Our Partners

User-level Device Drivers

The reliability of device drivers is of critical importance to the overall stability of computer systems. Our approach to improving reliability of device drivers is to run them as unprivileged user processes, rather than in the kernel.

Running device drivers external to the kernel provides a number of advantages:

Robustness: A faulty driver in this situation will not cause the kernel to crash. A simple example of this is that a driver which does a NULL pointer dereference can be detected by the operating system and restarted.
Security: Running drivers external to the kernel provides the opportunity to significantly reduce the trusted computing base. Although running drivers at user-level can trap inadvertent bugs, they do not, on their own, stop potentially malicious drivers from corrupting the system when using direct memory access (DMA). Our approach uses the I/O MMU hardware technology available in newer chipsets to also control the DMA transactions that can be performed by the user-level drivers. This provides the foundation for making device drivers completely untrusted.
Ease of development and debugging: It is generally much easier for both users and developers to manage code that runs at user-level. This means that you do not need special tools to start device drivers, but rather they can just be started as you would start a regular program. For the developer this means standard debuggers and development tools can be used, and also allows for a shorter development cycle as new versions of the driver can be tested without a whole system reboot.
Enabling more interesting virtual machine technology: Hosted (type II) virtual machines usually use emulated hardware. By allowing user-level drivers, a guest can use its standard device drivers to control real hardware devices.

Much of the results of our user-level driver research are now forming part of the OKL4 product of Open Kernel Labs. Present ERTOS research is focussing on the use of IOMMUs for making device drivers untrusted, and the evaluation of the performance impact of IOMMUs.

Performance

The main perceived drawback of running device drivers at user-level is that it has a dramatic impact on performance. Previous work on user-level device drivers typically reported a 50% performance degradation over in-kernel device drivers, manifested as either a reduction in throughput or increase in CPU utilisation. Our current experiments suggests that this need not be the case.

Our experience with user-level drivers for storage devices shows that performance is similar to in-kernel drivers. This is not surprising, as disk latencies are high anyway, and file systems are optimised for hiding this latency.

More critical are high-bandwidth network devices, which are characterised by small (compared to disks) packet sizes and high interrupt rates. Our benchmarks (see detailed performance) indicate that even there the performance degradation can be kept reasonably low (less than 10% increase in CPU utilisation).

Further Information

People

Past

Ben Leslie
Charles Gray
Daniel Potts
Gernot Heiser
Kevin Elphinstone
Luke Macpherson
Myrto Zehnder
Nicholas Fitzroy-Dale
Peter Chubb
Rita Shen
Stefan Goetz

Publications

		Joshua LeVasseur Device-driver reuse via virtual machines PhD Thesis, UNSW, Sydney, Australia, May, 2009
		Myrto Zehnder and Peter Chubb Virtualising PCI Gelato ICE, Singapore, October, 2006
		Ben Leslie, Peter Chubb, Nicholas FitzRoy-Dale, Stefan Götz, Charles Gray, Luke Macpherson, Daniel Potts, Yueting (Rita) Shen, Kevin Elphinstone and Gernot Heiser User-level device drivers: Achieved performance Journal of Computer Science and Technology, Volume 20, Number 5, pp. 654–664, September, 2005
		Ben Leslie, Peter Chubb, Nicholas FitzRoy-Dale, Stefan Götz, Charles Gray, Luke Macpherson, Daniel Potts, Yueting (Rita) Shen, Kevin Elphinstone and Gernot Heiser User-level device drivers: Achieved performance Technical Report PA005043, NICTA, July, 2005
		Peter Chubb Get more device drivers out of the kernel! Ottawa Linux Symposium, Ottawa, Canada, July, 2004
		Peter Chubb Linux kernel infrastructure for user-level device drivers Linux.conf.au, Adelaide, Australia, January, 2004
		Ben Leslie, Nicholas FitzRoy-Dale and Gernot Heiser Encapsulated user-level device drivers in the Mungi operating system Workshop on Object Systems and Software Architectures , Victor Harbor, South Australia, Australia, January, 2004
		Ben Leslie and Gernot Heiser Towards untrusted device drivers Technical Report UNSW-CSE-TR-0303, School of Computer Science and Engineering, March, 2003

Trustworthy Systems