The Kernel Graphics Interface Project

T24gMy82LzA2LCBvbGFmQnVkZGVuaGFnZW5AZ214Lm5ldCA8b2xhZkJ1ZGRlbmhhZ2VuQGdteC5u
ZXQ+IHdyb3RlOgoKWyBsb3RzIG9mIGludGVycmVzdGluZyB0aGluZ3MgXQoKSGksCgpZb3VyIGNv
bW1lbnRzIHNob3dzIHF1aXRlIGNsZWFybHkgdGhhdCB0aGUgR0dJL0tHSSBwcm9qZWN0IChJIG1h
a2UgaXQKYSB3aG9sZSkgaXMgZmFyIGZyb20gYmVpbmcgYXMgaXJyZWxldmFudCBvciBvYnNvbGV0
ZSBhcyBzb21lICJiaWcKYXJtcyIgd291bGQgc2F5LiAgV2UgaGF2ZSBpZGVhcywgd2Ugc29ydCBv
ZiBoYXZlIGEgZGVzaWduLCBhbmQgd2UKYXBwYXJlbnRseSBoYXZlIHBlb3BsZSBvZiBnb29kIHdp
bGwgZGV2b3RpbmcgdGltZSwgZW5lcmd5LCBzb21ldGltZXMgYQpsaXR0bGUgbW9uZXkgdG8gdGhl
IHByb2plY3QuCgpCdXQgd2UgY2Fubm90IGFwcHJvYWNoIHBlb3BsZSBhdCBYb3JnIG9yIG90aGVy
cyBhbmQgc2F5ICJ3ZSBhcmUgcmlnaHQiCmJlY2F1c2Ugd2UgZG9uJ3QgaGF2ZSBtdWNoIHRvIHNo
b3cuICBPYnZpb3VzbHkgd2UgbGFjayBtYW5wb3dlci4gSQp0aGluayB0aGVyZSBhcmUgZmFyIGZl
d2VyIGRldmVsb3BlcnMgbm93IHRoYW4gd2hhdCBHR0kgaGFkIGJlZm9yZTsgYnV0CnN0aWxsIHRo
ZXJlIGhhdmUgYmVlbiBzb21lIG1ham9yIHJlZmFjdG9yaW5nIHdvcmsgZG9uZSBpbnRlcm5hbGx5
LAp3aXRob3V0IGFueSBkaXNydXB0aXZlIGNoYW5nZSB0byB0aGUgbGVnYWN5IGludGVyZmFjZSwg
YXMgd2VsbCB0aGUKYnVpbGQgc3lzdGVtLiAgSSB0aGluayBpdCBpcyBhbHRvZ2V0aGVyIGFuIGFt
YXppbmcgYW1vdW50IG9mIHdvcmsgdGhhdAphIGZldyBwZW9wbGUgZGlkLiAgTm93IHdlIHdhbnQg
dG8gZ28gZnVydGhlciBhbmQgd2UgZ2VuZXJhbGx5IGFncmVlCnRoYXQgd2UgbmVlZCB0byBjb25z
aWRlciBjaGFuZ2luZyB0aGUgZGVzaWduIGEgYml0LiAgQXMgSSBzYWlkIHdlCnByb2JhYmx5IGxh
Y2sgbWFucG93ZXIsIGJ1dCBtb3JlIGltcG9ydGFudGx5IEkgdGhpbmsgd2UgbGFjayBmb2N1cywg
YXQKbGVhc3Qgb24gdGhlIEdHSSBzaWRlOiB0b28gbXVjaCB3b3JrIGlzIGRvbmUgb24gc21hbGwg
Y29zbWV0aWMKY2hhbmdlcywgdHJ5aW5nIHRvIG1haW50YWluIGV2ZXJ5dGhpbmcgYXMgYSB3aG9s
ZSwgYW5kIHN5bmNocm9uaXppbmcKYnVpbGQgc3lzdGVtIHdpdGggYmxlZWRpbmcgZWRnZSB1cHN0
cmVhbS4gSWYgd2UgYXJlIHNhdGlzZmllZCB3aXRoIHRoZQpjdXJyZW50IHN0YXRlIHRoYXQncyBv
aywgYnV0IEkgc3VwcG9zZSB3ZSBhcmUgbm90LgoKU28gaWYgd2Ugd2FudCB0byBnbyBmb3J3YXJk
IHdpdGggdGhlIGxpdHRsZSBtZWFucyB3ZSBoYXZlLCB3ZSBzaG91bGQKcmVhbGx5IHN0b3AgbWFp
bnRhaW5pbmcgKGZvciBhIHdoaWxlKSB0aGUgb3RoZXIgbGlicmFyaWVzIGFuZApleHRlbnNpb25z
LCBhbmQgZm9jdXMgb24gZ2V0dGluZyB0aGUgY29yZSBsaWJyYXJpZXMgaW4gb3JkZXIuICBJbiBt
eQpvcGluaW9uIGl0IHJlcXVpcmVzIGEgbWFqb3IgcmVvcmdhbmlzYXRpb24gb2YgdGhlIHdob2xl
IEdHSSBBUEkgc3RhY2ssCndoaWNoIGNvdWxkIGFsc28gYmUgYSB2ZXJ5IGdvb2Qgb2NjYXNpb24g
dG8gZGVjaWRlIChuZXc/KSBkaXJlY3Rpb25zCmZvciBLR0ksIGFuZCBzZWUgaG93IGl0IHNob3Vs
ZCBmaXQgaW4uCgpGaXJzdCwgd2UgaGF2ZSB0byBzZXBhcmF0ZSBsaWJnZ2kgZnJvbSBsaWJnaWku
ICBHcmFwaGljcyBoYW5kbGluZyBtdXN0Cm5vdCB1bmNvbmRpdGlvbm5hbHkgYmUgYm91bmQgdG8g
YW4gaW5wdXQgZnJhbWV3b3JrLiBJIGFncmVlIHRoaXMgbWFrZXMKaXQgZWFzaWVyIGZvciB0aGUg
dXNlciAoSSB0aGluayB0aGUgR0dJIEFQSXMgYXJlIHZlcnkgbmljZSB0byB0aGUKYXBwbGljYXRp
b24gZGV2ZWxvcGVyKSwgYnV0IGl0IGlzIHJlYWxseSBiYWQgZm9yIHNlbGxpbmcgR0dJIGNvbmNl
cHRzCnRvIGdyYXBoaWMgZGV2ZWxvcGVycyB3aG8gc2VlcyBpdCBhcyBibG9hdC4gIFRoYXQgbWVh
bnMgYWxzbwpzZXBhcmF0aW5nIGxpYmdnIGZyb20gbGliZ2lpLiBJdCBpcyBhYm91dCB0aW1lIHRo
YXQgbGliZ2cgaGFzIGl0cyBvd24KdHJlZSwgYXMgaXQgd291bGQgb25seSBtYWtlIHRoaW5ncyBz
YW5lci4KClRoZSBpZGVhIGhhcyBhbHNvIGJlZW4gcmFpc2VkIChJIHRoaW5rIE5pY29sYXMgZmly
c3QgYXJ0aWN1bGF0ZWQgaXQpCnRoYXQgbGliZ2FsbG9jIG11c3QgYmVjb21lIHRoZSBwcmltYXJ5
IGdyYXBoaWNzIGxpYnJhcnkgb2YgdGhlCnByb2plY3Q6IGNlbnRyYWwgYXV0aG9yaXR5IGZvciBy
ZXNzb3VyY2UgbmVnb2NpYXRpb24gYW5kIG1vZGUgc2V0dGluZwpvbiBhIHZpc3VhbC4gTm90IG1v
cmUuICBUaGlzIG1lYW5zIHRoYXQgbGliZ2dpIHdpbGwgYmUgc2ltcGx5IGJlY29tZQphbiBleHRl
bnNpb24gcHJvdmlkaW5nIGJhc2ljIDJEIGRyYXdpbmcgb3BzLiBBZnRlciBhbGwsIGl0IGlzIGEg
dmVyeQpnb29kIHRoaW5nOiBXaHkgc291bGQgM0QgcHJvZ3JhbXMgKGlmIHdlIGdldCBzb21lIEdM
IGV4dGVuc2lvbikKYWJzb2x1dGVseSBjYXJlIHdpdGggMkQgcHJpbWl0aXZlcyBwcm92aWRlZCBi
eSBsaWJnZ2k/IFRoZXkgd291bGQKc3RpbGwgaG93ZXZlciBuZWVkIHRvIGFsbG9jYXRlIGEgdmlz
dWFsLgoKVGhvc2UgYXJlIG5vdCBob3BlbGVzc2x5IGxvbmctdGVybSBnb2FscywgaWYgd2Ugb25s
eSBhY2NlcHQgdGhlIGlkZWEKdGhhdCBzb21lIHRhcmdldHMgKGJvdGggZm9yIGxpYmdpaSBhbmQg
bGliZ2dpKSB3aWxsIGJlIHB1dCBhc2lkZSBmb3IgYQp3aGlsZS4gIEl0IHdvdWxkIGFjdHVhbGx5
IGJlIGEgdmVyeSBnb29kIG9jY2FzaW9uIHRvIGFzc2VzcyB0aGVpcgpjdXJyZW50IHN0YXRlIGFu
ZCBmaWx0ZXIgd2hhdCBpcyByZWFsbHkgd29yaCBrZWVwaW5nLiBXZSdkIGJldHRlciBoYXZlCm9u
bHkgYSBmZXcgdXNlZnVsIGFuZCB3ZWxsIHJldmlld2VkIHRhcmdldHMsIHRoYW4gYSBsb3Qgb2Yg
dGFyZ2V0cyBmb3IKd2hpY2ggd2UgZG8gbm90IGtub3cgdGhlIHN0YXRlLCBub3IgZG8gd2UgaGF2
ZSBhIHJhdGlvbmFsZSBvcgpkb2N1bWVudGF0aW9uIGZvci4gIEknZCBhbHNvIGxpa2UgdG8gc3Ry
ZXNzIHRoYXQgd2Ugb2J2aW91c2x5IGRvIG5vdApoYXZlIGlzIGEgbGFyZ2UgdXNlciBiYXNlIHRo
YXQgcmVhbGx5IHdhbnRzIHVzIG5vdCB0byBicmVhawp0aGluZ3MuIEFuZCBpZiB0aGVyZSB3ZXJl
LCB0aGV5IGNvdWxkIHN0aWNrIHRvIHRoZSBjdXJyZW50IHJlbGVhc2VzLgpUaGVyZSBhcmUgdG9v
IG1hbnkgZW50cmllcyBpbiB0aGUgdmFyaW91cyBUT0RPIHRoYXQgY2Fubm90IGJlIHRhY2tsZWQK
d2l0aG91dCBjb25zaWRlcmluZyBhIG1ham9yIGxlYXAuCgpGb3IgbXkgcGFydCwgSSBoYXZlIGJl
ZW4gdHJ5aW5nIHRvIHB1dCB0aGUgbGliZ2dpIGV4dGVuc2lvbiBtZWNoYW5pc20KYXQgYSBtb3Jl
IGdlbmVyYWwgbGV2ZWwsIHRoYXQgd291bGQgYWxsb3cgdG8ga2VlcCByb3VnaGx5IHRoZSBzYW1l
Cmxvb2sgYW5kIGZlZWwgZm9yIGFwcGxpY2F0aW9uIGRldmVsb3BlcnMsIHdpdGggbW9yZSBmbGV4
aWJpbGl0eS4gIFRoZQpwcmltYXJ5IG5lZWQgZm9yIGl0IGlzIG9mIGNvdXJzZSB0byBiZSBhYmxl
IHRvIGRlY291cGxlIGxpYmdpaSBhbmQKbGlnZ2kuCgpJIGFtIGFsc28gdHJ5aW5nIHRvIGNvbWUg
dXAgd2l0aCBhIHNvbHV0aW9uIHRvIHRoZSBmdW5jdGlvbgpvdmVybG9hZGluZyBwcm9ibGVtIGlu
IGxpYmdnaSB0aGF0IEJyaWFuIHBvaW50ZWQgb3V0LiAgSXQgaXMgbm90IHRvbwpkaWZmaWN1bHQs
IGJ1dCBJIGFtIHNvbWV3aGF0IHJlbHVjdGFudCB0byBwdXQgdG9vIG11Y2ggZWZmb3J0IG9uY2UK
bW9yZSBpbnRvIHRyeWluZyBub3QgdG8gYnJlYWsgdGhpbmdzLCB3aGVuIEkga25vdyB0aGF0IGl0
IHdvdWxkIGJlCnVzZWxlc3MgaW4gdGhlIGVuZCwgc2luY2UgbGliZ2dpIHdpbGwgYmUgYnJva2Vu
IHVwIGFueXdheSAoaWYgdGhlIHBsYW4KZGVzY3JpYmVkIGFib3ZlIGlzIHB1cnN1ZWQpLgoKCk5v
dywgYSBmZXcgcmFuZG9tIHBvaW50cyBjb25jZXJuaW5nIEtHSS4gSSBjb3VsZCBub3QgZm9sbG93
IHRoZSBJUkMKbWVldGluZ3MgY2xvc2VseSwgSSBkbyBub3QgY2xhaW0gdG8gaGF2ZSBhIGNsZWFy
IHVuZGVyc3RhbmRpbmcgb2YgdGhlCndob2xlIHBpY3R1cmUsIGFuZCBteSBvcGluaW9uIGlzIGlu
IG5vIHdheSBhdXRob3JpdGF0aXZlLgoKRmlyc3QgSSB0aGluayB0aGUgbmFtZSBpcyBnb29kLCBh
bmQgSSBkb24ndCBjYXJlIHdoYXQgYmlhcyBwZW9wbGUgbWF5CmhhdmUsIGR1ZSB0byBmbGFtZXMg
b2YgdGhlIHBhc3QuICBJbnN0ZWFkIG9mIG1hcmtldGluZyBhbmQKY29tbXVuaWNhdGlvbiwgc3Rp
Y2sgdG8gdGVjaG5pY2FsIGFuZCBkZXNpZ24gaXNzdWVzLCBzaW5jZSB0aGF0IGlzIHRoZQpvbmx5
IHRoaW5nIHRoYXQgcmVhbGx5IGNvdW50cyBpbiB0aGUgZW5kLiAgQWxzbywgZG8gbm90IHRocm93
IGF3YXkKbGlnaHRseSB0aGUgY2hhbmNlIG9mIGhhdmluZyBhbiAiZXN0YWJsaXNoZWQiIHRocmVl
IGxldHRlcgphY3JvbnltL3ByZWZpeCB0aGF0IGRvZXMgbm90IHJlc3NlbWJsZSBhbnl0aGluZyBh
bHJlYWR5IGtub3duIHRvIHRoZQpPcGVuIFNvdXJjZSB3b3JsZCA6KQoKVGhlIG5hbWUgb2YgU3Rl
ZmZlbiBTZWVnZXIsIHRoZSBpZGVhIG9mIHRoZSBvcmlnaW5hbCBwdXJwb3NlLCBkZXNpZ24sCmNv
bmNlcHRzIGV0YyBhcmUgb2Z0ZW4gc2VlbiBpbiBkaXNjdXNzaW9ucyBhYm91dCBLR0kgZnV0dXJl
LiAgRnJhbmtseSwKSSB0aGluayB0aGlzIGlzIGp1c3Qgbm9uLXNlbnNlIG5vdy4gSSBoYXZlIGJl
ZW4gYXJvdW5kIGZvciBhIGZhaXJseQpsb25nIHRpbWUgYW5kIGRvIG5vdCBrbm93IHdobyBTdGVm
ZmVuIFNlZWdlciBpcy4gSGUgaGFzIG5vdCBzaG93biB1cApmb3IgYWdlcywgSSBkbyBub3QgdGhp
bmsgaGUgY2FyZXMgYW55bW9yZSBhYm91dCBpdC4gIFNvIG1heWJlIGhlIGhhZCBhCnZpc2lvbiBh
dCBzb21lIHBvaW50IGluIHRoZSBwYXN0LCBidXQgbm93IGl0IGlzIGp1c3QgbGVhZGluZyBub3do
ZXJlLgpTb21lIHBlb3BsZSBvbiB0aGUgS0dJIHRlYW0gc2VlbSB0byBkaXNhZ3JlZSB3aXRoIHRo
aXMgbGVnYWN5IGFuZCB3YW50CnRvIG1ha2UgdGhpbmdzIGFjdHVhbGx5IHdvcmsuIEkgc2F5IGdv
IGZvciBpdC4gU3RpY2tpbmcgdG8gdGhlCm9yaWdpbmFsIGlkZWFzIGhhcyBub3QgaGVscGVkLCBh
bmQgaXMgbm90IGdvaW5nIHRvIGhlbHA7IGl0IG9ubHkKZGlzY291cmFnZXMgcGVvcGxlIHRoYXQg
aGF2ZSBuZXcgaWRlYXMgYW5kIHRoZSB3aWxsIHRvIGNvbnRyaWJ1dGUuCgpXaGF0ZXZlciBkaXJl
Y3Rpb24gaXQgdGFrZXMsIGl0IGlzIGEgcmVhbCBtaXN0YWtlIHRvIGV2ZW4gdHJ5IHRvIG1ha2UK
dGhpbmdzIGVhc3kgZm9yIGJpbmFyeSBvbmx5IGRyaXZlcnMuIFRob3NlIGFyZSBzaW1wbHkgZXZp
bC4gIEkgYWxzbwp2b3RlIGZvciBCU0Qgb25seSBjb2RlLCBzaW5jZSBpdCBpcyB0aGUgb25seSB3
YXkgaXQgY291bGQgYmUgc29tZWRheQphY2NlcHRlZCB3aWRlbHkuCgpJIGFncmVlIHRoYXQgS0dJ
IHNob3VsZCBmb2N1cyBvbiBtYW5hZ2luZyBhY2Nlc3MgdG8gZ3JhcGhpYyBoYXJkd2FyZSwKYW5k
IG5vdCB0cnkgdG8gYmUgYSBjb25zb2xlIHN1YnN5c3RlbSBmcm9tIHRoZSBiZWdpbm5pbmcuCgpG
aW5hbGx5IEkgdG90YWxseSBhZ3JlZSB0aGF0IEdHSSBhbmQgS0dJIHJlc291cmNlcyBzaG91bGQg
YmUgbWVyZ2VkLgpUaGUgYXJndW1lbnQgdGhhdCBpdCBpcyBjb25mdXNpbmcgaXMgbm90IHZhbGlk
LiAgV2hhdCBwZW9wbGUgc2VlIGlzCnRoYXQgYm90aCBwcm9qZWN0cyBhcmUgc3RhbGxlZC4KCgpI
ZXksIHRoYXQgd2FzIGEgbG90IGZvciBqdXN0IDIgY3RzIQpFcmljLgo=

olafBuddenhagen@... wrote:
> Anyways, after I (probably badly) tried to explain the current situation
> with GGI, he seemed interested in some cooperation -- though I'm not
> sure how exactly he imagines it. However, he got pretty sceptical when I
> mentioned the kernel part, claiming that the kernel folks want as little
> as possible in the kernel. At the end Keith Packard also jumped in, and
> he is totally against mode setting in the kernel, on the ground that it
> is very complex and hard to get right etc.; and there should be some
> trusted agent in user space instead. IMHO a strange argument,

Right. However, if they absolutely think this is a good thing, it can be
done. It is awkward, though.

Very early KGI designs used a special manager application to load/save
graphics context (including screen content) to allow for totally 
transparent VC-switching.

This application could as well have set up the new target modes.

However, I agree, that mode switching belongs in the kernel. Killer
arguments:

1. If we want a really secure SAK, we must be able to fully restore the
   graphics card state to a sane point from which we can start a
   textmode or graphical logon. This can only be done, if the mode setup
   resides in kernel space. 
   Ideally _compiled in_ for it to work even in situations where the
   system is quite broken (like HD failure).

2. This will also help tremendously, if you got a system with a messed
   up graphics mode (which tends to happen e.g. when sleep-/suspend-modes 
   are activated, or when switching to/from X while using fbdev).
   You can then remotely restore a sane state. Not by fiddling around
   with SVGATextMode like stuff, but by just killing the faulty app or
   sending a signal to the kernel driver.

3. Mode setup is not complicated at all. It is just pushing a few values 
   into a few registers. The most complicated thing about it is, to
   figure out, which registers might influence mode setup and thus 
   need to be written to, just in case they carry strange values.
   This is more of an issue with chipset documentation and the quality
   of drivers that are reverse engineered.
   It is mode negotiation (i.e. determining a mode that fits the needs
   of monitor and application and is supported by the graphics card) 
   that is complicated. This can easily be moved out of kernel context.

4. Moving complex stuff out of kernelspace is done to allow for failure
   without taking the system down. Access violation in userspace will
   just kill that app. It can be restarted etc. In kernel, it will cause
   an oops and maybe a panic.
   However, this is not an issue for graphics mode setup:
   Program logic for mode setup is really simple, if mode negotiation is
   left aside. Kernel support could be shrinked down to a table of
   "known modes" (filled in by some userspace mode negotiation daemon)
   and a bunch of in/out/mem-access/barrier calls.
   
   Yes, this can still kill the machine, if the values programmed cause 
   the GC to e.g. do a DMA transfer of zeroes to the entire RAM, or lock
   up the PCI bus. But it doesn't quite matter, if you cause such
   problems from user- oder kernelspace.

   Even in the unlikely event, that there is an error in the program
   logic that will cause a segfault during mode setup: What do you gain
   from it being in userspace? You are likely to get a broken mode anyway,
   thus defeating console use of the machine, which is in many scenarios
   not much wirse than loosing it with a panic, as you can only blindly
   try to shut it down and restart, then.

4. One of the kernels main function is to virtualize hardware. Graphics 
   hardware is about the only exception now. I don't think a graphics
   controller reduced to mode setup functionality is so much more 
   complex than stuff like the HostAP drivers for simple WLAN cards.
   Same goes for the IP stack.


Thus my $0.02 about graphics drivers and the kernel:

A) Mode setup needs to be in the kernel to allow for SAK and a nice and
   simple integration with console switching.

B) Mode negotiation can be done outside the kernel. I don't quite care.
   As I tend to like small kernels, I'd even favour to move it out.

C) The kernel part must make sure, that the graphics drivers cannot be
   abused by the app accessing it. E.g. it must not be able to abuse 
   the cards DMA engine to gain access to protected memory, it must not 
   be able to write values into card registers that endanger system
   stability (like overclocking), it must not be able to gain too much
   access to other apps data (reading foreign parts of the graphics
   memory).

   Other than that I don't care much about how much of the drivers runs
   where.

> considering that with fbdev there has been mode setting in the kernel
> for years, and this is extremely unlikely to change -- I don't see how
> the kernel console stuff would work relying on some user space agent for
> mode setting...

Right. It doesn't make much sense. It can be done, but it's utterly
complex for little to no gain.


CU, ANdy

-- 
= Andreas Beck | Email: <becka-sig-ggi@...>  =