Manualshelf

Specifications

ManualsBrandsMotorola ManualsComputer equipmentMCP750
271272273274275276277278279280
D
evice Driver Programming
16-4
4. Based on the state of the device and the information from the IO_INFO
iobus_err(2) call, the signal handler should decide what action to
take, such as resetting the device, re-issuing the command, shutting down
the simulation, etc.
Additional Considerations 16
On some systems, a VME bus error warning signal is sent to any process registered to
catch a VME bus error, regardless of which range of VME addresses that process is regis-
tered to catch. This is because some platforms cannot accurately or reliably determine the
physical VME address location of the bus error.
It should also be mentioned that the information returned on the IO_INFO
iobus_err(2) call is platform-specific. See the iobus_err(2) man page for more
information about the iobus_err(2) functionality, including platform specifics.
Device Drivers and Security 16
One of the design objectives of the PowerUX kernel is to conform to the criteria published
in the DOD Trusted Computer System Evaluation Criteria (hereinafter referred to as
TCSEC). Specifically, the PowerUX kernel must meet all security criteria necessary to
attain a B2 security rating.
The sections that follow introduce the main functional requirements of the PowerUX ker-
nel for a B2 security rating and show the effect of those requirements on the design and
implementation of the file system and device drivers. It is strongly recommended that you
become familiar with these requirements and with the guidelines for meeting them.
System Requirements 16
One of the most important security requirements imposed on the kernel is to prevent the
possibility that a user can see any data that previously have been used or owned by another
process. This is to protect system resources from being used to disclose user data in
violation of the system’s security policy.
To meet this requirement, the system must conform to an object reuse policy, which can be
paraphrased from the TCSEC as follows: no information produced by a prior running
process is to be available to any other process by means of access to a shared system
resource that has been released to the system—that is, an mbuf, a global data structure,
and so on. This is usually accomplished by zero-filling a resource upon deallocation or
reallocation to another process.
In addition to this object reuse policy, the system must enforce security access restrictions
and audit all security-relevant events for the secure operation of the system. You must
become familiar with such other functional requirements as Covert Storage Channels and