Summarize

• The role of a device driver is providing mechanism, not policy
• Almost everything in Unix can be treated as a file
• When possible, driver writers should avoid encoding security policy in their code

Outline

• The Role of the Device Driver
• Splitting the Kernel
• Loadable Modules
• Classes of Devices and Modules
• Security Issues

Intro

• Device drivers
  • They are distinct “black boxes” that make a particular piece of hardware respond to a well-defined internal programming interface
  • They hide completely the details of how the device works
  • User activities are performed by means of a set of standardized calls that are independent of the specific driver
  • Each driver is different; as a driver writer, you need to understand your specific device well

The Role of the Device Driver

the role of a device driver is providing mechanism, not policy

Unix 的設計哲學之一是將「機制」（ Mechanism ）和「策略」（ Policy ）分開，這樣軟體更易於開發和適應不同需求。驅動程式應該專注於提供機制，而不應強加特定的使用策略

驅動程式應該盡可能保持「無策略」（ Policy-Free ），提供硬體能力的訪問而不增加額外的約束。例如，同步與非同步操作、支持多次開啟等都是無策略驅動程式的典型特徵

Most programming problems can indeed be split into two parts:

1. “what capabilities are to be provided” (the mechanism)
2. “how those capabilities can be used” (the policy)

Since different environments usually need to use hardware in different ways, it’s important to be as policy free as possible

• A driver, then, is flexible if it offers access to the hardware capabilities without adding constraints
• Being policy-free is actually a common target for software designers

Splitting the Kernel

Linux 核心的角色可以分為幾個部分：進程管理（ Process Management ）、記憶體管理（ Memory Management ）、檔案系統（ Filesystems ）、裝置控制（ Device Control ）和網路管理（ Networking ）。驅動程式在其中負責裝置控制

• In a Unix system, several concurrent processes attend to different tasks. Each process
  asks for system resources
• The kernel is the big chunk of executable code in charge of handling all such requests

The kernel’s role can be split:

1. Process management
   • creating & destroying processes and handling their connection (I/O)
   • communication among different processes (through signals, pipes, or interprocess communication primitives)
   • scheduler, which controls how processes share the CPU
2. Memory management
   • builds up a virtual addressing space for any and all processes
   • different parts of the kernel interact with the memory-management subsystem through a set of function calls(e.g., malloc/free...)
3. Filesystems
   • Unix is heavily based on the filesystem concept;

     • almost everything in Unix can be treated as a file

   • The kernel builds a structured filesystem on top of unstructured hardware
     • Linux supports multiple filesystem types, that is, different ways of organizing data on the physical medium (e.g., EXT3...)
4. Device control
   • The kernel must have embedded in it a device driver for every peripheral present on a system
   • This aspect of the kernel’s functions is our primary interest in this book.
5. Networking
   • Networking must be managed by the operating system, because most network
     operations are not specific to a process
   • Incoming packets are asynchronous events. The packets must be collected, identified, and dispatched before a process takes care of them.
   • The system is in charge of delivering data packets across program and network interfaces
   • Additionally, all the routing and address resolution issues are implemented within the kernel

Loadable Modules

Linux 支持在運行時動態加載和卸載功能模組（ Loadable Modules ），這使得核心功能可以擴展而不需重啟系統。驅動程式通常作為這些模組的一部分

• Each piece of code that can be added to the kernel at runtime is called a module
• Each module is made up of object code (not linked into a complete executable) that can be dynamically linked/unlinked to the running kernel by the program:
  • insmod
  • rmmod
• A module is said to belong to a specific class according to the functionality it offers

Classes of Devices and Modules

Linux 將裝置分為三大類：字元裝置（ Character Devices ）、區塊裝置（ Block Devices ）和網路介面（ Network Interfaces ）。每類裝置都有不同的驅動程式介面

Each module usually implements one of these types, and thus is classifiable as a
char module, a block module, or a network module

1. Character Devices
   • A character (char) device is one that can be accessed as a stream of bytes (like a
     file)
   • Char devices are accessed by means of filesystem nodes, such as /dev/tty1 and /dev/lp0
2. Block Devices
   • Block devices are accessed by filesystem nodes in the /dev directory
   • In most Unix systems, a block device can only handle I/O operations that transfer
     one or more whole blocks, which are usually 512 bytes (or a larger power of two) bytes in length
   • Block drivers have a completely different interface to the kernel than char drivers
3. Network Interfaces
   • A network interface is in charge of sending and receiving data packets, driven by
     the network subsystem of the kernel
   • Communication between the kernel and a network device driver is completely different from that used with char and block drivers

Security Issues

驅動程式編寫者應該避免在程式碼中編寫安全策略，而是將這些問題留給更高層次的管理。儘管如此，有些操作如設定中斷線或加載韌體，仍然需要在驅動程式中進行特權檢查

• Any security check in the system is enforced by kernel code. If the kernel has security holes, then the system as a whole has holes
• The system call "init_module" checks if the invoking process is authorized to load a module into the kernel

When possible, driver writers should avoid encoding security policy in their code

• Security is a policy issue that is often best handled at higher levels within the kernel, under the control of the system administrator

As a device driver writer, you should be aware of some situations:

• device operations that affect global resources (such as
  setting an interrupt line)
• device operations could damage the hardware (such as loading firmware...)
• device operations could affect other users (such as setting a default block size on a
  tape drive)
• These check must be made in the driver itself

you should avoid running kernels compiled by an untrusted friend

• A maliciously modified kernel could allow anyone to load a module, thus opening an unexpected back door via "init_module".

Reference

1. Device Driver Tutorial
2. Linux Device Drivers — Chapter One
3. Linux Device Driver – Introduction
4. ChatGPT4o: 翻譯中文兼總結