On Thu, Jul 19, 2001 at 08:36:43AM +1000, Andrew van der Stock wrote:
> Greg,
> 
> The only bit of code that is relatively awful as it relates to IBM's
> original decisions in 1980 or thereabouts is the bit that takes a card from
> being mapped as a "VGA" card via I/O ports to being accessible via full
> linear memory mapping. To get it from one to the other is the work of about

Allowing memory mapping of the framebuffer is no big deal.  Requiring that
the host system allow *arbitrary memory mappings* in order to allow this
to succeed -- that's a big deal.  It totally destroys the Unix security
model.

Worse, because the device registers are mapped, too, and many of these
devices can DMA to/from arbitrary addresses, even if the kernel provided
a framebuffer handle this approach would *still* leave you totally hosed.

The problem with what the XFree86 architecture puts in userland as
opposed to the kernel is that it guarantees that you can't have X and
have any meaningful kind of security at the same time.  Bear in mind
that on most _modern_ Unix systems, there's an effort to ensure that
even a rogue process running as root can be prevented from doing lasting
damage to the system; XFree sidesteps all of that.

Contrary to what's been said earlier in this thread, there *have* been
reasonable interfaces between the kernel and X server implemented in
X11 in the past, with reasonable performance and without the security
problems of the XFree86 approach; the most obvious example is probably
what DEC did in Ultrix and, I believe, in OSF/1.  I realize that the
incredible variety of hardware that XFree86 supports makes this difficult
if not downright impractical, but it's silly to pretend that it's never
been done.

People will complain about this so long as they'd like to have X and
reasonable security at the same time.  It's really not right to yell at
them for wanting that (though the way some of them have expressed their
desire in this thread isn't exactly great, either).

Thor