| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jul 2019 11:27:43 +0200
From: Bartosz Golaszewski <bgolaszewski@...libre.com>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Geert Uytterhoeven <geert+renesas@...der.be>,
Linus Walleij <linus.walleij@...aro.org>,
Alexander Graf <agraf@...e.de>,
Peter Maydell <peter.maydell@...aro.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Magnus Damm <magnus.damm@...il.com>,
linux-gpio <linux-gpio@...r.kernel.org>,
QEMU Developers <qemu-devel@...gnu.org>,
Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC] gpio: Add Virtual Aggregator GPIO Driver
wt., 9 lip 2019 o 17:59 Geert Uytterhoeven <geert@...ux-m68k.org> napisał(a):
>
> Hi Bartosz,
>
> On Tue, Jul 9, 2019 at 4:59 PM Bartosz Golaszewski
> <bgolaszewski@...libre.com> wrote:
> > pon., 8 lip 2019 o 12:24 Geert Uytterhoeven <geert@...ux-m68k.org> napisał(a):
> > > On Mon, Jul 8, 2019 at 11:45 AM Bartosz Golaszewski
> > > <bgolaszewski@...libre.com> wrote:
> > > > pt., 5 lip 2019 o 18:05 Geert Uytterhoeven <geert+renesas@...der.be> napisał(a):
> > > > > GPIO controllers are exported to userspace using /dev/gpiochip*
> > > > > character devices. Access control to these devices is provided by
> > > > > standard UNIX file system permissions, on an all-or-nothing basis:
> > > > > either a GPIO controller is accessible for a user, or it is not.
> > > > > Currently no mechanism exists to control access to individual GPIOs.
> > > > >
> > > > > Hence add a virtual GPIO driver to aggregate existing GPIOs (up to 32),
> > > > > and expose them as a new gpiochip. This is useful for implementing
> > > > > access control, and assigning a set of GPIOs to a specific user.
> > > > > Furthermore, it would simplify and harden exporting GPIOs to a virtual
> > > > > machine, as the VM can just grab the full virtual GPIO controller, and
> > > > > no longer needs to care about which GPIOs to grab and which not,
> > > > > reducing the attack surface.
> > > > >
> > > > > Virtual GPIO controllers are instantiated by writing to the "new_device"
> > > > > attribute file in sysfs:
> > > > >
> > > > > $ echo "<gpiochipA> <gpioA1> [<gpioA2> ...]"
> > > > > "[, <gpiochipB> <gpioB1> [<gpioB2> ...]] ...]"
> > > > > > /sys/bus/platform/drivers/gpio-virt-agg/new_device
> > > > >
> > > > > Likewise, virtual GPIO controllers can be destroyed after use:
> > > > >
> > > > > $ echo gpio-virt-agg.<N> \
> > > > > > /sys/bus/platform/drivers/gpio-virt-agg/delete_device
>
> > Am I doing it right? I'm trying to create a device and am only getting this:
> >
> > # echo gpiochip2 23 > new_device
> > [ 707.507039] gpio-virt-agg gpio-virt-agg.0: Cannot find gpiochip gpiochip2
> >
> > gpiochip2 *does* exist in the system.
>
> Please try the name of the platform device instead.
> I.e. for my koelsch (R-Car M2-W), it needs "e6052000.gpio" instead
> of "gpiochip2".
>
> Probably the driver should match on both.
>
> > I see. I'll try to review it more thoroughly once I get to play with
> > it. So far I'm stuck on creating the virtual chip.
>
> Thanks, good luck!
>
This is not a show-stopper but one thing that's bothering me in this
is that lines used by the aggregator are considered 'used' in regard
to the original chip. I'm wondering how much effort would it take to
have them be 'muxed' into two (real and virtual) chips at once.
Other than that - seems to works pretty nice other than the matching
by chip name and by line names.
Bart
> Gr{oetje,eeting}s,
>
> Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
> -- Linus Torvalds
Powered by blists - more mailing lists