http://ertos.nicta.com.au/research/drivers/uldd/home.pml
User-level Device Drivers
The reliability of device
drivers is of critical importance
to the overall stability of computer systems. Our approach to improving
reliability of device drivers is to run them as unprivilieged user
processes, rather than in the kernel.
Running device drivers
external to the kernel provides a number of
advantages:
- Robustness
- A faulty driver in this
situation will not cause the kernel to crash. A simple example of this
is that a driver which does a NULL pointer derefence can be detected by
the operating system and restarted.
- Security
- Running drivers
external to the
kernel provides the opportunity to significantly reduce the trusted
computing base. Although running drivers at user-level can trap
inadvertent bugs, they do not, on their own, stop potentially
malicious drivers from corrupting the system when using direct memory
access (DMA). Our approach uses the I/O MMU hardware technology
available in newer chipsets to also control the DMA transactions that
can be performed by the user-level drivers. This provides the
foundation
for making device drivers completely untrusted.
- Ease of
development and debugging
- It is
generally much easier for both users and developers to manage code
that runs at user-level. This means that you do not need special tools
to start device drivers, but rather they can just be started as you
would start a regular program. For the developer this means standard
debuggers and development tools can be used, and also allows for a
shorter development cycle as new versions of the driver can be tested
without a whole system reboot.
- Enabling more
interesting virtual machine technology
- Hosted (typeII) virtual
machines usually use emulated hardware. By allowing user-level drivers,
a guest can use its standard device drivers to control real hardware
devices.
Much of the results of our
user-level driver research are now forming
part of the OKL4 product of Open Kernel
Labs. Present ERTOS research is focussing on the use of IOMMUs for
making device drivers untrusted, and the evaluation of the performance
impact of IOMMUs.
Performance
The main perceived
drawback of running device drivers at user-level
is that it has a dramatic impact on performance. Previous work on
user-level device drivers typically reported a 50% performance
degradation over in-kernel device drivers, manifested as either a
reduction in throughput or increase in CPU utilisation. Our current
experiments suggests that this need not be the case.
Our experience with
user-level drivers for storage devices shows
that performance is similar to in-kernel drivers. This is not
surprising, as disk latencies are high anyway, and file systems are
optimised for hiding this latency.
More critical are
high-bandwidth network devices, which are
characterised by small (compared to disks) packet sizes and high
interrupt rates. Our benchmarks (see detailed
performance) indicate that even
there the performance degradation can be kept reasonably low (less
than 10% increase in CPU utilisation).
Further Information
People
Current
Past
Publications
 |
 |
Myrto
Zehnder and Peter Chubb
Virtualising PCI
Gelato ICE, Singapore, October, 2006
|
|
|
 |
Ben
Leslie, Peter Chubb, Nicholas Fitzroy-Dale, Stefan Götz, Charles Gray,
Luke Macpherson, Daniel Potts, Yueting (Rita) Shen, Kevin Elphinstone
and Gernot Heiser
User-level device drivers: Achieved performance
Journal of Computer Science and Technology, 20(5),
654–664, (September, 2005)
See TR PA005043
for a preprint
|
|
|
|
Ben
Leslie, Peter Chubb, Nicholas Fitzroy-Dale, Stefan Götz, Charles Gray,
Luke Macpherson, Daniel Potts, Yueting (Rita) Shen, Kevin Elphinstone
and Gernot Heiser
User-level device drivers: Achieved performance
Technical Report PA005043, NICTA, July, 2005
|
|
|
|
Peter
Chubb
Get more device drivers out of the kernel!
Ottawa Linux Symposium, Ottawa, Canada, July, 2004
|
|
|
|
Peter
Chubb
Linux kernel infrastructure for user-level device drivers
Linux.conf.au, Adelaide, Australia, January, 2004
|
|
|
 |
Ben
Leslie, Nicholas FitzRoy-Dale and Gernot Heiser
Encapsulated user-level device drivers in the Mungi
operating system
Proceedings of the Workshop on Object Systems and Software
Architectures 2004, Victor Harbor, South Australia, Australia,
January, 2004
|
|
|
|
Ben
Leslie and Gernot Heiser
Towards untrusted device drivers
Technical Report UNSW-CSE-TR-0303, School of Computer Science and
Engineering, March, 2003
|
|
