INTRO(9F) | Kernel Functions for Drivers | INTRO(9F) |
Intro
—
Introduction to kernel and device driver
functions
#include
<sys/ddi.h>
#include <sys/sunddi.h>
Section 9F of the manual page describes functions that are used for device drivers, kernel modules, and the implementation of the kernel itself. This first provides an overview for the use of kernel functions and portions of the manual that are specific to the kernel. After that, we have grouped together most functions that are available by use, with some brief commentary and introduction.
Most manual pages are similar to those in other sections. They have common fields such as the NAME, a SYNOPSIS to show which header files to include and prototypes, an extended DESCRIPTION discussing its use, and the common combination of RETURN VALUES and ERRORS. Some manuals will have examples and additional manuals to reference in the SEE ALSO section.
One major difference when programming in the kernel versus userland is that there is no equivalent to errno. Instead, there are a few common patterns that are used throughout the kernel that we'll discuss. While there are common patterns, please be aware that due to the natural evolution of the system, you will need to read the specifics of the section.
DDI_SUCCESS
or
DDI_FAILURE
, indicating success and failure
respectively. Some functions will return additional error codes to
indicate why something failed. In general, when checking a response code
is always preferred to compare that something equals or does not equal
DDI_SUCCESS
as there can be many different error
cases and additional ones can be added over time.The CONTEXT section of a manual page describes the times in which this function may be called. In generally there are three different contexts that come up:
When executing high-level interrupts, the thread may only execute a limited number of functions. In particular, it may call ddi_intr_trigger_softint(9F), mutex_enter(9F), and mutex_exit(9F). It is critical that the mutex being used be properly initialized with the driver's interrupt priority. The system will transparently pick the correct implementation of a mutex based on the interrupt type. Aside from the above, one must not block while in high-level interrupt context.
On the other hand, when a thread is not in high-level
interrupt context, most of these restrictions are lifted. Kernel memory
may be allocated (if using a non-blocking allocation such as
KM_NOSLEEP
or
KM_NOSLEEP_LAZY
), and many of the other
documented functions may be called.
Regardless of whether a thread is in high-level or low-level interrupt context, it will never have a user context associated with it and therefore cannot use routines like ddi_copyin(9F) or ddi_copyout(9F).
In kernel manual pages (section 9), each function and entry point description generally has a separate list of parameters which are arguments to the function. The parameters section describes the basic purpose of each argument and should explain where such things often come from and any constraints on their values.
Functions below are organized into categories that describe their purpose. Individual functions are documented in their own manual pages. For each of these areas, we discuss high-level concepts behind each area and provide a brief discussion of how to get started with it. Note, some deprecated functions or older frameworks are not listed here.
Every function listed below has its own manual page in section 9F and can be read with man(1). In addition, some corresponding concepts are documented in section 9 and some groups of functions are present to support a specific type of device driver, which is discussed more in section 9E .
Through the kernel there are often needs to log messages that either make it into the system log or on the console. These kinds of messages can be performed with the cmn_err(9F) function or one of its more specific variants that operate in the context of a device (dev_err(9F)) or a zone (zcmn_err(9F)).
The console should be used sparingly. While a notice may be found there, one should assume that it may be missed either due to overflow, not being connected to say a serial console at the time, or some other reason. While the system log is better than the console, folks need to take care not to spam the log. Imagine if someone logged every time a network packet was generated or received, you'd quickly potentially run out of space and make it harder to find useful messages for bizarre behavior. It's also important to remember that only system administrators and privileged users can actually see this log. Where possible and appropriate use programmatic errors in routines that allow it.
The system also supports a structured event log called a system event that is processed by syseventd(8). This is used by the OS to provide notifications for things like device insertion and removal or the change of a data link. These are driven by the ddi_log_sysevent(9F) function and allow arbitrary additional structured metadata in the form of a nvlist_t.
cmn_err(9F) | dev_err(9F) |
vcmn_err(9F) | vzcmn_err(9F) |
zcmn_err(9F) | ddi_log_sysevent(9F) |
At the heart of most device drivers is memory allocation. The primary kernel allocator is called "kmem" (kernel memory) and it is based on the "vmem" (virtual memory) subsystem. Most of the time, device drivers should use kmem_alloc(9F) and kmem_zalloc(9F) to allocate memory and free it with kmem_free(9F). Based on the original kmem and subsequent vmem papers, the kernel is internally using object caches and magazines to allow high-throughput allocation in a multi-CPU environment.
When allocating memory, an important choice must be made: whether
or not to block for memory. If one opts to perform a sleeping allocation,
then the caller can be guaranteed that the allocation will succeed, but it
may take some time and the thread will be blocked during that entire
duration. This is the KM_SLEEP
flag. On the other
hand, there are many circumstances where this is not appropriate, especially
because a thread that is inside a memory allocation function cannot
currently be cancelled. If the thread corresponds to a user process, then it
will not be killable.
Given that there are many situations where this is not
appropriate, the kernel offers an allocation mode where it will not block
for memory to be available: KM_NOSLEEP
and
KM_NOSLEEP_LAZY
. These allocations can fail and
return NULL
when they do fail. Even though these are
said to be no sleep operations, that does not mean that the caller may not
end up temporarily blocked due to mutex contention or due to trying a bit
more aggressively to reclaim memory in the case of
KM_NOSLEEP
. Unless operating in special
circumstances, using KM_NOSLEEP_LAZY
should be
preferred to KM_NOSLEEP
.
If a device driver has its own complex object that has more significant set up and tear down costs, then the kmem cache function family should be considered. To use a kmem cache, it must first be created using the kmem_cache_create(9F) function, which requires specifying the size, alignment, and constructors and destructors. Individual objects are allocated from the cache with the kmem_cache_alloc(9F) function. An important constraint when using the caches is that when an object is freed with kmem_cache_free(9F), it is the callers responsibility to ensure that the object is returned to its constructed state prior to freeing it. If the object is reused, prior to the kernel reclaiming the memory for other uses, then the constructor will not be called again. Most device drivers do not need to create a kmem cache for their own allocations.
If you are writing a device driver that is trying to interact with the networking, STREAMS, or USB subsystems, then they are generally using the mblk_t data structure which is managed through a different set of APIs, though they are leveraging kmem under the hood.
The vmem set of interfaces allows for the management of abstract regions of integers, generally representing memory or some other object, each with an offset and length. While it is not common that a device driver needs to do their own such management, vmem_create(9F) and vmem_alloc(9F) are what to reach for when the need arises. Rather than using vmem, if one needs to model a set of integers where each is a valid identifier, that is you need to allocate every integer between 0 and 1000 as a distinct identifier, instead use id_space_create(9F) which is discussed in Identifier Management. For more information on vmem, see vmem(9).
The kernel has many analogues for classic libc functions that deal with string processing, memory copying, and related. For the most part, these behave similarly to their userland analogues, but there can be some differences in return values and for example, in the set of supported format characters in the case of snprintf(9F) and related.
These functions provide access to an intrusive self-balancing binary tree that is generally used throughout illumos. The primary type here is the avl_tree_t. Structures can be present in multiple trees and there are built-in walkers for the data structure in mdb(1).
These functions provide a standard, intrusive doubly-linked list whose type is the list_t. This list implementation is used extensively throughout illumos, has debugging support through mdb(1) walkers, and is generally recommended rather than creating your own list. Due to its intrusive nature, a given structure can be present on multiple lists.
The kernel often uses the nvlist_t data structure to pass around a list of typed name-value pairs. This data structure is used in diverse areas, particularly because of its ability to be serialized in different formats that are suitable not only for use between userland and the kernel, but also persistently to a file.
A nvlist_t structure is initialized with the nvlist_alloc(9F) function and can operate with two different degrees of uniqueness: a mode where only names are unique or that every name is qualified to a type. The former means that if I have an integer name “foo” and then add a string, array, or any other value with the same name, it will be replaced. However, if were using the name and type as unique, then the value would only be replaced if both the pair's type and the name “foo” matched a pair that was already present. Otherwise, the two different entries would co-exist.
When constructing an nvlist, it is normally backed by the normal kmem allocator and may either use sleeping or non-sleeping allocations. It is also possible to use a custom allocator, though that generally has not been necessary in the kernel.
Specific keys and values can be looked up directly with the nvlist_lookup family of functions, but the entire list can be iterated as well, which is especially useful when trying to validate that no unknown keys are present in the list. The iteration API nvlist_next_nvpair(9F) allows one to then get both the key's name, the type of value of the pair, and then the value itself.
A common challenge in the kernel is the management of a series of different IDs. There are three different families of routines for managing identifiers presented here, but we recommend the use of the id_space_create(9F) and id_alloc(9F) family for new use cases. The ID space can cover all or a subset of the 32-bit integer space and provides different allocation strategies for this.
Due to the current implementation, callers should generally prefer the non-sleeping variants because the sleeping ones are not cancellable (currently this is backed by vmem, but this should not be assumed and may change in the future).
Many device drivers that are working with registers often need to get a specific range of bits out of an integer. These functions provide safe ways to set (bitset) and extract (bitx) bit ranges, as well as modify an integer to remove a set of bits entirely (bitdel). Using these functions is preferred to constructing manual masks and shifts particularly when a programming manual for a device is specified in ranges of bits. On debug builds, these provide extra checking to try and catch programmer error.
bitdel64(9F) | bitset8(9F) |
bitset16(9F) | bitset32(9F) |
bitset64(9F) | bitx8(9F) |
bitx16(9F) | bitx32(9F) |
bitx64(9F) |
The kernel provides a set of basic synchronization primitives that can be used by the system. These include mutexes, condition variables, reader/writer locks, and semaphores. When creating mutexes and reader/writer locks, the kernel requires that one pass in the interrupt priority of a mutex if it will be used in interrupt context. This is required so the kernel can determine the correct underlying type of lock to use. This ensures that if for some reason a mutex needs to be used in high-level interrupt context, the kernel will use a spin lock, but otherwise can use the standard adaptive mutex that might block. For developers familiar with other operating systems, this is somewhat different in that the consumer does not need to generally figure out this level of detail and this is why this is not present.
In addition, condition variables provide means for waiting and detecting that a signal has been delivered. These variants are particularly useful when writing character device operations for device drivers as it allows users the chance to cancel an operation and not be blocked indefinitely on something that may not occur. These _sig variants should generally be preferred where applicable.
The kernel also provides memory barrier primitives. See the Memory Barriers section for more information. There is no need to use manual memory barriers when using the synchronization primitives. The synchronization primitives contain that the appropriate barriers are present to ensure coherency while the lock is held.
This group of functions provides a general way to perform atomic operations on integers of different sizes and explicit types. The atomic_ops(9F) manual page describes the different classes of functions in more detail, but there are functions that take care of using the CPU's instructions for addition, compare and swap, and more. If data is being protected and only accessed under a synchronization primitive such as a mutex or reader-writer lock, then there isn't a reason to use an atomic operation for that data, generally speaking.
The kernel provides general purpose memory barriers that can be used when required. In general, when using items described in the Synchronization Primitives section, these are not required.
membar_consumer(9F) | membar_enter(9F) |
membar_exit(9F) | membar_producer(9F) |
All platforms that the operating system supports have some form of virtual memory which is managed in units of pages. The page size varies between architectures and platforms. For example, the smallest x86 page size is 4 KiB while SPARC traditionally used 8 KiB pages. These functions can be used to convert between pages and bytes.
btop(9F) | btopr(9F) |
ddi_btop(9F) | ddi_btopr(9F) |
ddi_ptob(9F) | ptob(9F) |
These functions are used as part of implementing kernel modules and register device drivers with the various kernel frameworks. There are also functions here that are suitable for use in the dev_ops(9S), cb_ops(9S), etc. structures and for interrogating module information.
The mod_install(9F) and mod_remove(9F) functions are used during a driver's _init(9E) and _fini(9E) functions.
There are two different ways that drivers often manage their instance state which is created during attach(9E). The first is the use of ddi_set_driver_private(9F) and ddi_get_driver_private(9F). This stores a driver-specific value on the dev_info_t structure which allows it to be used during other operations. Some device driver frameworks may use this themselves, making this unavailable to the driver.
The other path is to use the soft state suite of functions which dynamically grows to cover the number of instances of a device that exist. The soft state is generally initialized in the _init(9E) entry point with ddi_soft_state_init(9F) and then instances are allocated and freed during attach(9E) and detach(9E) with ddi_soft_state_zalloc(9F) and ddi_soft_state_free(9F), and then retrieved with ddi_get_soft_state(9F).
Devices are organized into a tree that is partially seeded by the platform based on information discovered at boot and augmented with additional information at runtime. Every instance of a device driver is given a dev_info_t * (device information) data structure which corresponds to information about an instance and has a place in the tree. When a driver requests operations like to allocate memory for DMA, that request is passed up the tree and modified. The same is true for other things like interrupts, event notifications, or properties.
There are many different informational properties about a device driver. For example, ddi_driver_name(9F) returns the name of the device driver, ddi_get_name(9F) returns the name of the node in the tree, ddi_get_parent(9F) returns a node's parent, and ddi_get_instance(9F) returns the instance number of a specific driver.
There are a series of properties that exist on the tree, the exact set of which depend on the class of the device and are often documented in a specific device class's manual. For example, the “reg” property is used for PCI and PCIe devices to describe the various base address registers, their types, and related, which are documented in pci(5).
When getting a property one can constrain it to the current instance or you can ask for a parent to try to look up the property. Which mode is appropriate depends on the specific class of driver, its parent, and the property.
Using a dev_info_t * pointer has to be done carefully. When a device driver is in any of its dev_ops(9S), cb_ops(9S), or similar callback functions that it has registered with the kernel, then it can always safely use its own dev_info_t and those of any parents it discovers through ddi_get_parent(9F). However, it cannot assume the validity of any siblings or children unless there are other circumstances that guarantee that they will not disappear. In the broader kernel, one should not assume that it is safe to use a given dev_info_t * structure without the appropriate NDI (nexus driver interface) hold having been applied.
The kernel operates in a different context from userland. One does not simply access user memory. This is enforced either by the architecture's memory model, where user address space isn't even present in the kernel's virtual address space or by architectural mechanisms such as Supervisor Mode Access Protect (SMAP) on x86.
To facilitate accessing memory, the kernel provides a few routines that can be used. In most contexts the main thing to use is ddi_copyin(9F) and ddi_copyout(9F). These will safely dereference addresses and ensure that the address is appropriate depending on whether this is coming from the user or kernel. When operating with the kernel's uio_t structure which is for mostly used when processing read and write requests, instead uiomove(9F) is the goto function.
When reading data from userland into the kernel, there is another concern: the data model. The most common place this comes up is in an ioctl(9E) handler or other places where the kernel is operating on data that isn't fixed size. Particularly in C, though this applies to other languages, structures and unions vary in the size and alignment requirements between 32-bit and 64-bit processes. The same even applies if one uses pointers or the long, size_t, or similar types in C. In supported 32-bit and 64-bit environments these types are 4 and 8 bytes respectively. To account for this, when data is not fixed size between all data models, the driver must look at the data model of the process it is copying data from.
The simplest way to solve this problem is to try to make the data
structure the same across the different models. It's not sufficient to just
use the same structure definition and fixed size types as the alignment and
padding between the two can vary. For example, the alignment of a 64-bit
integer like a uint64_t can change between a 32-bit
and 64-bit data model. One way to check for the data structures being
identical is to leverage the
ctfdiff(1) program, generally with
the -I
option.
However, there are times when a structure simply can't be the same, such as when we're encoding a pointer into the structure or a type like the size_t. When this happens, the most natural way to accomplish this is to use the ddi_model_convert_from(9F) function which can determine the appropriate model from the ioctl's arguments. This provides a natural way to copy a structure in and out in the appropriate data model and convert it at those points to the kernel's native form.
An alternate way to approach the data model is to use the STRUCT_DECL(9F) functions, but as this requires wrapping every access to every member, often times the ddi_model_convert_from(9F) approach and taking care of converting values and ensuring that limits aren't exceeded at the end is preferred.
The kernel abstracts out accessing registers on a device on behalf of drivers. This allows a similar set of interfaces to be used whether the registers are found within a PCI BAR, utilizing I/O ports, memory mapped registers, or some other scheme. Devices with registers all have a “regs” property that is set up by their parent device, generally a kernel framework as is the case for PCIe devices, and the meaning is a contract between the two. Register sets are identified by a numeric ID, which varies on the device type. For example, the first BAR of a PCI device is defined as register set 1. On the other hand, the AMD GPIO controller might have three register sets because of how the hardware design splits them up. The meaning of the registers and their semantics is still device-specific. The kernel doesn't know how to interpret the actual registers of a PCIe device say, just that they exist.
To begin with register setup, one often first looks at the number
of register sets that exist and their size. Most PCI-based device drivers
will skip calling
ddi_dev_nregs(9F) and will
just move straight to calling
ddi_dev_regsize(9F) to
determine the size of a register set that they are interested in. To
actually map the registers, a device driver will call
ddi_regs_map_setup(9F)
which requires both a register set and a series of attributes and returns an
access handle that is used to actually read and write the registers. When
setting up registers, one must have a corresponding
ddi_device_acc_attr_t structure which is used to
define what endianness the register set is in, whether any kind of
reordering is allowed (if in doubt specify
DDI_STRICTORDER_ACC
), and whether any particular
error handling is being used. The structure and all of its different options
are described in
ddi_device_acc_attr(9S).
Once a register handle is obtained, then it's easy to read and write the register space. Functions are organized based on the size of the access. For the most part, most situations call for the use of the ddi_get8(9F), ddi_get16(9F), ddi_get32(9F), and ddi_get64(9F) functions to read a register and the ddi_put8(9F), ddi_put16(9F), ddi_put32(9F), and ddi_put64(9F) functions to set a register value. While there are the ddi_io_ and ddi_mem_ families of functions below, these are not generally needed and are generally present for compatibility. The kernel will automatically perform the appropriate type of register read for the device type in question.
Once a register set is no longer being used, the ddi_regs_map_free(9F) function should be used to release resources. In most cases, this happens while executing the detach(9E) entry point.
Most high-performance devices provide first-class support for DMA (direct memory access). DMA allows a transfer between a device and memory to occur asynchronously and generally without a thread's specific involvement. Today, most DMA is provided directly by devices and the corresponding device scheme. Take PCI and PCI Express for example. The idea of DMA is built into the PCIe standard and therefore basic support for it exists and therefore there isn't a lot of special programming required. However, this hasn't always been true and still exists in some cases where there is a 3rd party DMA engine. If we consider the PCIe example, the PCIe device directly performs reads and writes to main memory on its own. However, in the 3rd party case, there is a distinct controller that is neither the device nor memory that facilitates this, which is called a DMA engine. For most part, DMA engines are not something that needs to be thought about for most platforms that illumos is present on; however, they still exist in some embedded and related contexts.
The first thing that a driver needs to do to set up DMA is to understand the constraints of the device and bus. These constraints are described in a series of attributes in the ddi_dma_attr_t structure which is defined in ddi_dma_attr(9S). The reason that attributes exist is because different devices, and sometimes different memory uses with a device, have different requirements for memory. A simple example of this is that not all devices can accept memory addresses that are 64-bits wide and may have to be constrained to the lower 32-bits of memory. Another common constraint is how this memory is chunked up. Some devices may require that all of the DMA memory be contiguous, while others can allow that to be broken up into say up to 4 or 8 different regions.
When memory is allocated for DMA it isn't immediately mapped into the kernel's address space. The addresses that describe a DMA address are defined in a DMA cookie, several of which may make up a request. However, those addresses are always physical addresses or addresses that are virtualized by an IOMMU. There are some cases were the kernel or a driver needs to be able to access that memory, such as memory that represents a networking packet. The IP stack will expect to be able to actually read the data it's given.
To begin with allocating DMA memory, a driver first fills out its attribute structure. Once that's ready, the DMA allocation process can begin. This starts off by a driver calling ddi_dma_alloc_handle(9F). This handle is used through the lifetime of a given DMA memory buffer, but it can be used across multiple operations that a device or the kernel may perform. The next step is to actually request that the kernel allocate some amount of memory in the kernel for this DMA request. This phase actually allocates addresses in virtual address space for the activity and also requires a register attribute object that is discussed in Device Register Setup and Access. Armed with this a driver can now call ddi_dma_mem_alloc(9F) to specify how much memory they are looking for. If this is successful, a virtual address, the actual length of the region, and an access handle will be returned.
At this point, the virtual address region is present. Most drivers will access this virtual address range directly and will ignore the register access handle. The side effect of this is that they will handle all endianness issues with the memory region themselves. If the driver would prefer to go through the handle, then it can use the register access functions discussed earlier.
Before the memory can be programmed into the device, it must be bound to a series of physical addresses or addresses virtualized by an IOMMU. While the kernel presents the illusion of a single consistent virtual address range for applications, the physical reality can be quite different. When the driver is ready it calls ddi_dma_addr_bind_handle(9F) to create the mapping to well known physical addresses.
These addresses are stored in a series of cookies. A driver can determine the number of cookies for a given request by utilizing its DMA handle and calling ddi_dma_ncookies(9F) and then pairing that with ddi_dma_cookie_get(9F). These DMA cookies will not change and can be used time and time again until ddi_dma_unbind_handle(9F) is called. With this information in hand, a physical device can be programmed with these addresses and let loose to perform I/O.
When performing I/O to and from a device, synchronization is a vitally important thing which ensures that the actual state in memory is coherent with the rest of the CPU's internal structures such as caches. In general, a given DMA request is only going in one direction: for a device or for the local CPU. In either case, the ddi_dma_sync(9F) function must be called after the kernel is done writing to a region of DMA memory and before it triggers the device or the kernel must call it after the device has told it that some activity has completed that it is going to check.
Some DMA operations utilize what are called DMA windows. The most common consumer is something like a disk device where DMA operations to a given series of sectors can be split up into different chunks where as long as all the transfers are performed, the intermediate states are acceptable. Put another way, because of how SCSI and SAS commands are designed, block devices can basically take a given I/O request and break it into multiple independent I/Os that will equate to the same final item.
When a device supports this mode of operation and it is opted into, then a DMA allocation may result in the use of DMA windows. This allows for cases where the kernel can't perform a DMA allocation for the entire request, but instead can allocate a partial region and then walk through each part one at a time. This is uncommon outside of block devices and usually also is related to calling ddi_dma_buf_bind_handle(9F).
Interrupts are a central part of the role of device drivers and one of the things that's important to get right. Interrupts come in different types: fixed, MSI, and MSI-X. The kinds that are available depend on the device and the rest of the system. For example, MSI and MSI-X interrupts are generally specific to PCI and PCI Express devices. To begin the interrupt allocation process, the first thing a driver needs to do is to discover what type of interrupts it supports with ddi_intr_get_supported_types(9F). Then, the driver should work through the supported types, preferring MSI-X, then MSI, and finally fixed interrupts, and try to allocate interrupts.
Drivers first need to know how many interrupts that they require. For example, a networking driver may want to have an interrupt made available for each ring that it has. To discover the number of interrupts available, the driver should call ddi_intr_get_navail(9F). If there are sufficient interrupts, it can proceed to actually allocate the interrupts with ddi_intr_alloc(9F). When allocating interrupts, callers need to check to see how many interrupts the system actually gave them. Just because an interrupt is allocated does not mean that it will fire or be ready to use, there are a series of additional steps that the driver must take.
To go through and enable the interrupt, the driver should go through and get the interrupt capabilities with ddi_intr_get_cap(9F) and the priority of the interrupt with ddi_intr_get_pri(9F). The priority must be used while creating mutexes and related synchronization primitives that will be used during the interrupt handler. At this point, the driver can go ahead and register the functions that will be called with each allocated interrupt with the ddi_intr_add_handler(9F) function. The arguments can vary for each allocated interrupt. It is common to have an interrupt-specific data structure passed in one of the arguments or an interrupt number, while the other argument is generally the driver's instance-specific data structure.
At this point, the last step for the interrupt to be made active
from the kernel's perspective is to enable it. This will use either the
ddi_intr_block_enable(9F)
or ddi_intr_enable(9F)
functions depending on the interrupt's capabilities. The reason that these
are different is because some interrupt types (MSI) require that all
interrupts in a group be enabled and disabled at the same time. This is
indicated with the DDI_INTR_FLAG_BLOCK
flag found in
the interrupt's capabilities. Once that is called, interrupts that are
generated by a device will be delivered to the registered function.
It's important to note that there is often device-specific interrupt setup that is required. While the kernel takes care of updating any pieces of the processor's interrupt controller, I/O crossbar, or the PCI MSI and MSI-X capabilities, many devices have device-specific registers that are used to manage, set up, and acknowledge interrupts. These registers or other controls are often capable of separately masking interrupts and are generally what should be used if there are times that you need to separately enable or disable interrupts such as to poll an I/O ring.
When unwinding interrupts, one needs to work in the reverse order here. Until ddi_intr_block_disable(9F) or ddi_intr_disable(9F) is called, one should assume that their interrupt handler will be called. Due to cases where an interrupt is shared between multiple devices, this can happen even if the device is quiesced! Only after that is done is it safe to then free the interrupts with a call to ddi_intr_free(9F).
For a device driver to be accessed by a program in user space (or with the kernel layered device interface) then it must create a minor node. Minor nodes are created under /devices (devfs(4FS)) and are tied to the instance of a device driver via its dev_info_t. The devfsadm(8) daemon and the /dev file system (sdev, dev(4FS)) are responsible for creating a coherent set of names that user programs access. Drivers create these minor nodes using the ddi_create_minor_node(9F) function listed below.
In UNIX tradition, character, block, and STREAMS device special files are identified by a major and minor number. All instances of a given driver share the same major number, which means that a device driver must coordinate the minor number space across all instances. While a minor node is created with a fixed minor number, it is possible to change the minor number while processing an open(9E) call, allowing subsequent character device operations to uniquely identify a particular caller. This is usually referred to as a driver that “clones”.
When drivers aren't performing cloning, then usually the minor
number used when creating the minor node is some fixed offset or multiple of
the driver's instance number. When cloning and a driver needs to allocate
and manage a minor number space, usually an ID space is leveraged whose IDs
are usually in the range from 0 through MAXMIN32
.
There are several different strategies for tracking data structures as they
relate to minor numbers. Sometimes, the soft state functionality is used.
Others might keep an AVL tree around or tie the data to some other data
structure. The method chosen often varies on the specifics of the
implementation and its broader context.
The dev_t structure represents the combined major and minor number. It can be taken apart with the getmajor(9F) and getminor(9F) functions and then reconstructed with the makedevice(9F) function.
ddi_create_minor_node(9F) | ddi_remove_minor_node(9F) |
getmajor(9F) | getminor(9F) |
devfs_clean(9F) | makedevice(9F) |
The kernel provides a number of ways to understand time in the system. In particular it provides a few different clocks and time measurements:
The high-resolution clock is implemented using an architecture and platform-specific means. For example, on x86 it is generally backed by the TSC (time stamp counter).
In general, this time should not be used by drivers for any purpose. It can jump around, drift, and most aspects in the kernel are not based on the real-time clock. For any device timing activities, the high-resolution clock should be used.
In general, drivers should prefer the high-resolution monotonic clock for tracking events internally.
With these different timing mechanisms, the kernel provides a few different ways to delay execution or to get a callback after some amount of time passes.
The delay(9F) and drv_usecwait(9F) functions are used to block the execution of the current thread. delay(9F) can be used in conditions where sleeping and blocking is allowed where as drv_usecwait(9F) is a busy-wait, which is appropriate for some device drivers, particularly when in high-level interrupt context.
The kernel also allows a function to be called after some time has elapsed. This callback occurs on a different thread and will be executed in kernel context. A timeout can be scheduled in the future with the timeout(9F) function and cancelled with the untimeout(9F) function. There is also a STREAMs-specific version that can be used if the circumstances are required with the qtimeout(9F) function.
These are all considered one-shot events. That is, they will only happen once after being scheduled. If instead, a driver requires periodic behavior, such as needing something to occur every second, then it should use the ddi_periodic_add(9F) function to establish that.
A task queue provides an asynchronous processing mechanism that can be used by drivers and the broader system. A task queue can be created with ddi_taskq_create(9F) and sized with a given number of threads and a relative priority of those threads. Once created, tasks can be dispatched to the queue with ddi_taskq_dispatch(9F). The different functions and arguments dispatched do not need to be the same and can vary from invocation to invocation. However, it is the caller's responsibility to ensure that any reference memory is valid until the task queue is done processing. It is possible to create a barrier for a task queue by using the ddi_taskq_wait(9F) function.
While task queues are a flexible mechanism for handling and processing events that occur in a well defined context, they do not have an inherent backpressure mechanism built in. This means it is possible to add events to a task queue faster than they can be processed. For high-volume events, this must be considered before just dispatching an event. Do not rely on a non-sleeping allocation in the task queue dispatch context.
ddi_taskq_create(9F) | ddi_taskq_destroy(9F) |
ddi_taskq_dispatch(9F) | ddi_taskq_resume(9F) |
ddi_taskq_suspend(9F) | ddi_taskq_suspended(9F) ddi_taskq_wait |
Not everything in the system has the same power to impact it. To determine the permissions and context of a caller, the cred_t data structure encapsulates a number of different things including the traditional user and group IDs, but also the zone that one is operating in the context of and the associated privileges that the caller has. While this concept is more often thought of due to userland processes being associated with specific users, these same principles apply to different threads in the kernel. Not all kernel threads are allowed to indiscriminately do what they want, they can be constrained by the same privilege model that processes are, which is discussed in privileges(7).
Most operations that device drivers implement are given a credential. However, from within the kernel, a credential can be obtained that refers to a specific zone, the current process, or a generic kernel credential.
It is up to drivers and the kernel writ-large to check whether a
given credential is authorized to perform a given operation. This is
encapsulated by the various privilege checks that exist. The most common
check used is drv_priv(9F) which
checks for PRIV_SYS_DEVICES
.
Device IDs are a means of establishing a unique ID for a device in the kernel. These unique IDs are generally tied to something from the device's hardware such as a serial number or related, but can also be fabricated and stored on the device. These device IDs are used by other subsystems like ZFS to record information about a device as the actual /devices path that a device resides at may change because it is moved around in the system.
For device drivers, particularly those that represent block devices, they should first call ddi_devid_init(9F) to initialize the device ID data structure. After that is done, it is then safe to call ddi_devid_register(9F) to notify the kernel about the ID.
The mblk_t data structure is used to chain together messages which are used through the kernel for different subsystems including all of networking, terminals, STREAMS, USB, and more.
Message blocks are chained together by a series of two different
pointers: b_cont and b_next.
When a message is split across multiple data buffers, they are linked by the
b_cont pointer. However, multiple distinct messages
can be chained together and linked by the b_next
pointer. Let's look at this in the context of a series of networking
packets. If we had a chain of say 10 UDP packets that we were given, each
UDP packet is considered an independent message and would be linked from one
to the next based on the order they should be transmitted with the
b_next pointer. However, an individual message may be
entirely in one message block, in which case its
b_cont pointer would be NULL
,
but if say the packet were split into a 100 byte data buffer that contained
the headers and then a 1000 byte data buffer that contained the actual
packet data, those two would be linked together by
b_cont. A continued message would never have its next
pointer used to link it to a wholly different message. Visually you might
see this as:
+---------------+ | UDP Message 0 | | Bytes 0-1100 | | b_cont ---+--> NULL | b_next + | +---------|-----+ | v +---------------+ +----------------+ | UDP Message 1 | | UDP Message 1+ | | Bytes 0-100 | | Bytes 100-1100 | | b_cont ---+--> | b_cont ----+->NULL | b_next + | | b_next ----+->NULL +---------|-----+ +----------------+ | ... | v +---------------+ | UDP Message 9 | | Bytes 0-1100 | | b_cont ---+--> NULL | b_next ---+--> NULL +---------------+
Message blocks all have an associated data block which contains
the actual data that is present. Multiple message blocks can share the same
data block as well. The data block has a notion of a type, which is
generally M_DATA
which signifies that they operate
on data.
To allocate message blocks, one generally uses the allocb(9F) function to create one; however, you can also create message blocks using your own source of data through functions like desballoc(9F). This is generally used when one wants to use memory that was originally used for DMA to pass data back into the kernel, such as in a networking device driver. When this happens, a callback function will be called once the last user of the data block is done with it.
The functions listed below often end in either “msg” or “b” to indicate that they will operate on an entire message and follow the b_cont pointer or they will not respectively.
The UFM (Upgradable Firmware Module) subsystem is used to grant the system observability into firmware that exists persistently on a device. These functions are intended for use by drivers that are participating in the kernel's UFM framework, which is discussed in ddi_ufm(9E).
The ddi_ufm_init(9F) and ddi_ufm_fini(9F) functions are used to indicate support of the subsystem to the kernel. The driver is required to use the ddi_ufm_update(9F) function to indicate both that it is ready to receive UFM requests and to indicate that any data that the kernel may have previously received has changed. Once that's completed, then the other functions listed here are generally used as part of implementing specific callback functions that are registered.
Some hardware devices have firmware that is not stored as part of the device itself and must instead be sent to the device each time it is powered on. These routines help drivers that need to perform this read such data from the file system from well-known locations in the operating system. To begin with, a driver should call firmware_open(9F) to open a handle to the firmware file. At that point, one can determine the size of the file with the firmware_get_size(9F) function and allocate the appropriate sized memory buffer to read it in. Callers should always check what the size of the returned file is and should not just blindly pass that size off to the kernel memory allocator. For example, if a file was over 100 MiB in size, then one should not assume that they're going to just blindly allocate 100 MiB of kernel memory and should instead perform incremental reads and sends to a device that are smaller in size.
A driver can then go through and perform arbitrary reads of the firmware file through the firmware_read(9F) interface until they have read everything that they need. Once complete, the corresponding handle needs to be released through the firmware_close(9F) function.
firmware_close(9F) | firmware_get_size(9F) |
firmware_open(9F) | firmware_read(9F) |
These functions allow device drivers to harden themselves against errors that might occur while interfacing with devices and tie into the broader fault management architecture.
To begin, a driver must declare which capabilities it implements during its attach(9E) function by calling ddi_fm_init(9F). The set of capabilities it receives back may be less than what was requested because the capabilities are dependent on the overall chain of drivers present.
If DDI_FM_EREPORT_CAPABLE
was negotiated,
then the driver is expected to generate error events when certain conditions
occur using the
ddi_fm_ereport_post(9F)
function or the more specific
pci_ereport_post(9F)
function. If a caller has negotiated
DDI_FM_ACCCHK_CAPABLE
, then it is allowed to set up
its register attributes to indicate that it will check for errors on the
register handle after using functions like
ddi_get8(9F) and
ddi_put8(9F) by calling
ddi_fm_acc_err_get(9F)
and reacting accordingly. Similarly, if a driver has negotiated
DDI_FM_DMACHK_CAPABLE
, then it will use
ddi_check_dma_handle(9F)
to check the results of DMA activity and handle the results appropriately.
Similar to register accesses, the DMA attributes must be updated to set that
error handling is anticipated on this handle. The
ddi_fm_init(9F) manual page has
an overview of the other types of flags that can be negotiated and how they
are used.
These functions are for use by SCSI and SAS device drivers that leverage the kernel's frameworks. Other device drivers should not use these. For more background on these, some of the general concepts are discussed in iport(9), phymap(9), and tgtmap(9).
Device drivers register initially with the kernel by using the scsi_hba_init(9F) function and then, in their attach routine, register specific instances, using functions like scsi_hba_iport_register(9F) or instead scsi_hba_tran_alloc(9F) and scsi_hba_attach_setup(9F). New drivers are encouraged to use the target map and iports framework to simplify the device driver writing process.
Block devices operate with a data structure called the struct buf which is described in buf(9S). This structure is used to represent a given block request and is used heavily in block devices, the SCSI/SAS framework, and the blkdev framework. The functions described here are used to manipulate these structures in various ways such as copying them around, indicating error conditions, or indicating when the I/O operation is done. By default, this memory is not mapped into the kernel's address space so several functions such as bp_mapin(9F) are present to allow for that to happen when required.
To initially obtain a struct buf, drivers should begin by calling getrbuf(9F) at which point, the caller can fill in the structure. Once that's done, the physio(9F) function can be used to actually perform the I/O and wait until it's complete.
These functions are for networking device drivers that implant the MAC, GLDv3 interfaces. The full framework and how to use it is described in mac(9E).
These functions are designed for USB device drivers. To first initialize with the kernel, a device driver must call usb_client_attach(9F) and then usb_get_dev_data(9F). The latter call is required to get access to the USB-level descriptors about the device which describe what kinds of USB endpoints (control, bulk, interrupt, or isochronous) exist on the device as well as how many different interfaces and configurations are present.
Once a given configuration, sometimes the default, is selected, then the driver can proceed to opening up what the USB architecture calls a pipe, which provides a way to send requests to a specific USB endpoint. First, specific endpoints can be looked up using the usb_lookup_ep_data(9F) function which gets information from the parsed descriptors and then that gets filled into an extended descriptor with usb_ep_xdescr_fill(9F). With that in hand, a pipe can be opened with usb_pipe_xopen(9F).
Once a pipe has been opened, which most often happens in a driver's attach(9E) entry point, then requests can be allocated and submitted. There is a different allocation for each type of request (e.g. usb_alloc_bulk_req(9F)) and a different submission function for each type as well. Each request structure has a corresponding page in section 9S that describes the structure, its members, and how to work with it.
One other major concern for USB devices, which isn't as common with other types of devices, is that they can be yanked out and reinserted at any time. To help determine when this happens, the kernel offers the usb_register_event_cbs(9F) function which allows a driver to register for callbacks when a device is disconnected, reconnected, or around checkpoint suspend/resume behavior.
These functions are specific for PCI and PCI Express based device drivers and are intended to be used to get access to PCI configuration space. For normal PCI base address registers (BARs) instead see Register Setup and Access.
To access PCI configuration space, a device driver should first call pci_config_setup(9F). Generally, drivers will call this in their attach(9E) entry point and then tear down the configuration space access with the pci_config_teardown(9F) entry point in detach(9E). After setting up access to configuration space, the returned handle can be used in all of the various configuration space routines to get and set specific sized values in configuration space.
These routines are used for device drivers which implement the USB host controller interfaces described in usba_hcdi(9E). Other types of devices drivers and modules should not call these functions. In particular, if one is writing a device driver for a USB device, these are not the routines you're looking for and you want to see USB Device Driver Functions. These are what the ehci(4D) or xhci(4D) drivers use to provide services that USB drivers use via the kernel USB architecture.
These functions exist for older PCMCIA device drivers. These should not otherwise be used by the system.
These functions are meant to be used when interacting with STREAMS devices or when implementing one. When a STREAMS driver is opened, it receives messages on a queue which are then processed and can be sent back. As different queues are often linked together, the most common thing is to process a message and then pass the message onto the next queue using the putnext(9F) function.
STREAMS messages are passed around using message blocks, which use the mblk_t type. See Message Block Functions for more about how the data structure and functions that manipulate message blocks.
These functions should generally not be used when implementing a networking device driver today. See mac(9E) instead.
The following functions are used when a STREAMS-based device
driver is processing its ioctl(9E)
entry point. Unlike character and block devices, STREAMS ioctls are passed
around in message blocks and copying data in and out of userland as STREAMS
ioctls are generally always processed in kernel context.
This means that the normal functions like
ddi_copyin(9F) and
ddi_copyout(9F) cannot be used.
Instead, when a message block has a type of M_IOCTL
,
then these routines can often be used to convert the structure into one that
asks for data to be copied in, copied out, or to finally acknowledge the
ioctl as successful or to terminate the processing in error.
mcopyin(9F) | mcopyout(9F) |
mioc2ack(9F) | miocack(9F) |
miocnak(9F) | miocpullup(9F) |
mkiocb(9F) |
These functions are present in service of the chpoll(9E) interface which is used to support the traditional poll(2), and select(3C) interfaces as well as event ports through the port_get(3C) interface. See chpoll(9E) for the specific cases this should be called. If a device driver does not implement the chpoll(9E) character device entry point, then these functions should not be used.
pollhead_clean(9F) | pollwakeup(9F) |
The kernel statistics or kstat framework provides an easy way of exporting statistic information to be consumed outside of the kernel. Users can interface with this data via kstat(8) and the corresponding kstat library discussed in kstat(3KSTAT).
Kernel statistics are grouped using a tuple of four identifiers,
separated by colons when using
kstat(8). These are, in order, the
statistic module name, instance, a name which covers a group of statistics,
and an individual name for a statistic. In addition, kernel statistics have
a class which is used to group similar named groups of statistics together
across devices. When using
kstat_create(9F), drivers
specify the first three parts of the tuple and the class. The naming of
individual statistics, the last part of the tuple, varies based upon the
type of the statistic. For the most part, drivers will use the kstat type
KSTAT_TYPE_NAMED
, which allows multiple name-value
pairs to exist within the statistic. For example, the kernel's layer 2
networking framework, mac(9E), creates a
kstat with the driver's name and instance and names it “mac”.
Within this named group, there are statistics for all of the different
individual stats that the kernel and devices track such as bytes transmitted
and received, the state and speed of the link, and advertised and enabled
capabilities.
A device driver can initialize a kstat with the kstat_create(9F) function. It will not be made accessible to users until the kstat_install(9F) function is called. The device driver must perform additional initialization of the kstat before proceeding and calling kstat_install(9F). The kstat structure that drivers see is discussed in kstat(9S).
These functions are used to allow a device driver to register for certain events that might occur to its device or a parent in the tree and receive a callback function when they occur. A good example of this is when a device has been removed from the system such as someone just pulling out a USB device or NVMe U.2 device. The event handlers work by first getting a cookie that names the type of event with ddi_get_eventcookie(9F) and then registering the callback with ddi_add_event_handler(9F).
The ddi_cb_register(9F) function is used to collect over classes of events such as when participating in dynamic interrupt sharing.
ddi_add_event_handler(9F) | ddi_cb_register(9F) |
ddi_cb_unregister(9F) | ddi_get_eventcookie(9F) |
ddi_remove_event_handler(9F) |
The LDI (Layered Device Interface) provides a mechanism for a driver to open up another device in the kernel and begin calling basic operations on the device as though the calling driver were a normal user process. Through the LDI, drivers can perform equivalents to the basic file read(2) and write(2) calls, look up properties on the device, perform networking style calls ala getmsg(2) and putmsg(2), and register callbacks to be called when something happens to the underlying device. For example, the ZFS file system uses the LDI to open and operate on block devices.
Before opening a device itself, callers must obtain a notion of their identity which is used when making subsequent calls. The simplest form is often to use the device's dev_info_t and call ldi_ident_from_dip(9F); however, there are also methods available based upon having a dev_t or a STREAMS struct queue.
Once that identity is established, there are several ways to open a device such as ldi_open_by_dev(9F), ldi_open_by_devid(9F), or ldi_open_by_name(9F). Once an LDI device has been opened, then all of the other functions may be used to operate on the device; however, consumers of the LDI must think carefully about what kind of device they are opening. While a kernel pseudo-device driver cannot disappear while it is open, when the device represents an actual piece of hardware, it is possible for it to be physically removed and no longer be accessible. Consumers should not assume that a layered device will always be present.
These utility functions all relate to understanding whether or not a process can receive a signal an actually delivering one to a process from a driver. This interface is specific to device drivers and should not be used by the broader kernel. These interfaces are not recommended and should only be used after consultation.
ddi_can_receive_sig(9F) | proc_ref(9F) |
proc_signal(9F) | proc_unref(9F) |
These functions allow a driver to better understand its current context. For example, some drivers have to deal with providing polled I/O or take special care as part of creating a kernel crash dump. These cases may need to call the ddi_in_panic(9F) function. The other functions generally provide a way to get at information such as the process ID or other information from the system; however, this generally should not be needed or used. Almost all values exposed by say drv_getparm(9F) have more usable first-class methods of getting at the data.
ddi_get_kt_did(9F) | ddi_get_pid(9F) |
ddi_in_panic(9F) | drv_getparm(9F) |
These functions are present for device drivers that implement the devmap(9E) or segmap(9E) entry points. The ddi_umem_alloc(9F) routines are used to allocate and lock memory that can later be used as part of passing this memory to userland through the mapping entry points.
These routines provide the ability to work with and deal with text in different encodings and code sets. Generally the kernel does not assume that much about the type of the text that it is operating in, though some subsystems will require that the names of things be ASCII only.
The primary other locales that the system supports are generally UTF-8 based and so the kernel provides a set of routines to deal with UTF-8 and Unicode normalization. However, there are still cases where different character encodings are required or conversation between UTF-8 and some other type is required. This is provided by the kernel iconv framework, which provides a subset of the traditional userland iconv conversions.
This group of functions provides raw access to I/O ports on architecture that support them. These functions do not allow any coordination with other callers nor is the validity of the port assured in any way. In general, device drivers should use the normal register access routines to access I/O ports. See Device Register Setup and Access for more information on the preferred way to setup and access registers.
inb(9F) | inw(9F) |
inl(9F) | outb(9F) |
outw(9F) | outl(9F) |
These functions are used to raise and lower the internal power levels of a device driver or to indicate to the kernel that the device is busy and therefore cannot have its power changed. See power(9E) for additional information.
ddi_removing_power(9F) | pm_busy_component(9F) |
pm_idle_component(9F) | pm_lower_power(9F) |
pm_power_has_changed(9F) | pm_raise_power(9F) |
pm_trans_check(9F) |
These functions are intended to be used by device drivers that wish to inspect and potentially modify packets along their path through the networking stack. The most common use case is for implementing something like a network firewall. Otherwise, if looking to add support for a new protocol or other network processing feature, one is better off more directly integrating with the networking stack.
To get started, drivers generally will need to first use net_protocol_lookup(9F) to get a handle to say that they're interested in looking at IPv4 or IPv6 traffic and then can allocate an actual hook object with hook_alloc(9F). After filling out the hook, the hook can be inserted into the actual system with net_hook_register(9F).
Hooks operate in the context of a networking stack. Every networking stack in the system is independent and therefore has its own set of interfaces, routing tables, settings, and related. Most zones have their own networking stack. This is the exclusive-IP option that is described in zoneadm(8).
Drivers can register to get a callback for every netstack in the system and be notified when they are created and destroyed. This is done by calling the net_instance_alloc(9F) function, filling out its data structure, and then finally calling net_instance_register(9F). Like other callback interfaces, the moment the callback functions are registered, drivers need to expect that they're going to be called.
Intro(2), Intro(9), Intro(9E), Intro(9S)
illumos Developer's Guide, https://www.illumos.org/books/dev/.
Writing Device Drivers, https://www.illumos.org/books/wdd/.
July 17, 2023 | OmniOS |