Deprivileging Low-Level GPU Drivers Efficiently with User-Space Processes and CHERI Compartments

Device drivers are a prominent source of operating system bugs and vulnerabilities, due to market pressures on hardware vendors and access to privileged system resources. OSes increasingly deprivilege drivers by moving them out of the kernel into user space, but this is widely understood to come with significant overhead. The perfect storm concerns GPU drivers, which are very large, complex and yet highly performance-sensitive. For performance reasons, large parts of these drivers run with full kernel privileges on major OSes.