On Wed, Oct 04, 2017 at 05:48:38PM -0500, Mario Limonciello wrote:
> For WMI operations that are only Set or Query read or write sysfs
> attributes created by WMI vendor drivers make sense.
>
> For other WMI operations that are run on Method, there needs to be a
> way to guarantee to userspace that the results from the method call
> belong to the data request to the method call. Sysfs attributes don't
> work well in this scenario because two userspace processes may be
> competing at reading/writing an attribute and step on each other's
> data.
And you protect this from happening in the ioctl? I didn't see it, but
ok, I'll take your word for it :)
> When a WMI vendor driver declares an ioctl in a file_operations object
> the WMI bus driver will create a character device that maps to those
> file operations.
>
> That character device will correspond to this path:
> /dev/wmi/$driver
>
> The WMI bus driver will interpret the IOCTL calls, test them for
> a valid instance and pass them on to the vendor driver to run.
>
> This creates an implicit policy that only driver per character
> device. If a module matches multiple GUID's, the wmi_devices
> will need to be all handled by the same wmi_driver if the same
> character device is used.
Interesting "way out" but ok, I can buy it...
> The WMI vendor drivers will be responsible for managing access to
> this character device and proper locking on it.
>
> When a WMI vendor driver is unloaded the WMI bus driver will clean
> up the character device.
>
> Signed-off-by: Mario Limonciello <mario.limonciello@xxxxxxxx>
> ---
> MAINTAINERS | 1 +
> drivers/platform/x86/wmi.c | 67 +++++++++++++++++++++++++++++++++++++++++++++-
> include/linux/wmi.h | 2 ++
> include/uapi/linux/wmi.h | 10 +++++++
> 4 files changed, 79 insertions(+), 1 deletion(-)
> create mode 100644 include/uapi/linux/wmi.h
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 0357e9b1cfaf..6db1d84999bc 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -372,6 +372,7 @@ ACPI WMI DRIVER
> L: platform-driver-x86@xxxxxxxxxxxxxxx
> S: Orphan
> F: drivers/platform/x86/wmi.c
> +F: include/uapi/linux/wmi.h
>
> AD1889 ALSA SOUND DRIVER
> M: Thibaut Varene <T-Bone@xxxxxxxxxxxxxxxx>
> diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c
> index bcb41c1c7f52..5aef052b4aab 100644
> --- a/drivers/platform/x86/wmi.c
> +++ b/drivers/platform/x86/wmi.c
> @@ -38,6 +38,7 @@
> #include <linux/init.h>
> #include <linux/kernel.h>
> #include <linux/list.h>
> +#include <linux/miscdevice.h>
> #include <linux/module.h>
> #include <linux/platform_device.h>
> #include <linux/slab.h>
> @@ -69,6 +70,7 @@ struct wmi_block {
> struct wmi_device dev;
> struct list_head list;
> struct guid_block gblock;
> + struct miscdevice misc_dev;
> struct acpi_device *acpi_device;
> wmi_notify_handler handler;
> void *handler_data;
> @@ -765,22 +767,80 @@ static int wmi_dev_match(struct device *dev, struct device_driver *driver)
> return 0;
> }
>
> +static long wmi_ioctl(struct file *filp, unsigned int cmd,
> + unsigned long arg)
> +{
> + struct wmi_driver *wdriver;
> + struct wmi_block *wblock;
> + const char *driver_name;
> + struct list_head *p;
> + bool found = false;
> +
> + if (_IOC_TYPE(cmd) != WMI_IOC)
> + return -ENOTTY;
> +
> + driver_name = filp->f_path.dentry->d_iname;
> +
> + list_for_each(p, &wmi_block_list) {
> + wblock = list_entry(p, struct wmi_block, list);
> + wdriver = container_of(wblock->dev.dev.driver,
> + struct wmi_driver, driver);
> + if (strcmp(driver_name, wdriver->driver.name) == 0) {
> + found = true;
> + break;
> + }
> + }
You can provide an open() call to handle this type of logic for you, so
you don't have to do it on every ioctl() call, but I guess it's not
really a big deal, right?
> + if (!found ||
> + !wdriver->file_operations ||
> + !wdriver->file_operations->unlocked_ioctl)
> + return -ENODEV;
Shouldn't you check for unlocked_ioctl() already? No need to check it
here, right?
And if you are only passing down unlocked_ioctl, there's no need for a
whole empty file_operations structure in the driver, right? Just have
an ioctl callback to make things smaller and simpler to understand.
> + /* make sure we're not calling a higher instance */
> + if (_IOC_NR(cmd) > wblock->gblock.instance_count)
> + return -EINVAL;
What exactly does this protect from?
> + /* driver wants a character device made */
> + if (wdriver->file_operations) {
Check for unlocked_ioctl here, actually, drop the file_operations
entirely, and just have that one callback.
> + buf = kmalloc(strlen(wdriver->driver.name) + 4, GFP_KERNEL);
> + if (!buf)
> + return -ENOMEM;
No unwinding of other logic needed?
> + strcpy(buf, "wmi/");
> + strcpy(buf + 4, wdriver->driver.name);
> + wblock->misc_dev.minor = MISC_DYNAMIC_MINOR;
> + wblock->misc_dev.name = buf;
> + wblock->misc_dev.fops = &wmi_fops;
> + ret = misc_register(&wblock->misc_dev);
> + if (ret) {
> + dev_warn(dev, "failed to register char dev: %d", ret);
> + kfree(buf);
Again, no unwinding needed? Error message value returned?
> + }
> + }
> +
> if (wdriver->probe) {
> ret = wdriver->probe(dev_to_wdev(dev));
> if (ret != 0 && ACPI_FAILURE(wmi_method_enable(wblock, 0)))
> dev_warn(dev, "failed to disable device\n");
> }
> -
> return ret;
> }
>
> @@ -791,6 +851,11 @@ static int wmi_dev_remove(struct device *dev)
> container_of(dev->driver, struct wmi_driver, driver);
> int ret = 0;
>
> + if (wdriver->file_operations) {
> + kfree(wblock->misc_dev.name);
> + misc_deregister(&wblock->misc_dev);
Unregister before freeing the device name, right?
> --- /dev/null
> +++ b/include/uapi/linux/wmi.h
> @@ -0,0 +1,10 @@
> +#ifndef _UAPI_LINUX_WMI_H
> +#define _UAPI_LINUX_WMI_H
> +
> +#define WMI_IOC 'W'
> +#define WMI_IO(instance) _IO(WMI_IOC, instance)
> +#define WMI_IOR(instance) _IOR(WMI_IOC, instance, void*)
> +#define WMI_IOW(instance) _IOW(WMI_IOC, instance, void*)
> +#define WMI_IOWR(instance) _IOWR(WMI_IOC, instance, void*)
Ugh, void *, this is going to be "fun"...
My comments on just how fun is left for the actual driver that attempted
to implement these...
greg k-h
