A driver communicates with the device through the computer bus or communications subsystem to which the hardware connects. When a calling program invokes a routine in the driver, the driver issues commands to the device (drives it). Once the device sends data back to the driver, the driver may invoke routines in the original calling program.
Drivers are hardware dependent and operating-system-specific. They usually provide the interrupt handling required for any necessary asynchronous time-dependent hardware interface.
Purpose
The main purpose of device drivers is to provide abstraction by acting as a translator between a hardware device and the applications or operating systems that use it. Programmers can write higher-level application code independently of whatever specific hardware the end-user is using. For example, a high-level application for interacting with a serial port may simply have two functions for "send data" and "receive data". At a lower level, a device driver implementing these functions would communicate to the particular serial port controller installed on a user's computer. The commands needed to control a 16550 UART are much different from the commands needed to control an FTDI serial port converter, but each hardware-specific device driver abstracts these details into the same (or similar) software interface.
Development
Writing a device driver requires an in-depth understanding of how the hardware and the software works for a given platform function. Because drivers require low-level access to hardware functions in order to operate, drivers typically operate in a highly privileged environment and can cause system operational issues if something goes wrong. In contrast, most user-level software on modern operating systems can be stopped without greatly affecting the rest of the system. Even drivers executing in user mode can crash a system if the device is erroneously programmed. These factors make it more difficult and dangerous to diagnose problems.
The task of writing drivers thus usually falls to software engineers or computer engineers who work for hardware-development companies. This is because they have better information than most outsiders about the design of their hardware. Moreover, it was traditionally considered in the hardware manufacturer's interest to guarantee that their clients can use their hardware in an optimum way. Typically, the Logical Device Driver (LDD) is written by the operating system vendor, while the Physical Device Driver (PDD) is implemented by the device vendor. However, in recent years, non-vendors have written numerous device drivers for proprietary devices, mainly for use with free and open source operating systems. In such cases, it is important that the hardware manufacturer provide information on how the device communicates. Although this information can instead be learned by reverse engineering, this is much more difficult with hardware than it is with software.
Microsoft has attempted to reduce system instability due to poorly written device drivers by creating a new framework for driver development, called Windows Driver Frameworks (WDF). This includes User-Mode Driver Framework (UMDF) that encourages development of certain types of drivers—primarily those that implement a message-based protocol for communicating with their devices—as user-mode drivers. If such drivers malfunction, they do not cause system instability. The Kernel-Mode Driver Framework (KMDF) model continues to allow development of kernel-mode device drivers, but attempts to provide standard implementations of functions that are known to cause problems, including cancellation of I/O operations, power management, and plug and play device support.
Apple has an open-source framework for developing drivers on macOS, called I/O Kit.
In Linux environments, programmers can build device drivers as parts of the kernel, separately as loadable modules, or as user-mode drivers (for certain types of devices where kernel interfaces exist, such as for USB devices). Makedev includes a list of the devices in Linux, including ttyS (terminal), lp (parallel port), hd (disk), loop, and sound (these include mixer, sequencer, dsp, and audio).
Microsoft Windows .sys files and Linux .ko files can contain loadable device drivers. The advantage of loadable device drivers is that they can be loaded only when necessary and then unloaded, thus saving kernel memory.
Kernel mode vs. user mode
Device drivers, particularly on modern Microsoft Windows platforms, can run in kernel-mode (Ring 0 on x86 CPUs) or in user-mode (Ring 3 on x86 CPUs). The primary benefit of running a driver in user mode is improved stability, since a poorly written user-mode device driver cannot crash the system by overwriting kernel memory. On the other hand, user/kernel-mode transitions usually impose a considerable performance overhead, thus making kernel-mode drivers preferred for low-latency networking.
Kernel space can be accessed by user-mode only through the use of system calls. End user programs like the UNIX shell or other GUI-based applications are part of user space. These applications interact with hardware through kernel supported functions.
Applications
Because of the diversity of modern hardware and operating systems, drivers operate in many different environments. Drivers may interface with:
- Printers
- Video adapters
- Network cards
- Sound cards
- PC chipsets
- Local buses of various sorts—in particular, for bus mastering on modern systems
- Low-bandwidth I/O buses of various sorts (for pointing devices such as mice, keyboards, etc.)
- Computer storage devices such as hard disk, CD-ROM, and floppy disk buses (ATA, SATA, SCSI, SAS)
- Implementing support for different file systems
- Image scanners
- Digital cameras
- Digital terrestrial television tuners
- Radio frequency communication transceiver adapters for wireless personal area networks as used for short-distance and low-rate wireless communication in home automation, (such as example Bluetooth Low Energy (BLE), Thread, Zigbee, and Z-Wave).
- IrDA adapters
Common levels of abstraction for device drivers include:
- For hardware:
- Interfacing directly
- Writing to or reading from a device control register
- Using some higher-level interface (e.g. Video BIOS)
- Using another lower-level device driver (e.g. file system drivers using disk drivers)
- Simulating work with hardware, while doing something entirely different
- For software:
- Allowing the operating system direct access to hardware resources
- Implementing only primitives
- Implementing an interface for non-driver software (e.g. TWAIN)
- Implementing a language, sometimes quite high-level (e.g. PostScript)
So choosing and installing the correct device drivers for given hardware is often a key component of computer system configuration.
Virtual device drivers
Virtual device drivers represent a particular variant of device drivers. They are used to emulate a hardware device, particularly in virtualization environments, for example when a DOS program is run on a Microsoft Windows computer or when a guest operating system is run on, for example, a Xen host. Instead of enabling the guest operating system to dialog with hardware, virtual device drivers take the opposite role and emulates a piece of hardware, so that the guest operating system and its drivers running inside a virtual machine can have the illusion of accessing real hardware. Attempts by the guest operating system to access the hardware are routed to the virtual device driver in the host operating system as e.g., function calls. The virtual device driver can also send simulated processor-level events like interrupts into the virtual machine.
Virtual devices may also operate in a non-virtualized environment. For example, a virtual network adapter is used with a virtual private network, while a virtual disk device is used with iSCSI. A good example for virtual device drivers can be Daemon Tools.
There are several variants of virtual device drivers, such as VxDs, VLMs, and VDDs.
Open source drivers
- Graphics device driver
- Printers: CUPS
- RAIDs: CCISS (Compaq Command Interface for SCSI-3 Support)
- Scanners: SANE
- Video: Vidix, Direct Rendering Infrastructure
Solaris descriptions of commonly used device drivers:
- fas: Fast/wide SCSI controller
- hme: Fast (10/100 Mbit/s) Ethernet
- isp: Differential SCSI controllers and the SunSwift card
- glm: (Gigabaud Link Module) UltraSCSI controllers
- scsi: Small Computer Serial Interface (SCSI) devices
- sf: soc+ or social Fiber Channel Arbitrated Loop (FCAL)
- soc: SPARC Storage Array (SSA) controllers and the control device
- social: Serial optical controllers for FCAL (soc+)
APIs
- Windows Display Driver Model (WDDM) – the graphic display driver architecture for Windows Vista and later.
- Unified Audio Model (UAM)
- Windows Driver Foundation (WDF)
- Declarative Componentized Hardware (DCH) - Universal Windows Platform driver
- Windows Driver Model (WDM)
- Network Driver Interface Specification (NDIS) – a standard network card driver API
- Advanced Linux Sound Architecture (ALSA) – the standard Linux sound-driver interface
- Scanner Access Now Easy (SANE) – a public-domain interface to raster-image scanner-hardware
- Installable File System (IFS) – a filesystem API for IBM OS/2 and Microsoft Windows NT
- Open Data-Link Interface (ODI) – network card API similar to NDIS
- Uniform Driver Interface (UDI) – a cross-platform driver interface project
- Dynax Driver Framework (dxd) – C++ open source cross-platform driver framework for KMDF and IOKit
Identifiers
A device on the PCI bus or USB is identified by two IDs which consist of 4 hexadecimal numbers each. The vendor ID identifies the vendor of the device. The device ID identifies a specific device from that manufacturer/vendor.
A PCI device has often an ID pair for the main chip of the device, and also a subsystem ID pair which identifies the vendor, which may be different from the chip manufacturer.
Security
Devices often have a large number of diverse and customized device drivers running in their operating system (OS) kernel and often contain various bugs and vulnerabilities, making them a target for exploits. Bring Your Own Vulnerable Driver (BYOVD) uses signed, old drivers that contain flaws that allow hackers to insert malicious code into the kernel.
There is a lack of effective kernel vulnerability detection tools, especially for closed-source OSes such as Microsoft Windows where the source code of the device drivers is mostly not public (open source) and the drivers often also have many privileges.
Such vulnerabilities also exist in drivers in laptops, drivers for WiFi and bluetooth, gaming/graphics drivers, and drivers in printers.
A group of security researchers considers the lack of isolation as one of the main factors undermining kernel security, and published a isolation framework to protect operating system kernels, primarily the monolithic Linux kernel which, according to them, gets ~80,000 commits/year to its drivers.
An important consideration in the design of a kernel is the support it provides for protection from faults (fault tolerance) and from malicious behaviours (security). These two aspects are usually not clearly distinguished, and the adoption of this distinction in the kernel design leads to the rejection of a hierarchical structure for protection.
The mechanisms or policies provided by the kernel can be classified according to several criteria, including: static (enforced at compile time) or dynamic (enforced at run time); pre-emptive or post-detection; according to the protection principles they satisfy (e.g., Denning); whether they are hardware supported or language based; whether they are more an open mechanism or a binding policy; and many more.
.jpg)
