Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2597629pxb;
        Sun, 28 Feb 2021 06:40:38 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzWc7DXUMtyrcaFtgsr9jdm+ZqKL0FzGJxh8F9pp5GSOx2mwL5L8JqqWA+8bpNbKQFy3jlh
X-Received: by 2002:aa7:dad3:: with SMTP id x19mr8764591eds.325.1614523238015;
        Sun, 28 Feb 2021 06:40:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614523238; cv=none;
        d=google.com; s=arc-20160816;
        b=eY2fA+cti8PhO86bNNcV0X+StoZS2o3YIXuTQwsUkTzx3U+Q+6jgRIkRuxDzOziofD
         pPueOGhF7AeXidsSKg14NkpopHsV/ONYhdq3/rX2rUODCh0HWhem8RgL/b3+U3O/Cysq
         PTPlQRsS7J29q/JNq2Az1DkNYpADuxDJJL6ugM3Bi153aiPZChy9Yjn9EkmFTS7BKpzu
         hc9BVBueqYXoNwrc9CuPf4pfBhHYRGF7uAt60YIhdla1WxfJViTPYQ/ZwmBLqQLPXQlF
         tTm4IwzfeXufSgZjEFVqq6I7i7KysONg+9Hx3JXyuFvlkBdJvnPcFn0/P9FasROPMIF3
         6O0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date;
        bh=3ARoX2iYMy9+A2tpRLFYlcHaN9+dQ3mgkhd4EdabpY4=;
        b=E12FXsJo3Qg0MoBgtMbwjAaqHsowuJiplRGuafXGomd/ioIUguvPpKM+weA0/AoUze
         Hwy4zSddw473iVtRgmhBW4DmgDX7lCfJt/sSZnHsxgr1RezyAK3G9q9Pvp7Mdx/V/5kO
         dTmAUlfzNF/PPXlYkBJJdAtnswhoDRA5LN5iXeyaohrpYyUWgQw8cUfcmEX5x+xYz8Be
         Uq5kUnHk5v70Q8voLUheW7VRiePdC8tJI7gK+3omPYrmvNdEMqDBHg9GF2uEE3BhDFGN
         AGL3EfGCF51CPv9tUbMtIYgcPpYr5j1lYOjxJKDHw1zfX4RLnXaJZiQqFRx48GfYiVkx
         hYIg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id o10si9474192ejn.701.2021.02.28.06.40.15;
        Sun, 28 Feb 2021 06:40:38 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230161AbhB1OgV (ORCPT <rfc822;luigi.mantellini.ml@gmail.com>
        + 99 others); Sun, 28 Feb 2021 09:36:21 -0500
Received: from frasgout.his.huawei.com ([185.176.79.56]:2610 "EHLO
        frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229715AbhB1OgU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 28 Feb 2021 09:36:20 -0500
Received: from fraeml741-chm.china.huawei.com (unknown [172.18.147.207])
        by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4DpQlZ07Z5z67tHs;
        Sun, 28 Feb 2021 22:30:02 +0800 (CST)
Received: from lhreml710-chm.china.huawei.com (10.201.108.61) by
 fraeml741-chm.china.huawei.com (10.206.15.222) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2106.2; Sun, 28 Feb 2021 15:35:38 +0100
Received: from localhost (10.47.88.221) by lhreml710-chm.china.huawei.com
 (10.201.108.61) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Sun, 28 Feb
 2021 14:35:37 +0000
Date:   Sun, 28 Feb 2021 14:34:29 +0000
From:   Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To:     Lars-Peter Clausen <lars@metafoo.de>
CC:     Alexandru Ardelean <alexandru.ardelean@analog.com>,
        <linux-kernel@vger.kernel.org>, <linux-iio@vger.kernel.org>,
        <Michael.Hennerich@analog.com>, <jic23@kernel.org>,
        <nuno.sa@analog.com>, <dragos.bogdan@analog.com>
Subject: Re: [PATCH v6 20/24] iio: buffer: add ioctl() to support opening
 extra buffers for IIO device
Message-ID: <20210228143429.00001f01@Huawei.com>
In-Reply-To: <877ca331-1a56-1bd3-6637-482bbf060ba9@metafoo.de>
References: <20210215104043.91251-1-alexandru.ardelean@analog.com>
        <20210215104043.91251-21-alexandru.ardelean@analog.com>
        <877ca331-1a56-1bd3-6637-482bbf060ba9@metafoo.de>
Organization: Huawei Technologies Research and Development (UK) Ltd.
X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; i686-w64-mingw32)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.47.88.221]
X-ClientProxiedBy: lhreml718-chm.china.huawei.com (10.201.108.69) To
 lhreml710-chm.china.huawei.com (10.201.108.61)
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, 28 Feb 2021 09:51:38 +0100
Lars-Peter Clausen <lars@metafoo.de> wrote:

> On 2/15/21 11:40 AM, Alexandru Ardelean wrote:
> > With this change, an ioctl() call is added to open a character device for a
> > buffer. The ioctl() number is 'i' 0x91, which follows the
> > IIO_GET_EVENT_FD_IOCTL ioctl.
> >
> > The ioctl() will return an FD for the requested buffer index. The indexes
> > are the same from the /sys/iio/devices/iio:deviceX/bufferY (i.e. the Y
> > variable).
> >
> > Since there doesn't seem to be a sane way to return the FD for buffer0 to
> > be the same FD for the /dev/iio:deviceX, this ioctl() will return another
> > FD for buffer0 (or the first buffer). This duplicate FD will be able to
> > access the same buffer object (for buffer0) as accessing directly the
> > /dev/iio:deviceX chardev.
> >
> > Also, there is no IIO_BUFFER_GET_BUFFER_COUNT ioctl() implemented, as the
> > index for each buffer (and the count) can be deduced from the
> > '/sys/bus/iio/devices/iio:deviceX/bufferY' folders (i.e the number of
> > bufferY folders).
> >
> > Used following C code to test this:
> > -------------------------------------------------------------------
> >
> >   #include <stdio.h>
> >   #include <stdlib.h>
> >   #include <unistd.h>
> >   #include <sys/ioctl.h>
> >   #include <fcntl.h"
> >   #include <errno.h>
> >
> >   #define IIO_BUFFER_GET_FD_IOCTL      _IOWR('i', 0x91, int)
> >
> > int main(int argc, char *argv[])
> > {
> >          int fd;
> >          int fd1;
> >          int ret;
> >
> >          if ((fd = open("/dev/iio:device0", O_RDWR))<0) {
> >                  fprintf(stderr, "Error open() %d errno %d\n",fd, errno);
> >                  return -1;
> >          }
> >
> >          fprintf(stderr, "Using FD %d\n", fd);
> >
> >          fd1 = atoi(argv[1]);
> >
> >          ret = ioctl(fd, IIO_BUFFER_GET_FD_IOCTL, &fd1);
> >          if (ret < 0) {
> >                  fprintf(stderr, "Error for buffer %d ioctl() %d errno %d\n", fd1, ret, errno);
> >                  close(fd);
> >                  return -1;
> >          }
> >
> >          fprintf(stderr, "Got FD %d\n", fd1);
> >
> >          close(fd1);
> >          close(fd);
> >
> >          return 0;
> > }
> > -------------------------------------------------------------------
> >
> > Results are:
> > -------------------------------------------------------------------
> >   # ./test 0
> >   Using FD 3
> >   Got FD 4
> >
> >   # ./test 1
> >   Using FD 3
> >   Got FD 4
> >
> >   # ./test 2
> >   Using FD 3
> >   Got FD 4
> >
> >   # ./test 3
> >   Using FD 3
> >   Got FD 4
> >
> >   # ls /sys/bus/iio/devices/iio\:device0
> >   buffer  buffer0  buffer1  buffer2  buffer3  dev
> >   in_voltage_sampling_frequency  in_voltage_scale
> >   in_voltage_scale_available
> >   name  of_node  power  scan_elements  subsystem  uevent
> > -------------------------------------------------------------------
> >
> > iio:device0 has some fake kfifo buffers attached to an IIO device.  
> 
> For me there is one major problem with this approach. We only allow one 
> application to open /dev/iio:deviceX at a time. This means we can't have 
> different applications access different buffers of the same device. I 
> believe this is a circuital feature.

Thats not quite true (I think - though I've not tested it).  What we don't
allow is for multiple processes to access them in an unaware fashion.
My assumption is we can rely on fork + fd passing via appropriate sockets.

> 
> It is possible to open the chardev, get the annonfd, close the chardev 
> and keep the annonfd open. Then the next application can do the same and 
> get access to a different buffer. But this has room for race conditions 
> when two applications try this at the very same time.
> 
> We need to somehow address this.

I'd count this as a bug :).  It could be safely done in a particular custom
system but in general it opens a can of worm.

> 
> I'm also not much of a fan of using ioctls to create annon fds. In part 
> because all the standard mechanisms for access control no longer work.

The inability to trivially have multiple processes open the anon fds
without care is one of the things I like most about them.

IIO drivers and interfaces really aren't designed for multiple unaware
processes to access them.  We don't have per process controls for device
wide sysfs attributes etc.  In general, it would be hard to
do due to the complexity of modeling all the interactions between the
different interfaces (events / buffers / sysfs access) in a generic fashion.

As such, the model, in my head at least, is that we only want a single
process to ever be responsible for access control.  That process can then
assign access to children or via a deliberate action (I think passing the
anon fd over a unix socket should work for example).  The intent being
that it is also responsible for mediating access to infrastructure that
multiple child processes all want to access.

As such, having one chrdev isn't a disadvantage because only one process
should ever open it at a time.  This same process also handles the
resource / control mediation.  Therefore we should only have one file
exposed for all the standard access control mechanisms.

Jonathan