Should a bad USB device be able to crash a bug free Linux kernel?

Question

My question is rather broad, I know, but I have been wondering about this for a long time.

A little background. I work in a Physics lab where all the lab computers are running Debian (mix of old version and Lenny) or more recently Ubuntu 10.4 LTS. We have written a lot of custom software to interface with experiment hardware and other computers.

We have a lot of FPGA boards that are controlling various parts of the experiment, these are connected via USB to different computers. After upgrading a computer controlling an experiment we started seeing crashes/lockups of the computer running all the lasers. This used to be completely stable.

My question is this: If the entire computer locks up because of an issue with a) Python/GTK software gui b) USB device driver or c) The actual device can this be blamed on the Linux kernel (or other levels of the OS)?

Is it unfair to ask of the linux kernel not to panic even if I make mistakes in my implementation of software/hardware.

My own guess: Any user level applications should never be able to crash the entire system since they should only have access to their own stuff.

Any device driver becomes a part of the kernel itself and will therefore be able to crash it. Is my reasoning sound?

Bonus question: IS there a way to insulate device and kernel somehow such that Linux will keep running happily no matter what stupid mistakes are made with the hardware. That would be very useful for two reasons: 1) debugging is easier with a running system, 2) For the purposes of the experiment we really need long uptimes and having only a part of the system crash is infinitely better than crashes in one part of the system propagating to the rest.

Any links and reading material on this subject would be appreciated. Thank you.

Answer 1

You are correct that unprivileged code should not be able to bring down the system, unless there's a kernel bug. The line between unprivileged and privileged isn't exactly the same as user-space vs kernel, however. A user-mode program can open /dev/kmem and trash the OS's internal data structures, if the user account has superuser privileges.

To insulate the main kernel from device driver problems, run the device driver inside a virtual machine.

Several popular VM systems, including VMWare Workstation, support forwarding an arbitrary USB device from the host to the guest without a device-specific driver on the host.