Linux Device Driver Learning (11)-Device Access Control

Access Control of Device Files: exclusive devices, restrict access by only one user (Single User Access) at a time, block user access, and copy the device when the device is turned on.

Exclusive devices are mainly used to allow drivers to maintain a atomic_t variable. This variable is initialized to 1, indicating that it is available. When open is enabled, it is reduced and scull_s_available is tested, the device is denied when other processes open the device. Sample Code:

Static atomic_t scull_s_available = atomic_init (1 );

Static int scull_s_open (struct inode * inode, struct file * filp)

{

Struct scull_dev * Dev = & scull_device;

 

If (! Atomic_dec_and_test (& scull_s_availeable )){

Atomic_inc (& scull_s_available );

Return-ebusy;

}

....

}

Static int scull_s_release (struct inode * inode, struct file * filp)

{

Atomic_inc (& scull_s_available); // release the device

Return 0;

}

 

Single-user access: an open call remembers the device owner when it is enabled for the first time. This user can open the device multiple times and coordinate multiple processes to perform concurrent operations on the device. At the same time, no other user can open it to avoid external interference. In this case, two data items are required: The UID of the count and the device owner. We recommend that you put these two data items into the data structure of the device. Sample Code:

 

Static int singleuid_count;/* initialized to 0 by default */

Static uid_t singleuid_owner;/* initialized to 0 by default */

Static spinlock_t singleuid_lock = spin_lock_unlocked;

 

 

Static int singleuid_open (struct inode * inode, struct file * filp)

{

Spin_lock (& singleuid_lock );

If (singleid_count & // If singleid_count is one, it indicates that

Singleuid_owner! = Current-> uid &&

Singleuid_owner! = Current-> EUID & // if the permission is incorrect, it cannot be opened.

! Capable (cap_dac_override) {// capable is used to describe the capabilities that a user space may possess.

Spin_unlock (& singleuid_lock );

Return-ebusy;

}

 

If (singleuid_count = 0 ){

Singleuid_owner = Current-> uid;

}

 

Singleuid_count ++;

Spin_unlock (& singleuid_lock );

Return 0;

}

 

Static int singleuid_release (struct inode * inode, struct file * filp)

{

Spin_lock (& singleuid_lock );

Singleuid_count --;

Spin_unlock (& singleuid_lock );

Return 0;

}

We can see that the locks are used for operations on structures such as singleuid_count and singleuid_owner.

 

Block-type open instead of ebusy: when the device is not accessible, it does not directly return ebusy, but is implemented by blocking I/O.

Sample Code:

Static int singleuid_count;

Static uid_t singleuid_owner;

Static spinlock_t singleuid_lock = unlocked;

Static spinlock_t singleuid_lcok = unlocked;

 

Static inline int singleuid_available (void)

{

Return singleid_count = 0 | singleid_owner = Current-> uid |

Singleuid_owner = Current-> EUID | capable (cap_dac_override );

}

Static int singleuid_open (struct inode * inode, struct file * filp)

{

Spin_lock (& singleuid_lock );

While (! Singleuid_available ()){

Spin_unlock (& singleuid_lock );

If (filp-> f_flags & o_nonblock)

Return-eagain;

If (wait_event_interruptible (singleid_wait, singleid_available ()))

Return-erestarttsys;

Spin_lock (& singleuid_lock );

}

 

If (singleuid_count = 0)

Singleuid_owner = Current-> uid;

Singleuid_count ++;

Spin_unlock (& singleuid_lock );

Return 0;

}

 

Static int singleuid_release (struct inode * inode, strct file * filp)

{

Spin_lock (& singleuid_lock );

Singleuid_count --;

Spin_unlock (& singleuid_lock );

 

If (singleuid_count = 0)

Wake_up_interruptible (& singleuid_wait );

Return 0;

}

 

Replication device when open: If the copied device is created by a software driver, it is called a "virtual device", just as all virtual terminals use the same physical device.