[Day01] Chapter 1: An Introduction to Device Drivers

16th鐵人賽 ldd3 linux linux kernel device driver

281 瀏覽

Summarize

The role of a device driver is providing mechanism, not policy
Almost everything in Unix can be treated as a file
When possible, driver writers should avoid encoding security policy in their code

Device drivers
- They are distinct “black boxes” that make a particular piece of hardware respond to a well-defined internal programming interface
- They hide completely the details of how the device works
- User activities are performed by means of a set of standardized calls that are independent of the specific driver
- Each driver is different; as a driver writer, you need to understand your specific device well

the role of a device driver is providing mechanism, not policy

Unix 的設計哲學之一是將「機制」（ Mechanism ）和「策略」（ Policy ）分開，這樣軟體更易於開發和適應不同需求。驅動程式應該專注於提供機制，而不應強加特定的使用策略

驅動程式應該盡可能保持「無策略」（ Policy-Free ），提供硬體能力的訪問而不增加額外的約束。例如，同步與非同步操作、支持多次開啟等都是無策略驅動程式的典型特徵

Most programming problems can indeed be split into two parts:

Since different environments usually need to use hardware in different ways, it’s important to be as policy free as possible

A driver, then, is flexible if it offers access to the hardware capabilities without adding constraints
Being policy-free is actually a common target for software designers

Linux 核心的角色可以分為幾個部分：進程管理（ Process Management ）、記憶體管理（ Memory Management ）、檔案系統（ Filesystems ）、裝置控制（ Device Control ）和網路管理（ Networking ）。驅動程式在其中負責裝置控制

In a Unix system, several concurrent processes attend to different tasks. Each process
asks for system resources
The kernel is the big chunk of executable code in charge of handling all such requests

The kernel’s role can be split:

Process management
- creating & destroying processes and handling their connection (I/O)
- communication among different processes (through signals, pipes, or interprocess communication primitives)
- scheduler, which controls how processes share the CPU
Memory management
- builds up a virtual addressing space for any and all processes
- different parts of the kernel interact with the memory-management subsystem through a set of function calls(e.g., malloc/free...)
Filesystems
- Unix is heavily based on the filesystem concept;
  - almost everything in Unix can be treated as a file
- The kernel builds a structured filesystem on top of unstructured hardware
  - Linux supports multiple filesystem types, that is, different ways of organizing data on the physical medium (e.g., EXT3...)
Device control
- The kernel must have embedded in it a device driver for every peripheral present on a system
- This aspect of the kernel’s functions is our primary interest in this book.
Networking
- Networking must be managed by the operating system, because most network
  operations are not specific to a process
- Incoming packets are asynchronous events. The packets must be collected, identified, and dispatched before a process takes care of them.
- The system is in charge of delivering data packets across program and network interfaces
- Additionally, all the routing and address resolution issues are implemented within the kernel

Linux 支持在運行時動態加載和卸載功能模組（ Loadable Modules ），這使得核心功能可以擴展而不需重啟系統。驅動程式通常作為這些模組的一部分

Each piece of code that can be added to the kernel at runtime is called a module
Each module is made up of object code (not linked into a complete executable) that can be dynamically linked/unlinked to the running kernel by the program:
- insmod
- rmmod
A module is said to belong to a specific class according to the functionality it offers

Linux 將裝置分為三大類：字元裝置（ Character Devices ）、區塊裝置（ Block Devices ）和網路介面（ Network Interfaces ）。每類裝置都有不同的驅動程式介面

Each module usually implements one of these types, and thus is classifiable as a
char module, a block module, or a network module

Character Devices
- A character (char) device is one that can be accessed as a stream of bytes (like a
  file)
- Char devices are accessed by means of filesystem nodes, such as /dev/tty1 and /dev/lp0
Block Devices
- Block devices are accessed by filesystem nodes in the /dev directory
- In most Unix systems, a block device can only handle I/O operations that transfer
  one or more whole blocks, which are usually 512 bytes (or a larger power of two) bytes in length
- Block drivers have a completely different interface to the kernel than char drivers
Network Interfaces
- A network interface is in charge of sending and receiving data packets, driven by
  the network subsystem of the kernel
- Communication between the kernel and a network device driver is completely different from that used with char and block drivers

驅動程式編寫者應該避免在程式碼中編寫安全策略，而是將這些問題留給更高層次的管理。儘管如此，有些操作如設定中斷線或加載韌體，仍然需要在驅動程式中進行特權檢查

Any security check in the system is enforced by kernel code. If the kernel has security holes, then the system as a whole has holes
The system call "init_module" checks if the invoking process is authorized to load a module into the kernel

When possible, driver writers should avoid encoding security policy in their code

Security is a policy issue that is often best handled at higher levels within the kernel, under the control of the system administrator

As a device driver writer, you should be aware of some situations:

device operations that affect global resources (such as
setting an interrupt line)
device operations could damage the hardware (such as loading firmware...)
device operations could affect other users (such as setting a default block size on a
tape drive)
These check must be made in the driver itself

you should avoid running kernels compiled by an untrusted friend