In the context of anoperating system, adevice driver is acomputer program that operates or controls a particular type ofdevice that is attached to acomputer.[1] A driver provides a softwareinterface tohardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware.
A driver communicates with the device through thecomputer bus or communications subsystem to which the hardware connects. When acalling program invokes aroutine in the driver, the driver issues commands to the device (drives it). Once the device sends data back to the driver, the driver may invoke routines in the original calling program.
Drivers are hardware-dependent and operating-system-specific. They usually provide theinterrupt handling required for any necessary asynchronous time-dependent hardware interface.[2]
The main purpose of device drivers is to providehardware abstraction by acting as a translator between a hardware device and the applications oroperating systems that use it.[1] Programmers can write higher-level application code independently of whatever specific hardware the end-user is using.
For example, a high-level application for interacting with aserial port may simply have two functions forsend data andreceive data. At a lower level, a device driver implementing these functions would communicate with the particular serial port controller installed on a user's computer. The commands needed to control a16550 UART are much different from the commands needed to control anUSB-to-serial adapter, but each hardware-specific device driver abstracts these details into the same (or similar) software interface.
Writing a device driver requires an in-depth understanding of how the hardware and the software work for a givenplatform function. Because drivers require low-level access to hardware functions in order to operate, drivers typically operate in a highlyprivileged environment and can cause system operational issues if something goes wrong. In contrast, misbehavior in most user-level software on modern operating systems can be stopped without greatly affecting the rest of the system. Even drivers executing inuser mode can crash a system if the device iserroneously programmed. These factors make it more difficult and dangerous to diagnose problems.[3]
The task of writing drivers thus usually falls tosoftware engineers orcomputer engineers who work for hardware-development companies. This is because they have better information than most outsiders about the design of their hardware. Moreover, it was traditionally considered in the hardwaremanufacturer's interest to guarantee that their clients can use their hardware in an optimal way. Typically, theLogical Device Driver (LDD) is written by the operating system vendor, while thePhysical Device Driver (PDD) is implemented by the device vendor. However, in recent years, non-vendors have written numerous device drivers for proprietary devices, mainly for use withfree and open source operating systems. In such cases, it is important that the hardware manufacturer provide information on how the device communicates. Although this information can instead be learned byreverse engineering, this is much more difficult with hardware than it is with software.
Windows uses a combination of driver and minidriver, where the full class/port driver is provided with the operating system, and miniclass/miniport drivers are developed by vendors and implement hardware- or function-specific subset of the full driver stack.[4] Miniport model is used byNDIS,WDM,WDDM,WaveRT,StorPort,WIA, andHID drivers; each of them uses device-specific APIs and still requires the developer to handle tedious device management tasks.
Microsoft has attempted to reduce system instability due to poorly written device drivers by creating a new framework for driver development, calledWindows Driver Frameworks (WDF). This includesUser-Mode Driver Framework (UMDF) that encourages development of certain types of drivers—primarily those that implement amessage-based protocol for communicating with their devices—as user-mode drivers. If such drivers malfunction, they do not cause system instability. TheKernel-Mode Driver Framework (KMDF) model continues to allow development of kernel-mode device drivers but attempts to provide standard implementations of functions that are known to cause problems, including cancellation of I/O operations, power management, and plug-and-play device support.
Apple has an open-source framework for developing drivers onmacOS, called I/O Kit.
InLinux environments, programmers can build device drivers as parts of thekernel, separately as loadablemodules, or as user-mode drivers (for certain types of devices where kernel interfaces exist, such as for USB devices).Makedev includes a list of the devices in Linux, including ttyS (terminal), lp (parallel port), hd (disk), loop, and sound (these includemixer,sequencer,dsp, and audio).[5]
Microsoft Windows.sys files andLinux .ko files can contain loadable device drivers. The advantage of loadable device drivers is that they can be loaded only when necessary and then unloaded, thus saving kernel memory.
Depending on the operating system, device drivers may be permitted to run at various differentprivilege levels. The choice of which level of privilege the drivers are in is largely decided by the type ofkernel an operating system uses. An operating system that uses amonolithic kernel, such as theLinux kernel, will typically run device drivers with the same privilege as all other kernel objects. By contrast, a system designed aroundmicrokernel, such asMinix, will place drivers as processes independent from the kernel but that use it for essentialinput-output functionalities and to pass messages between user programs and each other.[6]OnWindows NT, a system with ahybrid kernel, it is common for device drivers to run in eitherkernel-mode oruser-mode.[7]
The most common mechanism for segregating memory into various privilege levels is viaprotection rings. On many systems, such as those withx86 andARM processors, switching between rings imposes a performance penalty, a factor that operating system developers andembedded software engineers consider when creating drivers for devices which are preferred to be run with low latency, such asnetwork interface cards. The primary benefit of running a driver in user mode is improved stability since a poorly written user-mode device driver cannot crash the system by overwriting kernel memory.[8]
Because of the diversity of modern[update] hardware and operating systems, drivers operate in many different environments.[9] Drivers mayinterface with:
Virtual device drivers represent a particular variant of device drivers. They are used to emulate a hardware device, particularly invirtualization environments, for example when a guest operating system is run on aXen host. Instead of enabling the guest operating system to dialog with hardware, virtual device drivers take the opposite role and emulates a piece of hardware, so that the guest operating system and its drivers running inside avirtual machine can have the illusion of accessing real hardware. Attempts by the guest operating system to access the hardware are routed to the virtual device driver in the host operating system as e.g., function calls. The virtual device driver can also send simulated processor-level events likeinterrupts into the virtual machine.
Virtual devices may also operate in a non-virtualized environment. For example, a virtualnetwork adapter is used with avirtual private network, while a virtualdisk device is used withiSCSI. A good example for virtual device drivers can beDaemon Tools.
There are several variants of virtual device drivers, such asVxDs,VLMs, and VDDs.
A device on thePCI bus or USB is identified by two IDs which consist of twobytes each. The vendor ID identifies the vendor of the device. The device ID identifies a specific device from that manufacturer/vendor.
A PCI device has often an ID pair for the main chip of the device, and also a subsystem ID pair that identifies the vendor, which may be different from the chip manufacturer.
Computers often have many diverse and customized device drivers running in their operating system kernel which often contain variousbugs andvulnerabilities, making them a target forexploits.[18] ABring Your Own Vulnerable Driver (BYOVD) attacker installs any signed, old third-party driver with known vulnerabilities that allow malicious code to be inserted into the kernel.[19]Drivers that may be vulnerable include those for WiFi and Bluetooth,[20][21] gaming/graphics drivers,[22] and drivers for printers.[23]
There is a lack of effective kernel vulnerability detection tools, especially for closed-source operating systems such as Microsoft Windows[24] where the source code of the device drivers is mostlyproprietary and not available to examine,[25] and drivers often have many privileges.[26][27][28][29]
An important consideration in the design of a kernel is the support it provides for protection from faults (fault tolerance) and from malicious behaviours (security). These two aspects are usually not clearly distinguished, and the adoption of this distinction in the kernel design leads to the rejection of ahierarchical structure for protection.[33]
The mechanisms or policies provided by the kernel can be classified according to several criteria, including: static (enforced atcompile time) or dynamic (enforced atrun time); pre-emptive or post-detection; according to the protection principles they satisfy (e.g.,Denning[34][35]); whether they are hardware supported or language based; whether they are more an open mechanism or a binding policy; and many more.
^Tanenbaum, Andrew; Woodhull, Albert (2006).Operating Systems, Design and Implementation (3rd. ed.). Upper Saddle River, NJ: Pearson Pretence Hall. p. 256.ISBN0-13-142938-8.
^Yosifovich, Pavel; Ionescu, Alex; Russinovich, Mark; Solomon, David (2017).Windows Internals, Part 1 (Seventh ed.). Redmond, Washington: Microsoft Press.ISBN978-0-7356-8418-8.
^"CCISS".SourceForge. 2010. Archived fromthe original on 2010-08-21. Retrieved2010-08-11.Drivers for the HP (previously Compaq) Smart Array controllers which provide hardware RAID capability.
^Huang, Yongzhe; Narayanan, Vikram; Detweiler, David; Huang, Kaiming; Tan, Gang; Jaeger, Trent; Burtsev, Anton (2022)."KSplit: Automating Device Driver Isolation"(PDF).Archived(PDF) from the original on 15 September 2022. Retrieved15 September 2022.
