字符设备驱动（6）

接上一篇，这次主要实现和测试ioctl接口，但还不是很完整。ioctl基本上就是device的私有接口，程序员自定义。

$ cat mychar.h
#ifndef MYCHAR_H
#define MYCHAR_H
#include <uapi/asm-generic/ioctl.h>

struct ioc_read {
    size_t skip;
    char content[64];
};

#define MYCHAR_IOC_MAGIC  'Z'
#define MYCHAR_IOC_RESET  _IO(MYCHAR_IOC_MAGIC, 0)
#define MYCHAR_IOC_QUERY  _IOR(MYCHAR_IOC_MAGIC, 1, unsigned long)
#define MYCHAR_IOC_SET    _IOW(MYCHAR_IOC_MAGIC, 2, unsigned long)
#define MYCHAR_IOC_QNS    _IOWR(MYCHAR_IOC_MAGIC, 3, unsigned long)
#define MYCHAR_IOC_READ   _IOR(MYCHAR_IOC_MAGIC, 4, struct ioc_read)
#define MYCHAR_IOC_QUERY2 _IOR(MYCHAR_IOC_MAGIC, 5, unsigned long)
#define MYCHAR_IOC_CLS    _IO(MYCHAR_IOC_MAGIC, 6)
#define MYCHAR_IOC_CNS    _IOW(MYCHAR_IOC_MAGIC, 7, unsigned long)
#define MYCHAR_IOC_MAXNR  7

#endif

magic number是顺便选的，Linux建议全系统所有ioctl命令都唯一，这部分还没有很好的理解。magic number这么窄，很容易重复啊！

用来定义ioctl命令的macro，在include/uapi/asm-generic/ioctl.h文件中！所有命令都是32bit。建议使用这些macro来定义ioctl命令，一个好处是strace的输出可以看到命令的性质，比如read or write or both。

$ cat mychar.c
#define pr_fmt(fmt) "%s:%s:%d: " fmt, KBUILD_MODNAME, __func__, __LINE__

#include <linux/init.h>
#include <linux/module.h>
#include <linux/fs.h>
#include <linux/cdev.h>
#include <linux/slab.h>
#include "mychar.h"

MODULE_LICENSE("GPL");

#define MINOR_FIRST   3
#define MINOR_NUM     4
#define DEFAULT_LEN   (1024*4)

static unsigned int major = 0;
static unsigned int minor_pos = 0; /* count of successful cdev_add */

static unsigned long init_content_len = DEFAULT_LEN;
module_param(init_content_len, ulong, S_IRUGO);

struct file_operations mychar_fop;
struct mychar_dev {
    char *cont;
    size_t len;
    unsigned long content_len;
    struct semaphore sema;
    struct cdev mycdev;
} *pmychar = NULL;


int mychar_open(struct inode *inode, struct file *fp) {
    unsigned int flags;

    /* check flags */
    flags = fp->f_flags & O_ACCMODE;
    if ((flags != O_RDONLY) && (flags != O_WRONLY))
        return -EPERM;  // operation not permitted

    fp->private_data = (void *)container_of(inode->i_cdev,
                                            struct mychar_dev, mycdev);
    return 0;
}


int mychar_release(struct inode *inode, struct file *fp) {
    return 0;
}


ssize_t mychar_read(struct file *fp, char __user *buf,
                    size_t count, loff_t *f_pos) {
    unsigned long left;
    struct mychar_dev *dev=(struct mychar_dev *)fp->private_data;

    if (down_interruptible(&dev->sema))
        return -ERESTARTSYS;

    pr_info("read called, count %zu.\n", count);

    if (*f_pos >= dev->len) {
        pr_info("read call end, return count 0.\n");
        up(&dev->sema);
        return 0;
    }

    /* update count if reach end */
    if ((*f_pos+count) > dev->len)
        count = dev->len - *f_pos;

    /* must use copy_to_user, can't derefer user-space */
    if ((left = copy_to_user(buf,dev->cont+*f_pos,count))) {
        if (left != count) {
            count -= left;
            pr_err("copy_to_user return less than count!\n");
        }
        else {
            up(&dev->sema);
            return -EFAULT;
        }
    }

    /* update *f_pos */
    *f_pos += count;

    /* return how many char readed */
    pr_info("read call end, return count %zu.\n", count);
    up(&dev->sema);
    return count;
}


ssize_t mychar_write(struct file *fp, const char __user *buf,
                     size_t count, loff_t *f_pos) {
    unsigned long left;
    struct mychar_dev *dev=(struct mychar_dev *)fp->private_data;

    if (down_interruptible(&dev->sema))
        return -ERESTARTSYS;

    pr_info("write called, count %zu, *f_pos=%lld.\n", count, *f_pos);

    if (*f_pos >= dev->content_len) {
        pr_info("write call end, return count 0.\n");
        up(&dev->sema);
        return -ENOSPC;
    }

    if ((*f_pos+count) > dev->content_len)
        count = dev->content_len - *f_pos;

    if ((left = copy_from_user(dev->cont+*f_pos,buf,count))) {
        if (left != count) {
            count -= left;
            pr_err("copy_from_user return less than count!\n");
        }
        else {
            up(&dev->sema);
            return -EFAULT;
        }
    }

    *f_pos += count;
    if (dev->len < *f_pos)
        dev->len = *f_pos;  // update real length
    pr_info("write call end, return count %zu.\n", count);
    up(&dev->sema);
    return count;
}


loff_t mychar_llseek(struct file *fp, loff_t offs, int whence) {
    struct mychar_dev *dev=(struct mychar_dev *)fp->private_data;
    loff_t pos;

    pr_info("seek called, offset = %lld, whence = %d\n", offs, whence);

    switch (whence) {
        case 0:  // SEEK_SET
            pos = offs;
            break;
        case 1:  // SEEK_CUR
            pos = fp->f_pos + offs;
            break;
        case 2:  // SEEK_END
            pos = dev->len + offs;
            break;
        default:
            return -EINVAL;
    }

    if (pos < 0) return -EINVAL;
    /* modify fp->f_pos directly here */
    fp->f_pos = pos;
    pr_info("new position: %lld\n", pos);
    return pos;
}


long mychar_ioctl(struct file *fp, unsigned int cmd, unsigned long arg) {
    struct mychar_dev *dev=(struct mychar_dev *)fp->private_data;
    char *tmp;
    int rtv;
    unsigned long tmpul;

    pr_info("ioctl, cmd = 0x%X\n", cmd);

    /* check type(magic) and cmd number */
    if ((_IOC_TYPE(cmd) != MYCHAR_IOC_MAGIC) 
            || (_IOC_NR(cmd) > MYCHAR_IOC_MAXNR))
        return -ENOTTY;

    /* check user space */
    if (!access_ok((void __user *)arg, _IOC_SIZE(cmd)))
        return -EFAULT;

    pr_info("access_ok passed, switch ioctl command\n");

    switch (cmd) {
        case MYCHAR_IOC_RESET:
            if ((tmp=kmalloc(DEFAULT_LEN,GFP_KERNEL)) == NULL)
                return -ENOMEM;
            if (dev->cont != NULL)
                kfree(dev->cont);
            dev->cont = tmp;
            memset(dev->cont, 0, DEFAULT_LEN);
            dev->content_len = DEFAULT_LEN;
            dev->len = 0;
            break;

        case MYCHAR_IOC_QUERY:
            return __put_user(dev->content_len, (long __user *)arg);

        case MYCHAR_IOC_QUERY2:
            return dev->content_len;

        case MYCHAR_IOC_SET:
            if ((rtv=__get_user(tmpul, (long __user *)arg)))
                return rtv;
            pr_info("get_user tmpul = %lu\n", tmpul);
            if ((tmp=kmalloc(tmpul,GFP_KERNEL)) == NULL)
                return -ENOMEM;
            if (dev->cont != NULL)
                kfree(dev->cont);
            dev->cont = tmp;
            memset(dev->cont, 0, tmpul);
            dev->content_len = tmpul;
            dev->len = 0;
            break;

        case MYCHAR_IOC_QNS:
            if ((rtv=__get_user(tmpul, (long __user *)arg)))
                return rtv;
            pr_info("get_user tmpul = %lu\n", tmpul);
            if ((tmp=kmalloc(tmpul,GFP_KERNEL)) == NULL)
                return -ENOMEM;
            if (dev->cont != NULL)
                kfree(dev->cont);
            dev->cont = tmp;
            memset(dev->cont, 0, tmpul);
            dev->len = 0;
            if ((rtv=__put_user(dev->content_len, (long __user *)arg))) {
                dev->content_len = tmpul;
                return rtv;
            }
            dev->content_len = tmpul;
            break;

        case MYCHAR_IOC_CLS:
            if (dev->cont != NULL) {
                kfree(dev->cont);
                dev->cont = NULL;
            }
            dev->content_len = 0;
            dev->len = 0;
            break;

        case MYCHAR_IOC_CNS:
            if ((rtv=__get_user(tmpul, (long __user *)arg)))
                return rtv;
            pr_info("get_user tmpul = %lu\n", tmpul);
            if (dev->cont != NULL) {
                kfree(dev->cont);
                dev->content_len = 0;
                dev->len = 0;
            }
            if ((tmp=kmalloc(tmpul,GFP_KERNEL)) == NULL) {
                dev->content_len = 0;
                return -ENOMEM;
            }
            dev->cont = tmp;
            memset(dev->cont, 0, tmpul);
            dev->content_len = tmpul;
            break;

        case MYCHAR_IOC_READ:
            break;

        default:
            return -ENOTTY;
    }

    return 0;
}


struct file_operations mychar_fop = {
    .owner   = THIS_MODULE,
    .open    = mychar_open,
    .release = mychar_release,
    .read    = mychar_read,
    .write   = mychar_write,
    .llseek  = mychar_llseek,
    .unlocked_ioctl = mychar_ioctl,
};


static void mychar_exit(void) {
    int i;

    if (pmychar != NULL) {
        for (i=0; i<MINOR_NUM; ++i)
            if (pmychar[i].cont != NULL) kfree(pmychar[i].cont);
        for (i=0; i<minor_pos; ++i)
            cdev_del(&pmychar[i].mycdev);
        kfree(pmychar);
    }
    unregister_chrdev_region(MKDEV(major,MINOR_FIRST), MINOR_NUM);
    pr_notice("exit.\n");
}


static int __init mychar_init(void) {
    int rn, i;
    dev_t dev;

    /* get a major number */
    if ((rn = alloc_chrdev_region(&dev,MINOR_FIRST,MINOR_NUM,"mychar"))) {
        pr_warn("can't get major number, err %d.\n", rn);
        return rn;
    }
    major = MAJOR(dev);
    pr_info("major is %d, %d minor start from %d.\n",
                major, MINOR_NUM, MINOR_FIRST);

    /* alloc mychar, init mutex */
    pmychar = kmalloc(MINOR_NUM*sizeof(struct mychar_dev), GFP_KERNEL);
    if (pmychar == NULL) {
        mychar_exit();
        return -ENOMEM;
    }
    memset(pmychar, 0, MINOR_NUM*sizeof(struct mychar_dev));
    for (i=0; i<MINOR_NUM; ++i) {
        if ((pmychar[i].cont=kmalloc(init_content_len,GFP_KERNEL)) == NULL) {
            mychar_exit();
            return -ENOMEM;
        }
        sema_init(&pmychar[i].sema, 1); // 1 is for mutex
        pmychar[i].content_len = init_content_len;
    }
    pr_info("alloc %lu bytes memory for all successfully.\n",init_content_len);

    /* init and add cdev */
    for (i=0; i<MINOR_NUM; ++i) {
        cdev_init(&pmychar[i].mycdev, &mychar_fop);
        if((rn = cdev_add(&pmychar[i].mycdev,MKDEV(major,MINOR_FIRST+i),1))){
            pr_err("cdev_add err %d, minor %d.\n", rn, i+MINOR_FIRST);
            mychar_exit();
            return rn;
        }
        ++minor_pos;
    }
    pr_notice("%d devices added successfully.\n", minor_pos);

    /* success return */
    return 0;
}


module_init(mychar_init);
module_exit(mychar_exit);

实现的ioctl，主要就是设定或清除device中的内存块，因此在mychar_dev结构体中，单独定义每个device的总长度content_len，因为通过ioctl，它们很可能会不一样。

在ioctl实现的函数中，首先判断命令是否属于自己，然后用access_ok函数检查用户空间是否可访问。后面是个switch结构，基本上就是__put_user和__get_user。如果不提前做access_ok，可以使用包含检查的put_user和get_user。基本上1,2,4,8字节这样的C基础类型，就用这组接口来实现kernel space和user space之间的数据传递。

比较容易犯的编码错误，是在kfree之前，没有检查指针是否为NULL！

另外，注意一下MYCHAR_IOC_QUERY和MYCHAR_IOC_QUERY2的实现的区别，两种实现方式都OK，前者似乎更好！

这次还是用Python的ioctl接口做测试，这样就不能直接使用mychar.h文件，要使用命令的值，为此我专门写了个程序，将所有的命令值打印出来：

$ cat mychar_showcmd.c
#include <stdio.h>
#include "mychar.h"


int main(void) {
    printf("MYCHAR_IOC_RESET:0x%X\n", MYCHAR_IOC_RESET);
    printf("MYCHAR_IOC_QUERY:0x%X\n", (unsigned int)MYCHAR_IOC_QUERY);
    printf("MYCHAR_IOC_SET:0x%X\n", (unsigned int)MYCHAR_IOC_SET);
    printf("MYCHAR_IOC_QNS:0x%X\n", (unsigned int)MYCHAR_IOC_QNS);
    printf("MYCHAR_IOC_READ:0x%X\n", (unsigned int)MYCHAR_IOC_READ);
    printf("MYCHAR_IOC_QUERY2:0x%X\n", (unsigned int)MYCHAR_IOC_QUERY2);
    printf("MYCHAR_IOC_CLS:0x%X\n", (unsigned int)MYCHAR_IOC_CLS);
    printf("MYCHAR_IOC_CNS:0x%X\n", (unsigned int)MYCHAR_IOC_CNS);
    return 0;
}

编译的时候，用gcc的-I选项，指定<uapi/asm-generic/ioctl.h>文件的路径：

$ gcc -Wall -Wextra -I/home/xinlin/sources/linux-5.14.14/include mychar_showcmd.c -o showcmd
$ ./showcmd
MYCHAR_IOC_RESET:0x5A00
MYCHAR_IOC_QUERY:0x80085A01
MYCHAR_IOC_SET:0x40085A02
MYCHAR_IOC_QNS:0xC0085A03
MYCHAR_IOC_READ:0x80485A04
MYCHAR_IOC_QUERY2:0x80085A05
MYCHAR_IOC_CLS:0x5A06
MYCHAR_IOC_CNS:0x40085A07

$ cat test_ioctl.py
from fcntl import ioctl
import sys
from sys import byteorder
from ctypes import c_long, sizeof


param_len = sizeof(c_long)
MYCHAR_IOC_RESET = 0x5A00
MYCHAR_IOC_QUERY = 0x80085A01
MYCHAR_IOC_SET = 0x40085A02
MYCHAR_IOC_QNS = 0xC0085A03
MYCHAR_IOC_QUERY2 = 0x80085A05
MYCHAR_IOC_CLS = 0x5A06
MYCHAR_IOC_CNS = 0x40085A07


f = open(sys.argv[1])
assert ioctl(f, MYCHAR_IOC_QUERY2) == 1024
ioctl(f, MYCHAR_IOC_RESET)
assert ioctl(f, MYCHAR_IOC_QUERY2) == 4096
a = bytearray((param_len))
ioctl(f, MYCHAR_IOC_QUERY, a)
assert int.from_bytes(a, byteorder) == 4096
a = bytearray(int.to_bytes(1234,param_len,byteorder))
ioctl(f, MYCHAR_IOC_SET, a)
assert ioctl(f, MYCHAR_IOC_QUERY2) == 1234
a = bytearray(int.to_bytes(2345,param_len,byteorder))
ioctl(f, MYCHAR_IOC_QNS, a)
assert int.from_bytes(a, byteorder) == 1234
assert ioctl(f, MYCHAR_IOC_QUERY2) == 2345
ioctl(f, MYCHAR_IOC_CLS)
assert ioctl(f, MYCHAR_IOC_QUERY2) == 0
a = bytearray(int.to_bytes(1234,param_len,byteorder))
ioctl(f, MYCHAR_IOC_SET, a)
assert ioctl(f, MYCHAR_IOC_QUERY2) == 1234
a = bytearray(int.to_bytes(2345,param_len,byteorder))
ioctl(f, MYCHAR_IOC_CNS, a)
assert ioctl(f, MYCHAR_IOC_QUERY2) == 2345

《LDD3》有一段介绍fcntl和ioctl的历史渊源，说明了为什么遇到不正确的ioctl命令时，要返回-ENOTTY：