linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Linus Walleij <linus.walleij@linaro.org>
To: "Enrico Weigelt, metux IT consult" <lkml@metux.net>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	Mika Westerberg <mika.westerberg@linux.intel.com>,
	zhuchangchun <zhuchangchun@cvte.com>,
	"open list:GPIO SUBSYSTEM" <linux-gpio@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	hendychu@aliyun.com,
	Bartosz Golaszewski <bgolaszewski@baylibre.com>
Subject: Re: [PATCH] pinctrl: intel: Implements gpio free function
Date: Thu, 4 Apr 2019 23:03:42 +0700	[thread overview]
Message-ID: <CACRpkdYNN1Zyhw5+4=R68SQNMe_ZVWPD49afF3xEN-v39aikKw@mail.gmail.com> (raw)
In-Reply-To: <cb643914-2c3f-0c63-13e4-8171fa9a37e7@metux.net>

On Thu, Apr 4, 2019 at 5:51 PM Enrico Weigelt, metux IT consult
<lkml@metux.net> wrote:
> On 03.04.19 06:13, Linus Walleij wrote:
>
> > But the chardev on the other hand will protect you from all this.
> > If the program crashes, the lines will be free:ed.
> > If two scripts try to access the same GPIO, they will be denied.

> Right, when you want this concurrency protection and cleanup stiff
> the chardev is the better choice. But I've already had several cases
> where the simplicity of the sysfs interface is a big win - all you need
> few trivial fs operations.

It is admittedly a tradeoff. But if we want something that is hacky
and dangerous it should be moved over to debugfs not sitting
around in sysfs. In debugfs we give users enough rope all the
time.

> Another interesting usecase is permission handling:
>
> a) some ioctls need special privileges (oh, how I hate all these "if
>    (!capable(CAP_SYS_ADMIN)) ..." lines in the drivers), but you wanna
>    give some unprivileged user access to them
> b) you wanna give an unprivileged user access to specific gpio's,
>    but not to all at once.
>
> With pure filesystem based approach, you can easly define permissions
> for each filesystem object.

This was a comment when we designed the chardev as well, but
noone really could give a good usecase for this. Often GPIOs they
want to protect should not have been made available to userspace
or anyone else in the first place and we now have ways inside
the kernel to take GPIOs aside (valid_mask) we can also use
hogs (at least in the device tree) to set up GPIOs so that they are
held perpetually by the kernel (until reboot) so that userspace
cannot try to use them.

I can't see that any more access control granularity than the
whole gpiochip chardev is really used, not anymore than
you want to have access control on every indidual pixel on
a framebuffer or each individual block on a block device.

Things like requesting and flipping several GPIOs at once
could become explosively complex to implement with
individual access permissions on each GPIO line, and this
is on the other hand a very real and important use case.

Yours,
Linus Walleij

  parent reply	other threads:[~2019-04-04 16:03 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-21  2:35 [PATCH] pinctrl: intel: Implements gpio free function zhuchangchun
2019-03-21  8:44 ` Mika Westerberg
2019-03-21  9:23   ` Andy Shevchenko
2019-03-22 18:32     ` Enrico Weigelt, metux IT consult
2019-03-22 19:06       ` Andy Shevchenko
2019-03-25  9:36         ` Enrico Weigelt, metux IT consult
2019-03-25 11:45           ` Andy Shevchenko
2019-04-03  4:13       ` Linus Walleij
2019-04-04 10:51         ` Enrico Weigelt, metux IT consult
2019-04-04 11:52           ` Andy Shevchenko
2019-04-04 16:03           ` Linus Walleij [this message]
     [not found]   ` <2019032119195575582546@cvte.com>
2019-03-21 12:03     ` Mika Westerberg
     [not found]       ` <2019032120213955866649@cvte.com>
2019-03-21 12:36         ` Mika Westerberg
     [not found]           ` <2019032121342663125658@cvte.com>
2019-03-21 13:56             ` Mika Westerberg
     [not found]               ` <2019032211131426883268@cvte.com>
2019-03-22 10:42                 ` Mika Westerberg
     [not found]                   ` <2019032314505202825175@cvte.com>
2019-03-23 16:48                     ` andriy.shevchenko
     [not found]                       ` <2019032517511048990383@cvte.com>
2019-03-25 11:48                         ` andriy.shevchenko
2019-03-22 18:35               ` Enrico Weigelt, metux IT consult

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACRpkdYNN1Zyhw5+4=R68SQNMe_ZVWPD49afF3xEN-v39aikKw@mail.gmail.com' \
    --to=linus.walleij@linaro.org \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=bgolaszewski@baylibre.com \
    --cc=hendychu@aliyun.com \
    --cc=linux-gpio@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lkml@metux.net \
    --cc=mika.westerberg@linux.intel.com \
    --cc=zhuchangchun@cvte.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).