如何在内核模块代码中添加轮询功能?
How to add poll function to the kernel module code?
据我所知,要从内核 space 通知用户 space,一种方法是使用轮询。这意味着内核驱动程序应该首先提供 poll 方法。
下面的代码是从网上找来的,确实有效!
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/proc_fs.h>
#include <linux/string.h>
#include <linux/vmalloc.h>
#include <asm/uaccess.h>
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Fortune Cookie Kernel Module");
MODULE_AUTHOR("M. Tim Jones");
#define MAX_COOKIE_LENGTH PAGE_SIZE
static struct proc_dir_entry *proc_entry;
static char *cookie_buf; // Space for fortune strings
static int write_index; // Index to write next fortune
static int read_index; // Index to read next fortune
ssize_t fortune_write( struct file *filp, const char __user *buff,
unsigned long len, void *data )
// Refer to: ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
{
int space_available = (MAX_COOKIE_LENGTH-write_index);
if (len > space_available) {
printk(KERN_INFO "fortune: cookie buffer is full!\n");
return -ENOSPC;
}
if (copy_from_user( &cookie_buf[write_index], buff, len )) {
return -EFAULT;
}
write_index += len;
cookie_buf[write_index-1] = 0;
return len;
}
ssize_t fortune_read(struct file *file, char *buf, size_t count, loff_t *f_pos){
// Refer to: ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
int len;
//there's no fortune or a fortune has already been read
//the *f_pos > 0 hack is needed because `cat /proc/fortune` would otherwise
//display every thing in the cookie_buf
if(write_index == 0 || *f_pos > 0){
return 0;
}
// cicle through fortunes
if(read_index >= write_index){
read_index = 0;
}
len = sprintf(buf, "%s\n", &cookie_buf[read_index]);
read_index += len;
*f_pos += len;
return len;
}
static const struct file_operations proc_test_fops = {
.owner = THIS_MODULE,
// .open = led_proc_open,
.read = fortune_read,
// .llseek = seq_lseek,
// .release = single_release,
.write = fortune_write,
// unsigned int (*poll) (struct file *, struct poll_table_struct *);
// int (*fasync) (int, struct file *, int);
};
int __init init_fortune_module( void )
{
int ret = 0;
cookie_buf = (char *)vmalloc( MAX_COOKIE_LENGTH );
if (!cookie_buf) {
ret = -ENOMEM;
} else {
memset( cookie_buf, 0, MAX_COOKIE_LENGTH );
// proc_entry = create_proc_entry( "fortune", 0644, NULL );
proc_entry = proc_create( "fortune", 0644, NULL, &proc_test_fops );
if (proc_entry == NULL) {
ret = -ENOMEM;
vfree(cookie_buf);
printk(KERN_INFO "fortune: Couldn't create proc entry\n");
} else {
write_index = 0;
read_index = 0;
printk(KERN_INFO "fortune: Module loaded.\n");
}
}
return ret;
}
void __exit exit_fortune_module( void )
{
// remove_proc_entry("fortune", &proc_entry);
proc_remove(proc_entry);
vfree(cookie_buf);
printk(KERN_INFO "fortune: Module unloaded.\n");
}
module_init( init_fortune_module );
module_exit( exit_fortune_module );
我可以这样做来让它工作:
echo "hello" > /proc/fortune
然后
cat /proc/fortune
查看结果。
但是如何给它添加poll方法呢?我尝试了几次,还是失败了。
你可以在内核中找到一些很好的例子。查看下一个文件:
要将 poll() 函数添加到您的代码中,请执行后续步骤。
包括需要的headers:
#include <linux/wait.h>
#include <linux/poll.h>
声明等待队列变量:
static DECLARE_WAIT_QUEUE_HEAD(fortune_wait);
添加 fortune_poll() 函数并将其(作为 .poll 回调)添加到您的文件操作结构中:
static unsigned int fortune_poll(struct file *file, poll_table *wait)
{
poll_wait(file, &fortune_wait, wait);
if (new-data-is-ready)
return POLLIN | POLLRDNORM;
return 0;
}
static const struct file_operations proc_test_fops = {
....
.poll = fortune_poll,
};
注意,如果有新数据要读取,应该returnPOLLIN | POLLRDNORM,如果没有新数据要读取,则0(poll()调用timed-out)。有关详细信息,请参阅 man 2 poll。
一旦有新数据就通知您的等待队列:
wake_up_interruptible(&fortune_wait);
这是实现 poll() 操作的基本内容。根据您的任务,您可能需要在 .read 函数中使用一些 waitqueue API(例如 wait_event_interruptible())。
最小可运行示例
GitHub 使用 QEMU + Buildroot 样板上游:
在这个简化的示例中,我们从一个单独的线程生成轮询事件。在现实生活中,当硬件完成一些工作并且新数据可供用户区读取时,轮询事件可能会被中断触发。
要记住的要点是,如果poll return为零,内核会再次调用它:
poll.ko
#include <linux/debugfs.h>
#include <linux/delay.h> /* usleep_range */
#include <linux/errno.h> /* EFAULT */
#include <linux/fs.h>
#include <linux/jiffies.h>
#include <linux/kernel.h> /* min */
#include <linux/kthread.h>
#include <linux/module.h>
#include <linux/poll.h>
#include <linux/printk.h> /* printk */
#include <linux/uaccess.h> /* copy_from_user, copy_to_user */
#include <linux/wait.h> /* wait_queue_head_t, wait_event_interruptible, wake_up_interruptible */
#include <uapi/linux/stat.h> /* S_IRUSR */
static int ret0 = 0;
module_param(ret0, int, S_IRUSR | S_IWUSR);
MODULE_PARM_DESC(i, "if 1, always return 0 from poll");
static char readbuf[1024];
static size_t readbuflen;
static struct dentry *debugfs_file;
static struct task_struct *kthread;
static wait_queue_head_t waitqueue;
static ssize_t read(struct file *filp, char __user *buf, size_t len, loff_t *off)
{
ssize_t ret;
if (copy_to_user(buf, readbuf, readbuflen)) {
ret = -EFAULT;
} else {
ret = readbuflen;
}
/* This is normal pipe behaviour: data gets drained once a reader reads from it. */
/* */
readbuflen = 0;
return ret;
}
/* If you return 0 here, then the kernel will sleep until an event
* happens in the queue. and then call this again, because of the call to poll_wait. */
unsigned int poll(struct file *filp, struct poll_table_struct *wait)
{
pr_info("poll\n");
/* This doesn't sleep. It just makes the kernel call poll again if we return 0. */
poll_wait(filp, &waitqueue, wait);
if (readbuflen && !ret0) {
pr_info("return POLLIN\n");
return POLLIN;
} else {
pr_info("return 0\n");
return 0;
}
}
static int kthread_func(void *data)
{
while (!kthread_should_stop()) {
readbuflen = snprintf(
readbuf,
sizeof(readbuf),
"%llu",
(unsigned long long)jiffies
);
usleep_range(1000000, 1000001);
pr_info("wake_up\n");
wake_up(&waitqueue);
}
return 0;
}
static const struct file_operations fops = {
.owner = THIS_MODULE,
.read = read,
.poll = poll
};
static int myinit(void)
{
debugfs_file = debugfs_create_file(
"lkmc_poll", S_IRUSR | S_IWUSR, NULL, NULL, &fops);
init_waitqueue_head(&waitqueue);
kthread = kthread_create(kthread_func, NULL, "mykthread");
wake_up_process(kthread);
return 0;
}
static void myexit(void)
{
kthread_stop(kthread);
debugfs_remove(debugfs_file);
}
module_init(myinit)
module_exit(myexit)
MODULE_LICENSE("GPL");
poll.out 用户空间:
#define _XOPEN_SOURCE 700
#include <assert.h>
#include <fcntl.h> /* creat, O_CREAT */
#include <poll.h> /* poll */
#include <stdio.h> /* printf, puts, snprintf */
#include <stdlib.h> /* EXIT_FAILURE, EXIT_SUCCESS */
#include <unistd.h> /* read */
int main(int argc, char **argv) {
char buf[1024];
int fd, i, n;
short revents;
struct pollfd pfd;
if (argc < 2) {
fprintf(stderr, "usage: %s <poll-device>\n", argv[0]);
exit(EXIT_FAILURE);
}
fd = open(argv[1], O_RDONLY | O_NONBLOCK);
if (fd == -1) {
perror("open");
exit(EXIT_FAILURE);
}
pfd.fd = fd;
pfd.events = POLLIN;
while (1) {
puts("poll");
i = poll(&pfd, 1, -1);
if (i == -1) {
perror("poll");
assert(0);
}
revents = pfd.revents;
printf("revents = %d\n", revents);
if (revents & POLLIN) {
n = read(pfd.fd, buf, sizeof(buf));
printf("POLLIN n=%d buf=%.*s\n", n, n, buf);
}
}
}
用法:
insmod poll.ko
mount -t debugfs none /sys/kernel/debug
./kernel_modules/poll.out /sys/kernel/debug/lkmc_poll
结果:jiffies每秒从用户空间打印到标准输出,例如:
poll
<6>[ 4.275305] poll
<6>[ 4.275580] return POLLIN
revents = 1
POLLIN n=10 buf=4294893337
poll
<6>[ 4.276627] poll
<6>[ 4.276911] return 0
<6>[ 5.271193] wake_up
<6>[ 5.272326] poll
<6>[ 5.273207] return POLLIN
revents = 1
POLLIN n=10 buf=4294893588
poll
<6>[ 5.276367] poll
<6>[ 5.276618] return 0
<6>[ 6.275178] wake_up
<6>[ 6.276370] poll
<6>[ 6.277269] return POLLIN
revents = 1
POLLIN n=10 buf=4294893839
强制投票 file_operation 到 return 0 以更清楚地看到发生了什么:
insmod poll.ko ret0=1
示例输出:
poll
<6>[ 85.674801] poll
<6>[ 85.675788] return 0
<6>[ 86.675182] wake_up
<6>[ 86.676431] poll
<6>[ 86.677373] return 0
<6>[ 87.679198] wake_up
<6>[ 87.680515] poll
<6>[ 87.681564] return 0
<6>[ 88.683198] wake_up
由此我们可以看出,控制并未 return 到用户区:内核只是不断地一次又一次地调用轮询 file_operation。
在 Linux 5.4.3.
上测试
据我所知,要从内核 space 通知用户 space,一种方法是使用轮询。这意味着内核驱动程序应该首先提供 poll 方法。 下面的代码是从网上找来的,确实有效!
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/proc_fs.h>
#include <linux/string.h>
#include <linux/vmalloc.h>
#include <asm/uaccess.h>
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Fortune Cookie Kernel Module");
MODULE_AUTHOR("M. Tim Jones");
#define MAX_COOKIE_LENGTH PAGE_SIZE
static struct proc_dir_entry *proc_entry;
static char *cookie_buf; // Space for fortune strings
static int write_index; // Index to write next fortune
static int read_index; // Index to read next fortune
ssize_t fortune_write( struct file *filp, const char __user *buff,
unsigned long len, void *data )
// Refer to: ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *);
{
int space_available = (MAX_COOKIE_LENGTH-write_index);
if (len > space_available) {
printk(KERN_INFO "fortune: cookie buffer is full!\n");
return -ENOSPC;
}
if (copy_from_user( &cookie_buf[write_index], buff, len )) {
return -EFAULT;
}
write_index += len;
cookie_buf[write_index-1] = 0;
return len;
}
ssize_t fortune_read(struct file *file, char *buf, size_t count, loff_t *f_pos){
// Refer to: ssize_t (*read) (struct file *, char __user *, size_t, loff_t *);
int len;
//there's no fortune or a fortune has already been read
//the *f_pos > 0 hack is needed because `cat /proc/fortune` would otherwise
//display every thing in the cookie_buf
if(write_index == 0 || *f_pos > 0){
return 0;
}
// cicle through fortunes
if(read_index >= write_index){
read_index = 0;
}
len = sprintf(buf, "%s\n", &cookie_buf[read_index]);
read_index += len;
*f_pos += len;
return len;
}
static const struct file_operations proc_test_fops = {
.owner = THIS_MODULE,
// .open = led_proc_open,
.read = fortune_read,
// .llseek = seq_lseek,
// .release = single_release,
.write = fortune_write,
// unsigned int (*poll) (struct file *, struct poll_table_struct *);
// int (*fasync) (int, struct file *, int);
};
int __init init_fortune_module( void )
{
int ret = 0;
cookie_buf = (char *)vmalloc( MAX_COOKIE_LENGTH );
if (!cookie_buf) {
ret = -ENOMEM;
} else {
memset( cookie_buf, 0, MAX_COOKIE_LENGTH );
// proc_entry = create_proc_entry( "fortune", 0644, NULL );
proc_entry = proc_create( "fortune", 0644, NULL, &proc_test_fops );
if (proc_entry == NULL) {
ret = -ENOMEM;
vfree(cookie_buf);
printk(KERN_INFO "fortune: Couldn't create proc entry\n");
} else {
write_index = 0;
read_index = 0;
printk(KERN_INFO "fortune: Module loaded.\n");
}
}
return ret;
}
void __exit exit_fortune_module( void )
{
// remove_proc_entry("fortune", &proc_entry);
proc_remove(proc_entry);
vfree(cookie_buf);
printk(KERN_INFO "fortune: Module unloaded.\n");
}
module_init( init_fortune_module );
module_exit( exit_fortune_module );
我可以这样做来让它工作:
echo "hello" > /proc/fortune
然后
cat /proc/fortune
查看结果。
但是如何给它添加poll方法呢?我尝试了几次,还是失败了。
你可以在内核中找到一些很好的例子。查看下一个文件:
要将 poll() 函数添加到您的代码中,请执行后续步骤。
包括需要的headers:
#include <linux/wait.h> #include <linux/poll.h>声明等待队列变量:
static DECLARE_WAIT_QUEUE_HEAD(fortune_wait);添加
fortune_poll()函数并将其(作为.poll回调)添加到您的文件操作结构中:static unsigned int fortune_poll(struct file *file, poll_table *wait) { poll_wait(file, &fortune_wait, wait); if (new-data-is-ready) return POLLIN | POLLRDNORM; return 0; } static const struct file_operations proc_test_fops = { .... .poll = fortune_poll, };注意,如果有新数据要读取,应该return
POLLIN | POLLRDNORM,如果没有新数据要读取,则0(poll()调用timed-out)。有关详细信息,请参阅 man 2 poll。一旦有新数据就通知您的等待队列:
wake_up_interruptible(&fortune_wait);
这是实现 poll() 操作的基本内容。根据您的任务,您可能需要在 .read 函数中使用一些 waitqueue API(例如 wait_event_interruptible())。
最小可运行示例
GitHub 使用 QEMU + Buildroot 样板上游:
在这个简化的示例中,我们从一个单独的线程生成轮询事件。在现实生活中,当硬件完成一些工作并且新数据可供用户区读取时,轮询事件可能会被中断触发。
要记住的要点是,如果poll return为零,内核会再次调用它:
poll.ko
#include <linux/debugfs.h>
#include <linux/delay.h> /* usleep_range */
#include <linux/errno.h> /* EFAULT */
#include <linux/fs.h>
#include <linux/jiffies.h>
#include <linux/kernel.h> /* min */
#include <linux/kthread.h>
#include <linux/module.h>
#include <linux/poll.h>
#include <linux/printk.h> /* printk */
#include <linux/uaccess.h> /* copy_from_user, copy_to_user */
#include <linux/wait.h> /* wait_queue_head_t, wait_event_interruptible, wake_up_interruptible */
#include <uapi/linux/stat.h> /* S_IRUSR */
static int ret0 = 0;
module_param(ret0, int, S_IRUSR | S_IWUSR);
MODULE_PARM_DESC(i, "if 1, always return 0 from poll");
static char readbuf[1024];
static size_t readbuflen;
static struct dentry *debugfs_file;
static struct task_struct *kthread;
static wait_queue_head_t waitqueue;
static ssize_t read(struct file *filp, char __user *buf, size_t len, loff_t *off)
{
ssize_t ret;
if (copy_to_user(buf, readbuf, readbuflen)) {
ret = -EFAULT;
} else {
ret = readbuflen;
}
/* This is normal pipe behaviour: data gets drained once a reader reads from it. */
/* */
readbuflen = 0;
return ret;
}
/* If you return 0 here, then the kernel will sleep until an event
* happens in the queue. and then call this again, because of the call to poll_wait. */
unsigned int poll(struct file *filp, struct poll_table_struct *wait)
{
pr_info("poll\n");
/* This doesn't sleep. It just makes the kernel call poll again if we return 0. */
poll_wait(filp, &waitqueue, wait);
if (readbuflen && !ret0) {
pr_info("return POLLIN\n");
return POLLIN;
} else {
pr_info("return 0\n");
return 0;
}
}
static int kthread_func(void *data)
{
while (!kthread_should_stop()) {
readbuflen = snprintf(
readbuf,
sizeof(readbuf),
"%llu",
(unsigned long long)jiffies
);
usleep_range(1000000, 1000001);
pr_info("wake_up\n");
wake_up(&waitqueue);
}
return 0;
}
static const struct file_operations fops = {
.owner = THIS_MODULE,
.read = read,
.poll = poll
};
static int myinit(void)
{
debugfs_file = debugfs_create_file(
"lkmc_poll", S_IRUSR | S_IWUSR, NULL, NULL, &fops);
init_waitqueue_head(&waitqueue);
kthread = kthread_create(kthread_func, NULL, "mykthread");
wake_up_process(kthread);
return 0;
}
static void myexit(void)
{
kthread_stop(kthread);
debugfs_remove(debugfs_file);
}
module_init(myinit)
module_exit(myexit)
MODULE_LICENSE("GPL");
poll.out 用户空间:
#define _XOPEN_SOURCE 700
#include <assert.h>
#include <fcntl.h> /* creat, O_CREAT */
#include <poll.h> /* poll */
#include <stdio.h> /* printf, puts, snprintf */
#include <stdlib.h> /* EXIT_FAILURE, EXIT_SUCCESS */
#include <unistd.h> /* read */
int main(int argc, char **argv) {
char buf[1024];
int fd, i, n;
short revents;
struct pollfd pfd;
if (argc < 2) {
fprintf(stderr, "usage: %s <poll-device>\n", argv[0]);
exit(EXIT_FAILURE);
}
fd = open(argv[1], O_RDONLY | O_NONBLOCK);
if (fd == -1) {
perror("open");
exit(EXIT_FAILURE);
}
pfd.fd = fd;
pfd.events = POLLIN;
while (1) {
puts("poll");
i = poll(&pfd, 1, -1);
if (i == -1) {
perror("poll");
assert(0);
}
revents = pfd.revents;
printf("revents = %d\n", revents);
if (revents & POLLIN) {
n = read(pfd.fd, buf, sizeof(buf));
printf("POLLIN n=%d buf=%.*s\n", n, n, buf);
}
}
}
用法:
insmod poll.ko
mount -t debugfs none /sys/kernel/debug
./kernel_modules/poll.out /sys/kernel/debug/lkmc_poll
结果:jiffies每秒从用户空间打印到标准输出,例如:
poll
<6>[ 4.275305] poll
<6>[ 4.275580] return POLLIN
revents = 1
POLLIN n=10 buf=4294893337
poll
<6>[ 4.276627] poll
<6>[ 4.276911] return 0
<6>[ 5.271193] wake_up
<6>[ 5.272326] poll
<6>[ 5.273207] return POLLIN
revents = 1
POLLIN n=10 buf=4294893588
poll
<6>[ 5.276367] poll
<6>[ 5.276618] return 0
<6>[ 6.275178] wake_up
<6>[ 6.276370] poll
<6>[ 6.277269] return POLLIN
revents = 1
POLLIN n=10 buf=4294893839
强制投票 file_operation 到 return 0 以更清楚地看到发生了什么:
insmod poll.ko ret0=1
示例输出:
poll
<6>[ 85.674801] poll
<6>[ 85.675788] return 0
<6>[ 86.675182] wake_up
<6>[ 86.676431] poll
<6>[ 86.677373] return 0
<6>[ 87.679198] wake_up
<6>[ 87.680515] poll
<6>[ 87.681564] return 0
<6>[ 88.683198] wake_up
由此我们可以看出,控制并未 return 到用户区:内核只是不断地一次又一次地调用轮询 file_operation。
在 Linux 5.4.3.
上测试