I am writing kqueue hooks for a character device that allows a client to block waiting for an EVFILT_READ. If I set my read filters code to always return one the kevent will return instantly. However, if the filter returns one at some later point in time nothing unblocks. For the following code the printf "After" never happens and in the filter code I can trivially get "filter_Read return 1" (immediately followed by a return 0)
Device (relevant excerpt)
static int
lowmem_filter_read(struct knote *kn, long hint)
{
mtx_assert(&lowmem_mtx, MA_OWNED);
if(manual_alert){
manual_alert=0;
printf("filter_Read return 1\n");
return 1;
}
printf("filter_Read return 0\n");
return 0;
}
static void
lowmem_filter_detach(struct knote *kn)
{
mtx_assert(&lowmem_mtx, MA_OWNED);
knlist_remove(&kl, kn, 0);
}
static struct filterops lowmem_filtops_read = {
.f_isfd = 1,
.f_detach = lowmem_filter_detach,
.f_event = lowmem_filter_read,
};
static int
lowmem_kqfilter(struct cdev *dev, struct knote *kn)
{
int err = EINVAL;
/* Figure out who needs service */
lowmem_lock();
switch (kn->kn_filter) {
case EVFILT_READ:
kn->kn_fop = &lowmem_filtops_read;
knlist_add(&kl, kn, 1);
err = 0;
break;
default:
err = EOPNOTSUPP;
break;
}
lowmem_unlock();
return (err);
}
Client:
struct kevent ev;
struct timespec nullts = {0,0};
int fd=0;
int main(int argc, char **argv){
fd = open("/dev/lowmem", O_RDWR | O_NONBLOCK);
int kq=kqueue();
EV_SET(&ev,fd,EVFILT_READ, EV_ADD,0,0,NULL);
kevent(kq,&ev,1,NULL,0,&nullts);
for(;;){
printf("Starting\n");
int n=kevent(kq,NULL,0,&ev,1,NULL);
printf("After\n");
if(n>0){
printf("Something happened ev.fflags=%i\n",(int)ev.fflags);
}
}
return 0;
}
Related
I'm a beginnig learner of linux driver, so far I've studied how to write an basic char device driver and platform driver. I'm pricticing on the led example, I want to improve it from basic char device driver model to platform driver model.
In the earlier practice, I define a global int gpio_num[MAX_LED_NUM] array to keep the led's gpio. It's easy because I can indentify the led by device's minor number, and operate the corresponding led by referencing gpio_num[minor];
But in this improvement, I don't want to use global array to keep led's gpio because I can't predict how many leds on the board. So I malloc a structure for every platform device in the probe function to keep their own gpio, and call device_create() to create device node. It seems good so far because how many leds are there, there are how many structures and device nodes in the /dev directory, and there is no global variables.
In order to seperate led operation functions from char device driver, I define the led operaions functions in the platform driver part(driver.c) and pass the function sets to the char device driver part(leds.c). for example , I define the alpha_led_init(struct drv_priv *priv) in the driver.c, and call it from char device's open function(in leds.c) .
in order to call alpha_led_init(struct drv_priv *priv), the open function needs the parameter *priv(the private data of platform device which contains led_gpio). I've pass the private data to the char device by using device_create()'s third parameter. But how can I get it from the open function ? I can't get the struct device *pdev in the open function, so I can't call dev_get_drvdata(pdev) to get the platform device's private data , so there's no way to call alpha_led_init(struct drv_priv *priv).
Is my program model very bad? Any good way to pass platform device's private data to char device ? Any help or advice would be appreciating.
Below is my practicing code, for simplicity, some header files're omitted.
alpha_led.h
#ifndef __ALPHA_LED_H__
#define __ALPHA_LED_H__
#define LED_OFF (1)
#define LED_ON (0)
#define LED_MAX_NUM (10)
struct drv_priv
{
int led_gpio;
};
struct alpha_led_operations
{
int inited;
int (*alpha_led_init)(struct drv_priv *pdev);
};
#endif
driver.c
#include "alpha_led.h"
static int led_count;
static int alpha_led_init(struct drv_priv *priv)
{
int err;
char name[64];
if(!priv)
return -1;
memset(name, 0, sizeof(name));
snprintf(name, sizeof(name), "alpha-led-pin-%d", priv->led_gpio);
err = gpio_request(priv->led_gpio, name);
if(err)
return -1;
err = gpio_direction_output(priv->led_gpio, LED_OFF);
if(err) {
gpio_free(priv->led_gpio);
return -1;
}
return 0;
}
static int alpha_led_probe(struct platform_device *pdev)
{
int err, gpio;
const char *status = NULL;
struct drv_priv *priv = NULL;
struct device_node *np = pdev->dev.of_node;
if(!np)
return -1;
err = of_property_read_string(np, "status", &status);
if(err || (strcmp(status, "okay") != 0))
return -1;
gpio = of_get_named_gpio(np, "led-gpio", 0);
if(gpio < 0)
return -1;
// I malloc a drv_priv structure for every platform device to keep their private data
priv = devm_kzalloc(&pdev->dev, sizeof(struct drv_priv), GFP_KERNEL);
if(!priv)
return -ENOMEM;
platform_set_drvdata(pdev, priv);
// for every platform device, the gpio number is their private data.
priv->led_gpio = gpio;
// I call self-defined function in leds.c to create device node in /dev directory
// and pass the platform device's private data(priv) to the device_create()
return create_led_device_node(led_count++, np->name, priv);
}
static int alpha_led_remove(struct platform_device *pdev)
{
// get the platform device's private data
struct drv_priv *priv = platform_get_drvdata(pdev);
gpio_free(priv->led_gpio);
}
static const struct of_device_id alpha_led_of_match[] = {
{ .compatible = "alientek-alpha,led" },
{}
};
static struct platform_driver alpha_led_driver = {
.probe = alpha_led_probe,
.remove = alpha_led_remove,
.driver = {
.name = "alpha-led",
.of_match_table = alpha_led_of_match,
}
};
static int __init platform_driver_led_init(void)
{
int rc;
struct alpha_led_operations *ops;
rc = platform_driver_register(&alpha_led_driver);
// pass the lower led control functions to leds.c
ops = get_alpha_led_ops();
ops->alpha_led_init = alpha_led_init;
ops->inited = 1;
return 0;
}
static void __exit platform_driver_led_exit(void)
{
platform_driver_unregister(&alpha_led_driver);
}
module_init(platform_driver_led_init);
module_exit(platform_driver_led_exit);
MODULE_AUTHOR("David");
MODULE_LICENSE("GPL");
leds.c
#include "alpha_led.h"
#define LED_DEV_NAME ("alpha-led")
#define LED_CLASS_NAME ("alpha-led-class")
static int led_major;
static struct cdev led_cdev;
static struct class *led_class;
static int led_open(struct inode *inode, struct file *filp);
static int led_close(struct inode *inode, struct file *filp);
static struct alpha_led_operations alpha_led_ops;
static const struct file_operations led_fops = {
.owner = THIS_MODULE,
.open = led_open,
.release = led_close,
};
static int led_open(struct inode *inode, struct file *filp)
{
int err, minor;
if(!inode || !filp)
return -1;
if(!alpha_led_ops.inited)
return -1;
if(!alpha_led_ops.alpha_led_init)
return -1;
//Question: here I want to call alpha_led_init(struct drv_priv *priv) defined in the driver.c
//But how can I get the parameter priv ? I know I have set it in the device_create(), but how can I fetch it here?
//Or Am writing a very bad platform driver model?
return alpha_led_ops.alpha_led_init(...);
}
static int led_close(struct inode *inode, struct file *filp)
{
return 0;
}
static int __init chrdev_led_init(void)
{
dev_t devid;
int i, rc, major, minor;
struct device *pdev;
if (led_major) {
devid = MKDEV(led_major, 0);
rc = register_chrdev_region(devid, LED_MAX_NUM, LED_DEV_NAME);
} else {
rc = alloc_chrdev_region(&devid, 0, LED_MAX_NUM, LED_DEV_NAME);
led_major = MAJOR(devid);
}
if(rc < 0)
goto chrdev_failed;
cdev_init(&led_cdev, &led_fops);
rc = cdev_add(&led_cdev, devid, LED_MAX_NUM);
if(rc < 0)
goto cdev_failed;
led_class = class_create(THIS_MODULE, LED_CLASS_NAME);
if(IS_ERR(led_class))
goto class_failed;
return 0;
class_failed:
cdev_del(&led_cdev);
cdev_failed:
unregister_chrdev_region(devid, LED_MAX_NUM);
chrdev_failed:
return -1;
}
static void __exit chrdev_led_exit(void)
{
class_destroy(led_class);
cdev_del(&led_cdev);
unregister_chrdev_region(MKDEV(led_major, 0), LED_MAX_NUM);
}
int create_led_device_node(int minor, const char *name, void *priv)
{
struct device *dev = NULL;
if(minor >= LED_MAX_NUM)
return NULL;
//device_create take the platform device's private data(priv) as it's own private data.
if(name)
dev = device_create(led_class, NULL, MKDEV(led_major, minor), priv, "%s", name);
else
dev = device_create(led_class, NULL, MKDEV(led_major, minor), priv, "led-%d", minor);
if(!dev)
return -1;
return 0;
}
void destroy_led_device_node(int minor)
{
device_destroy(led_class, MKDEV(led_major, minor));
}
struct alpha_led_operations * get_alpha_led_ops(void)
{
return &alpha_led_ops;
}
EXPORT_SYMBOL(create_led_device_node);
EXPORT_SYMBOL(destroy_led_device_node);
EXPORT_SYMBOL(get_alpha_led_ops);
module_init(chrdev_led_init);
module_exit(chrdev_led_exit);
MODULE_AUTHOR("David");
MODULE_LICENSE("GPL");
It's in drivers/crypto/ccp/ccp-dev-v5.c.
ccp is coprocessor used for crypto. ccp5_irq_bh() is an interrupt handler function.
Now that status is read from that register, why write it again below? That doesn't make sense.
Code is:
static void ccp5_irq_bh(unsigned long data)
{
struct ccp_device *ccp = (struct ccp_device *)data;
u32 status;
unsigned int i;
for (i = 0; i < ccp->cmd_q_count; i++) {
struct ccp_cmd_queue *cmd_q = &ccp->cmd_q[i];
status = ioread32(cmd_q->reg_interrupt_status);
if (status) {
cmd_q->int_status = status;
cmd_q->q_status = ioread32(cmd_q->reg_status);
cmd_q->q_int_status = ioread32(cmd_q->reg_int_status);
/* On error, only save the first error value */
if ((status & INT_ERROR) && !cmd_q->cmd_error)
cmd_q->cmd_error = CMD_Q_ERROR(cmd_q->q_status);
cmd_q->int_rcvd = 1;
/* Acknowledge the interrupt and wake the kthread */
iowrite32(status, cmd_q->reg_interrupt_status);
wake_up_interruptible(&cmd_q->int_queue);
}
}
ccp5_enable_queue_interrupts(ccp);
}
I am learning how to write Linux Device Driver.
I wrote a dummy character device driver, implemented open, release, write, read in fops;
When I read from device , everything was ok;
When I wrote to device by "echo xx > ", the OS was hang.
Even I comment out all codes in write function except pr_alert and return statements, It still hangs;
Could anybody help me figure it out?
#include <linux/init.h>
#include <linux/types.h>
#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/cdev.h>
#include <linux/fs.h>
#include <linux/slab.h>
#include <linux/string.h>
struct hello_dev
{
char *buffer;
int length;
dev_t dev;
struct mutex lock;
struct cdev *pcdev;
};
struct hello_dev *pHelloDev;
int open_device(struct inode *pinode, struct file *filp)
{
filp->private_data = pHelloDev;
return 0;
}
int close_device(struct inode *pinode, struct file *filp)
{
struct hello_dev *pDev = filp->private_data;
if (pDev->buffer != NULL)
kfree(pDev->buffer);
pDev->buffer = NULL;
return 0;
}
ssize_t read_device(struct file *filp, char __user *buffer, size_t len, loff_t *loff)
{
pr_alert("read\n");
struct hello_dev *pDev = filp->private_data;
mutex_lock(&pDev->lock);
if (pDev->buffer == NULL)
{
mutex_unlock(&pDev->lock);
return 0;
}
int length = strlen(pDev->buffer);
// offset max than strlen in buffer, return
if (*loff > (length - 1))
{
mutex_unlock(&pDev->lock);
return 0;
} else {
// available to read
int len2read = length - *loff;
if (len < len2read)
{// buffer length less than available data
len2read = len;
}
int read = copy_to_user(buffer, pDev->buffer + *loff, len2read);
if (read)
{
*loff = *loff + read;
mutex_unlock(&pDev->lock);
return read;
} else {
*loff = *loff + len2read;
mutex_unlock(&pDev->lock);
return len2read;
}
}
}
ssize_t write_device(struct file *filp , const char __user *buffer, size_t len, loff_t* loff) {
pr_alert("write %s\n", buffer);
// struct hello_dev *pDev = filp->private_data;
// mutex_lock(&pDev->lock);
// if(pDev->buffer == NULL) {
// pDev->buffer = kmalloc(100, GFP_KERNEL);
// pDev->length = 100;
// }
// copy_from_user(pDev->buffer, buffer, len);
// *loff = *loff + len;
// mutex_unlock(&pDev->lock);
return len;
}
struct file_operations fops = {
.open = open_device,
.release = close_device,
.read = read_device,
.write = write_device
};
int init_device(void)
{
pr_alert("init device\n");
pHelloDev = kmalloc(sizeof(struct hello_dev), GFP_KERNEL);
pHelloDev->buffer = NULL;
pHelloDev->length = 0;
int ret = alloc_chrdev_region(&pHelloDev->dev, 0, 1, "hello");
if (ret)
goto alloc_error;
if (pHelloDev == NULL)
goto kmalloc_error;
pHelloDev->pcdev = cdev_alloc();
pHelloDev->pcdev->ops = &fops;
mutex_init(&pHelloDev->lock);
ret = cdev_add(pHelloDev->pcdev, pHelloDev->dev, 1);
if (ret)
goto cdev_add_error;
return 0;
alloc_error:
pr_alert("alloc_chrdev_region error, %d\n", ret);
return ret;
kmalloc_error:
pr_alert("alloc struct hello_dev error");
return -ENOMEM;
cdev_add_error:
pr_alert("cdev_add error, %d\n", ret);
return ret;
}
void cleanup_device(void)
{
pr_alert("unload ko\n");
cdev_del(pHelloDev->pcdev);
unregister_chrdev_region(pHelloDev->dev, 1);
}
MODULE_LICENSE("GPL");
module_init(init_device);
module_exit(cleanup_device);
I found why write to device hangs.
//this statements has problem
//maybe there is no \0 in buffer
//so I print it out, it will hang
//I wrote a program to write something to device
//and used strace to trace system call made by this program
//and found it hangs at write(...) system call
//and there was nothing printed out
//so, it must be this statement causing the problem
//when I removed this statement, everything was ok
pr_alert("write %s\n", buffer);
I am learning to write kernel modules and in one of the examples I had to make sure that a thread executed 10 times and exits, so I wrote this according to what I have studied:
#include <linux/module.h>
#include <linux/kthread.h>
struct task_struct *ts;
int flag = 0;
int id = 10;
int function(void *data) {
int n = *(int*)data;
set_current_state(TASK_INTERRUPTIBLE);
schedule_timeout(n*HZ); // after doing this it executed infinitely and i had to reboot
while(!kthread_should_stop()) {
printk(KERN_EMERG "Ding");
}
flag = 1;
return 0;
}
int init_module (void) {
ts = kthread_run(function, (void *)&id, "spawn");
return 0;
}
void cleanup_module(void) {
if (flag==1) { return; }
else { if (ts != NULL) kthread_stop(ts);
}
return;
}
MODULE_LICENSE("GPL");
What I want to know is :
a) How to make thread execute 10 times like a loop
b) How does the control flows in these kind of processes that is if we make it to execute 10 times then does it go back and forth between function and cleanup_module or init_module or what exactly happens?
If you control kthread with kthread_stop, the kthread shouldn't exit until be ing stopped (see also that answer). So, after executing all operations, kthread should wait until stopped.
Kernel already implements kthread_worker mechanism, when kthread just executes works, added to it.
DEFINE_KTHREAD_WORKER(worker);
struct my_work
{
struct kthread_work *work; // 'Base' class
int n;
};
void do_work(struct kthread_work *work)
{
struct my_work* w = container_of(work, struct my_work, work);
printk(KERN_EMERG "Ding %d", w->n);
// And free work struct at the end
kfree(w);
}
int init_module (void) {
int i;
for(i = 0; i < 10; i++)
{
struct my_work* w = kmalloc(sizeof(struct my_work), GFP_KERNEL);
init_kthread_work(&w->work, &do_work);
w->n = i + 1;
queue_kthread_work(&worker, &w->work);
}
ts = kthread_run(&kthread_worker_fn, &worker, "spawn");
return 0;
}
void cleanup_module(void) {
kthread_stop(ts);
}
I wrote a simple module which emulates a force feedback input device so that I can test the underlying FFB implementation. However, the module sometimes crashes the kernel with the "scheduling while atomic" message. According to the backtrace the crash is triggered by ff_dummy_open() and I can reproduce it easily by destroying and recreating the dummy device a couple of times in a row through sysfs. What am I doing wrong?
Source of the module:
#include <linux/input.h>
#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/slab.h>
#include <linux/sysfs.h>
#include <linux/input/ff-logitech.h>
MODULE_LICENSE("GPL");
struct ff_dummy_device {
struct input_dev *dev;
int slot;
};
static struct kobject *ff_dummy_kobj;
static struct ff_dummy_device **ff_dummy_devices;
static int max_device_count;
static unsigned char device_count = 0;
static struct mutex mtx;
static const char *ff_dummy_name = "DumFFBD";
static const signed short ff_dummy_effects[] = {
FF_CONSTANT,
FF_PERIODIC,
FF_TRIANGLE,
FF_SAW_UP,
FF_SAW_DOWN,
FF_SINE,
FF_SQUARE,
FF_SPRING,
FF_DAMPER,
FF_INERTIA,
FF_FRICTION,
FF_RAMP,
-1
};
static int ff_dummy_control(struct input_dev *dev, void *data, const struct lgff_effect_command *command)
{
struct ff_dummy_device *ddev = data;
switch (command->cmd) {
case LGFF_START_COMBINED:
pr_debug("Force X: %d, Force Y: %d, (idx %d)\n", command->u.simple_force.x, command->u.simple_force.y, ddev->slot);
break;
case LGFF_STOP_COMBINED:
pr_debug("Stopping COMBINED effect (idx %d).\n", ddev->slot);
break;
case LGFF_START_UNCOMB:
pr_debug("Starting UNCOMBINABLE effect.\n");
pr_debug("LC(x): %d RC(x): %d, LS(x): %d, RS(x): %d\n",
command->u.uncomb.effect->u.condition[0].left_coeff,
command->u.uncomb.effect->u.condition[0].right_coeff,
command->u.uncomb.effect->u.condition[0].left_saturation,
command->u.uncomb.effect->u.condition[0].right_saturation);
pr_debug("LC(y): %d RC(y): %d, LS(y): %d, RS(y): %d\n",
command->u.uncomb.effect->u.condition[1].left_coeff,
command->u.uncomb.effect->u.condition[1].right_coeff,
command->u.uncomb.effect->u.condition[1].left_saturation,
command->u.uncomb.effect->u.condition[1].right_saturation);
switch (command->u.uncomb.effect->type) {
case FF_DAMPER:
pr_debug("Starting DAMPER id %d\n", command->u.uncomb.id);
break;
case FF_FRICTION:
pr_debug("Starting FRICTION id %d\n", command->u.uncomb.id);
break;
case FF_INERTIA:
pr_debug("Starting INERTIA id %d\n", command->u.uncomb.id);
break;
case FF_SPRING:
pr_debug("Starting SPRING id %d\n", command->u.uncomb.id);
break;
}
break;
case LGFF_STOP_UNCOMB:
pr_debug("Stopping UNCOMBINABLE effect.\n");
switch (command->u.uncomb.effect->type) {
case FF_DAMPER:
pr_debug("Stopping DAMPER id %d\n", command->u.uncomb.id);
break;
case FF_FRICTION:
pr_debug("Stopping FRICTION id %d\n", command->u.uncomb.id);
break;
case FF_INERTIA:
pr_debug("Stopping INERTIA id %d\n", command->u.uncomb.id);
break;
case FF_SPRING:
pr_debug("Stopping SPRING id %d\n", command->u.uncomb.id);
break;
}
break;
}
return 0;
}
static void ff_dummy_close(int idx)
{
if (idx < 0 || idx > max_device_count) {
printk(KERN_WARNING "Invalid device index.\n");
return;
}
if (!ff_dummy_devices[idx])
return;
mutex_lock(&mtx);
input_unregister_device(ff_dummy_devices[idx]->dev);
kfree(ff_dummy_devices[idx]);
ff_dummy_devices[idx] = NULL;
device_count--;
mutex_unlock(&mtx);
printk(KERN_NOTICE "Dummy force feedback %u device removed.\n", idx);
}
static int ff_dummy_open(int idx)
{
struct ff_dummy_device *newdummy;
struct input_dev *newdev;
int i, ret;
if (idx < 0 || idx >= max_device_count) {
printk(KERN_WARNING "Invalid device index.\n");
return -EINVAL;
}
newdummy = kzalloc(sizeof(struct ff_dummy_device *), GFP_KERNEL);
if (!newdummy) {
printk(KERN_ERR "Unable to allocate memory for dummy device slot.\n");
return -ENOMEM;
}
mutex_lock(&mtx);
if (ff_dummy_devices[idx]) {
printk(KERN_WARNING "Selected slot %u already occupied.\n", idx);
mutex_unlock(&mtx);
kfree(newdummy);
return -EINVAL;
}
ff_dummy_devices[idx] = newdummy;
newdev = input_allocate_device();
if (!newdev) {
printk(KERN_ERR "Unable to allocate memory for input device.\n");
ret = -ENOMEM;
goto open_err;
}
newdev->id.bustype = BUS_VIRTUAL;
newdev->id.vendor = 0xffff;
newdev->id.product = 0x0001;
newdev->id.version = 0x0001;
newdev->name = ff_dummy_name;
newdev->uniq = kasprintf(GFP_KERNEL, "%s_%u", ff_dummy_name, idx);
set_bit(EV_FF, newdev->evbit);
/* Make the device look like force feedback device */
for (i = 0; ff_dummy_effects[i] >= 0; i++)
set_bit(ff_dummy_effects[i], newdev->ffbit);
ret = input_register_device(newdev);
if (ret) {
printk(KERN_ERR "Unable to register dummy device.\n");
input_free_device(newdev);
goto open_err;
}
ret = input_ff_create_logitech(newdev, (void *)ff_dummy_devices[idx], ff_dummy_control);
if (ret) {
printk(KERN_ERR "Unable to register dummy device with ff-logitech\n");
input_unregister_device(newdev);
goto open_err;
}
ff_dummy_devices[idx]->dev = newdev;
ff_dummy_devices[idx]->slot = idx;
device_count++;
mutex_unlock(&mtx);
printk(KERN_NOTICE "Dummy force feedback %u device created.\n", idx);
return 0;
open_err:
kfree(ff_dummy_devices[idx]);
ff_dummy_devices[idx] = NULL;
mutex_unlock(&mtx);
return ret;
}
static ssize_t ff_dummy_add_device_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
int ret;
mutex_lock(&mtx);
ret = scnprintf(buf, PAGE_SIZE, "%u\n", device_count);
mutex_unlock(&mtx);
return ret;
}
static ssize_t ff_dummy_add_device_store(struct kobject *kobj, struct kobj_attribute *attr, const char *buf,
size_t count)
{
int ret;
int idx = 0;
sscanf(buf, "%d", &idx);
ret = ff_dummy_open(idx);
if (ret) {
printk(KERN_ERR "Dummy device creation failed with errno %d\n", ret);
return ret;
}
return count;
}
static ssize_t ff_dummy_del_device_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
int i;
int ret = 0;
mutex_lock(&mtx);
for (i = 0; i < max_device_count; i++) {
if (ff_dummy_devices[i])
ret += scnprintf(buf + ret, PAGE_SIZE, "[%u] ", i);
else
ret += scnprintf(buf + ret, PAGE_SIZE, "%u ", i);
}
mutex_unlock(&mtx);
ret += scnprintf(buf + ret, PAGE_SIZE, "\n");
return ret;
}
static ssize_t ff_dummy_del_device_store(struct kobject *kobj, struct kobj_attribute *attr, const char *buf,
size_t count)
{
int idx = 0;
sscanf(buf, "%d", &idx);
ff_dummy_close(idx);
return count;
}
static struct kobj_attribute add_device_attr =
__ATTR(add_device, 0644, ff_dummy_add_device_show, ff_dummy_add_device_store);
static struct kobj_attribute del_device_attr =
__ATTR(del_device, 0644, ff_dummy_del_device_show, ff_dummy_del_device_store);
static struct attribute *attrs[] = {
&add_device_attr.attr,
&del_device_attr.attr,
NULL
};
static struct attribute_group attrs_grp = {
.attrs = attrs
};
static void __exit ff_dummy_exit(void)
{
int i;
sysfs_remove_group(ff_dummy_kobj, &attrs_grp);
for (i = 0; i < max_device_count; i++)
if (ff_dummy_devices[i])
ff_dummy_close(i);
kfree(ff_dummy_devices);
kobject_put(ff_dummy_kobj);
printk(KERN_NOTICE "Dummy force feedback module removed.\n");
}
static int __init ff_dummy_init(void)
{
int ret;
if (max_device_count < 1)
max_device_count = 2;
ff_dummy_kobj = kobject_create_and_add("ff_dummy_device_obj", kernel_kobj);
if (!ff_dummy_kobj)
return -ENOMEM;
ff_dummy_devices = kcalloc(max_device_count, sizeof(struct ff_dummy_device *), GFP_KERNEL);
if (!ff_dummy_devices) {
ret = -ENOMEM;
goto err_alloc;
}
mutex_init(&mtx);
ret = sysfs_create_group(ff_dummy_kobj, &attrs_grp);
if (ret)
goto err_sysfs;
ret = ff_dummy_open(0);
if (ret)
goto err_open;
printk(KERN_NOTICE "Dummy force feedback module loaded.\n");
return 0;
err_open:
sysfs_remove_group(ff_dummy_kobj, &attrs_grp);
err_sysfs:
kfree(ff_dummy_devices);
err_alloc:
kobject_put(ff_dummy_kobj);
return ret;
}
module_param_named(max_device_count, max_device_count, int, S_IRUGO);
MODULE_PARM_DESC(max_device_count, "Maximum number of dummy devices that can be created simultaneously.");
module_exit(ff_dummy_exit);
module_init(ff_dummy_init);
EDIT:
The scheduling problem might have been a false lead. The only thing I am certain about is that the crash happens deep inside input_register_device(). "in_atomic()" and "in_interrupt()" return 0.
EDIT:
Solved. The actual bug was caused by a double free error in the underlying ff-logitech module and incorrect allocation of "struct ff_dummy_device *" instead of "struct ff_dummy_device".