IRQ pseudo code registration/deregistration broken
|irq, ipc, capabilities
The IRQ pseudocode registration mechanism requires a unique "devno" subkey (besides the IRQ number subkey) to allow multiple drivers register the same IRQ. This "devno" is used effectively only during IRQ subscribe and unsubscribe. It is not used during IRQ handling.
There are a couple of problems with this.
To begin with, the kernel provides a syscall to allocate these "devnos" from a global counter. It is probably unnecessary to stress that a microkernel should not allocate device numbers.
More importantly, a driver can use whatever "devno" it thinks is proper, not necessarily the one allocated by the kernel.
This leads to the most fundamental problem of this design: a driver can unregister somebody else's IRQ handler, because "devnos" are global identifiers and the kernel does not check who registered what.
All of these issues can be addressed by introducing task-local identifiers for IRQ pseudocode. For example by generalizing the code which provides task-local names to IPC phones to support also other kinds of kernel objects - IRQ pseudocode in this case.