We have designed and implemented a new operating system, Arrakis, that splits the traditional role of the kernel in two. Applications have direct access to virtualized I/O devices, allowing most I/O operations to skip the kernel entirely, while the kernel is re-engineered to provide network and disk protection without kernel mediation of every operation.
That's the way IBM mainframes have worked since IBM VM, 1972.
There's a lot to be said for this. For historical reasons, most microprocessor systems have an I/O architecture that's far too much like that of an 1970s minicomputer - device registers with meaning determined by the peripheral. Minicomputers had that because they couldn't afford enough transistors to do mainframe-type channels. That problem went away a long time ago, but the legacy architecture remains.
You need both channels with access control and peripherals designed for channels to make this work without OS intervention. Peripherals may have privileged functions - user programs may be restricted to an address range on a disk, or an IP and MAC address on a network controller.
SR-IOV is pretty much designed like this. The master PCI function has all the privileged ops while the slave devices have none.
The Intel network cards (all the 10g ones, some 1g) at least have IP and MAC filtering, and support at least 64 virtual network cards for each physical port.
It has taken longer for storage, but NVMe has SR-IOV, which means you can split out virtual drives without the OS having to check block ranges. Not widely available yet, although Google cloud now has support[1].
That's the way IBM mainframes have worked since IBM VM, 1972.
There's a lot to be said for this. For historical reasons, most microprocessor systems have an I/O architecture that's far too much like that of an 1970s minicomputer - device registers with meaning determined by the peripheral. Minicomputers had that because they couldn't afford enough transistors to do mainframe-type channels. That problem went away a long time ago, but the legacy architecture remains.
You need both channels with access control and peripherals designed for channels to make this work without OS intervention. Peripherals may have privileged functions - user programs may be restricted to an address range on a disk, or an IP and MAC address on a network controller.