Hi Phil,
On Wed, Jul 10, 2019 at 4:00 AM Phil Reid <address@hidden> wrote:
On 6/07/2019 00:05, Geert Uytterhoeven wrote:
GPIO controllers are exported to userspace using /dev/gpiochip*
character devices. Access control to these devices is provided by
standard UNIX file system permissions, on an all-or-nothing basis:
either a GPIO controller is accessible for a user, or it is not.
Currently no mechanism exists to control access to individual GPIOs.
Hence add a virtual GPIO driver to aggregate existing GPIOs (up to 32),
and expose them as a new gpiochip. This is useful for implementing
access control, and assigning a set of GPIOs to a specific user.
Furthermore, it would simplify and harden exporting GPIOs to a virtual
machine, as the VM can just grab the full virtual GPIO controller, and
no longer needs to care about which GPIOs to grab and which not,
reducing the attack surface.
Virtual GPIO controllers are instantiated by writing to the "new_device"
attribute file in sysfs:
$ echo "<gpiochipA> <gpioA1> [<gpioA2> ...]"
"[, <gpiochipB> <gpioB1> [<gpioB2> ...]] ...]"
> /sys/bus/platform/drivers/gpio-virt-agg/new_device
Likewise, virtual GPIO controllers can be destroyed after use:
$ echo gpio-virt-agg.<N> \
> /sys/bus/platform/drivers/gpio-virt-agg/delete_device
Nice.
This provides similar functionality to the "gpio inverter" driver currently on
the list.
Other than being just a buffer.
Indeed, both drivers forward GPIO calls, but the gpio inverter modifies
some parameters passed.
The way the drivers obtain references to GPIOs is different, though: the
inverter driver obtains a fixed description from DT, while the virtual
aggregator receives the description at runtime, from sysfs.
But perhaps both drivers could share some code?