened driver obeys all the rules of a standard Solaris device driver plus some additional rules:
-
Each piece of hardware should be controlled by a separate instance of the device driver.
-
Programmed I/O (PIO) must be performed only through the DDI access functions, using the appropriate data access handle.
-
Device driver must assume that data it receives from the device could be corrupted. The driver must check the integrity of the data before using it.
-
Driver must control the effects of any faults that it detects. Device-supplied data must be integrity checked before it is released to the rest of the system.
-
Driver must ensure that all device writes using DMA buffers must be contained within pages of memory controlled entirely by the driver. This prevents a DMA fault from corrupting an arbitrary part of the system's main memory.
-
Driver must not be an unlimited drain on system resources if the device locks up. It should time-out if a device claims to be continuously busy. The driver should also detect a pathological (stuck) interrupt request and take appropriate action.
-
Driver must free up resources after a fault. For example, the system must be able to close all minor devices and detach driver instances, even after the hardware fails.
- © 2010, Oracle Corporation and/or its affiliates