linux中probe函数中传递的参数来源
linux中probe函数传递参数的寻找(上)
https://blog.****.net/xiafeng1113/article/details/8236299
上一篇中,我们追踪了probe函数在何时调用,知道了满足什么条件会调用probe函数,但probe函数中传递的参数我们并不知道在何时定义,到底是谁定义的,反正不是我们在驱动中定义的(当然,驱动中也不会定义设备的详细信息),但也不是在我们设备信息定义时的结构体。这就相当于武林绝学中只打通了任脉,而督脉还没打通,要想成为武林高手还差一步,本文就致力于打通我们设备驱动probe函数的任督二脉,做到正向逆向全顺畅,当任督二脉全都打通后,。。。,就可以独步武林、指点江山啦,再然后按照武林高手成名后既定的流程,该寂寞地隐去了(好像又再做白日梦了),当然了Linux中值得我们要学的多着呢,除了编写内核的那帮家伙们偶尔会寂寞下外,我们还是没有多少时间留给我们寂寞的(^_^)。
虽然不知道probe函数的参数怎么来的,但没吃过猪肉,还是见过猪跑的,有点关系就能找到出路。经常听说:先注册设备时,内核会将设备信息挂到设备链上,然后等待命中注定的有缘的设备驱动mm or gg。so,我们可以猜想:应该是设备注册的时候,内核将设备信息挂到上面去的,按照这个猜想,我们应该先从设备注册入手,但是这么多函数到底朝哪个方向努力呀?所以,先从传递的参数入手,查看下,等走不通了在去从设备注册入手,起码有了努力的方向了。
调用probe函数的是:static int really_probe(struct device *dev, struct device_driver*drv),里面有调用ret = dev->bus->probe(dev)和ret =drv->probe(dev)。函数如下:
static int really_probe(struct device *dev, struct device_driver *drv)
{
intret = 0;
......
if (dev->bus->probe) {
ret = dev->bus->probe(dev);
if (ret)
goto probe_failed;
} else if (drv->probe) {
ret = drv->probe(dev);
if (ret)
goto probe_failed;
}
......
returnret;
}
这里的参数dev是上一个函数传递进来的,上一个函数为:int driver_probe_device(struct device_driver *drv, struct device*dev)
int driver_probe_device(structdevice_driver *drv, struct device *dev)
{
intret = 0;
......
ret = really_probe(dev, drv);
......
returnret;
}
这里的dev又是上一个函数传递进来的,上一个函数为:static int __driver_attach(struct device *dev, void *data)
static int __driver_attach(struct device *dev, void *data)
{
structdevice_driver *drv = data;
......
device_lock(dev);
if(!dev->driver)
driver_probe_device(drv, dev);
device_unlock(dev);
......
return0;
}
这里的dev又是上一个函数传递进来的,调用__driver_attach的函数为:int driver_attach(struct device_driver *drv),但本函数没有给__driver_attach传递参数。
int driver_attach(struct device_driver *drv)
{
returnbus_for_each_dev(drv->bus, NULL, drv,__driver_attach);
}
这里面调用了__driver_attach,对应error =fn(dev, data)。第一个参数dev为while ((dev = next_device(&i)) && !error)产生。即dev有i间接产生。
int bus_for_each_dev(struct bus_type *bus, struct device *start,
void *data, int (*fn)(struct device *,void *))
{
structklist_iter i;
structdevice *dev;
interror = 0;
....
klist_iter_init_node(&bus->p->klist_devices, &i,
(start ? &start->p->knode_bus :NULL));
while ((dev = next_device(&i)) && !error)
error = fn(dev, data);
klist_iter_exit(&i);
returnerror;
}
之所以是next_device(&i),因为第一个节点为头节点,需要从下一个开始,先看看klist_iter_init_node(&bus->p->klist_devices, &i, (start ? &start->p->knode_bus : NULL))对i干了什么?因为start为NULL,故传递的第三个参数n为NULL。
void klist_iter_init_node(struct klist *k,struct klist_iter *i,
struct klist_node *n)
{
i->i_klist= k;
i->i_cur= n;
if(n)
kref_get(&n->n_ref);
}
看来ta没干什么,就是赋了两个值。然后再看最重要的next_device(&i)
static struct device *next_device(struct klist_iter *i)
{
structklist_node *n = klist_next(i);
structdevice *dev = NULL;
structdevice_private *p;
if(n) {
p = to_device_private_parent(n);
dev = p->device;
}
returndev;
}
#define to_device_private_parent(obj) \
container_of(obj,struct device_private, knode_parent)
看到dev由p->device赋值,p为struct device_private,n = i->i_cur为structklist_node 型(后面分析)。为了看懂这个函数,需要补充N多知识,先上几个struct:
struct klist_iter {
structklist *i_klist;
structklist_node *i_cur;
};
struct klist {
spinlock_t k_lock;
structlist_head k_list;
void (*get)(struct klist_node *);
void (*put)(struct klist_node *);
} __attribute__ ((aligned (sizeof(void*))));
struct klist_node {
void *n_klist; /* never access directly */
structlist_head n_node;
structkref n_ref;
};
struct kref {
atomic_trefcount;
};
其中的klist_iter_init_node(&bus->p->klist_devices, &i,(start ?&start->p->knode_bus : NULL))作用是定义个klist_iter指向此klist,以便以后直接使用,如图:
再把关键的函数拷到此处,以遍分析:
while ((dev = next_device(&i)) && !error)
error = fn(dev, data);
static struct device *next_device(struct klist_iter *i)
{
structklist_node *n = klist_next(i);
structdevice *dev = NULL;
structdevice_private *p;
if(n) {
p = to_device_private_parent(n);
dev = p->device;
}
returndev;
}
/**
*klist_next - Ante up next node in list.
*@i: Iterator structure.
*
*First grab list lock. Decrement the reference count of the previous
*node, if there was one. Grab the next node, increment its reference
*count, drop the lock, and return that next node.
*/
struct klist_node *klist_next(struct klist_iter *i)
{
void(*put)(struct klist_node *) = i->i_klist->put;
structklist_node *last = i->i_cur;//NULL
structklist_node *next;
spin_lock(&i->i_klist->k_lock);
if(last) {
next= to_klist_node(last->n_node.next);
if(!klist_dec_and_del(last))
put= NULL;
}else
next= to_klist_node(i->i_klist->k_list.next);
i->i_cur= NULL;
while(next != to_klist_node(&i->i_klist->k_list)){
if(likely(!knode_dead(next))) {
kref_get(&next->n_ref);
i->i_cur = next;
break;
}
next= to_klist_node(next->n_node.next);
}
spin_unlock(&i->i_klist->k_lock);
if(put && last)
put(last);
returni->i_cur;
}
这里last =i->i_cur;为NULL,然后执行next = to_klist_node(i->i_klist->k_list.next);从这个函数来看,就是取出了包含i->i_klist->k_list.next的n_node指针。不过next所指的和n_node地址偏差一个head指针(list_head包括head和next俩指针)。while循环是从第一个目标to_klist_node(i->i_klist->k_list.next)循环,当再次循环到头节点to_klist_node(&i->i_klist->k_list)时截止(这是个循环链表,总会再次循环回来的)。还一个结束的条件,当循环到knode_dead(next)为真时break,不过,likely说明了next通常不会是dead的,(struct klist_node的第一个成员最后一位做标志dead位,网上还说有指针的作用,我觉得好像做了标志位了就不能做指向头节点的指针了,不过void *n_klist名字起得确实很有迷惑性)。
static struct klist_node*to_klist_node(struct list_head *n)
{
returncontainer_of(n, struct klist_node, n_node);
}
还一个i的来源,ta是一切的来源。在klist_iter_init_node(&bus->p->klist_devices,&i, (start ? &start->p->knode_bus :NULL))中, i->i_klist = &bus->p->klist_devices;i->i_cur = NULL;
Klist_iter找到合适的即停止搜索,找到此处的device_private的device,此结构即为传入probe函数的参数。device源于i(i只是暂时用于查找定义的一个临时变量),而i源于bus,bus源于drv->bus,drv源于sdrv->driver,sdrv即为mx25lx_driver,不过mx25lx_driver->driver中的bus,只给赋了一个值,而在后来调用标准的spi函数时,又重新对bus赋了值spi_bus_type,spi_bus_type是spi.c中的struct bus_type定义的全局变量。
linux中probe函数传递参数的寻找(下)
通过追寻driver的脚步,我们有了努力的方向:只有找到spi_bus_type的填充device即可,下面该从device去打通,当两个连通之日,也是任督二脉打通之时。先从设备定义去查看,在mach-smdk6410.c中定义了硬件设备信息,从这作为突破口。
/* for mx25lx*/
static void cs_set_level(unsigned line_id, int lvl) {
gpio_direction_output(line_id, lvl);
};
static struct s3c64xx_spi_csinfos3c64xx_spi1_csinfo = {
.fb_delay=0x3,
.line=S3C64XX_GPC(7),
.set_level=cs_set_level,
};
static int mx25lx_ioSetup(struct spi_device*spi)
{
printk(KERN_INFO"mx25lx: setup gpio pins CS and External Int\n");
s3c_gpio_setpull(S3C64XX_GPL(8),S3C_GPIO_PULL_UP); //External interrupt from CAN controller
s3c_gpio_cfgpin(S3C64XX_GPL(8),S3C_GPIO_SFN(3)); //External interrupt from CAN controller (hopefully external interrupt)
//s3c_gpio_cfgpin(S3C64XX_GPL(8),S3C_GPIO_INPUT); //External interrupt from CAN controller
s3c_gpio_setpull(S3C64XX_GPC(7),S3C_GPIO_PULL_NONE); // Manual chipselect pin as used in 6410_set_cs
s3c_gpio_cfgpin(S3C64XX_GPC(7),S3C_GPIO_OUTPUT); // Manualchip select pin as used in 6410_set_cs
return0;
}
static struct mx25lx_platform_datamx25lx_info =
{
.oscillator_frequency= 8000000,
.board_specific_setup= mx25lx_ioSetup,
.transceiver_enable= NULL,
.power_enable= NULL,
};
static struct spi_board_info __initdataforlinx6410_mc251x_info[] =
{
{
.modalias= "mcp2515",
.platform_data = &mx25lx_info,
.irq= IRQ_EINT(16),
.max_speed_hz= 10*1000*1000,
.bus_num= 1,
.chip_select= 0,
.mode= SPI_MODE_0,
.controller_data=&s3c64xx_spi1_csinfo,
},
};
struct platform_device s3c64xx_device_spi0= {
.name = "s3c64xx-spi",
.id = 0,
.num_resources =ARRAY_SIZE(s3c64xx_spi0_resource),
.resource =s3c64xx_spi0_resource,
.dev= {
.dma_mask = &spi_dmamask,
.coherent_dma_mask = DMA_BIT_MASK(32),
.platform_data= &s3c64xx_spi0_pdata,
},
};
static struct platform_device*smdk6410_devices[] __initdata =
{
……
/*addby fatfish*/
&s3c64xx_device_spi0,
&s3c64xx_device_spi1,
};
其中platform_device定义为:
struct platform_device {
constchar * name;
int id;
structdevice dev;
u32 num_resources;
structresource * resource;
conststruct platform_device_id *id_entry;
/*MFD cell pointer */
structmfd_cell *mfd_cell;
/*arch specific additions */
structpdev_archdata archdata;
};
初始化函数如下:
static void __initsmdk6410_machine_init(void)
{
……
s3c64xx_spi_set_info(0,0,1);
s3c64xx_spi_set_info(1,0,1);
spi_register_board_info(forlinx6410_mc251x_info,ARRAY_SIZE(forlinx6410_mc251x_info));
……
}
其中的注册板信息的函数如下,后项参数为1,其中board_list为spi.c中定义的全局变量,即:static LIST_HEAD(board_list);。
int __init
spi_register_board_info(structspi_board_info const *info, unsigned n)
{
structboardinfo *bi;
inti;
bi= kzalloc(n * sizeof(*bi), GFP_KERNEL);
if(!bi)
return-ENOMEM;
for(i = 0; i < n; i++, bi++, info++) {
structspi_master *master;
memcpy(&bi->board_info,info, sizeof(*info));
mutex_lock(&board_lock);
list_add_tail(&bi->list,&board_list);
list_for_each_entry(master,&spi_master_list, list)
spi_match_master_to_boardinfo(master,&bi->board_info);
mutex_unlock(&board_lock);
}
return0;
}
其中结果成员如下:
先加锁,然后将board_list加入链接中,在遍历设备,最关键的函数是:
static voidspi_match_master_to_boardinfo(struct spi_master *master,
structspi_board_info *bi)
{
structspi_device *dev;
if(master->bus_num != bi->bus_num)
return;
dev= spi_new_device(master, bi);
if(!dev)
dev_err(master->dev.parent,"can't create new device for %s\n",
bi->modalias);
}
spi_new_device作用是实例化一个新设备,定义如下:
struct spi_device *spi_new_device(structspi_master *master,
struct spi_board_info *chip)
{
structspi_device *proxy;
int status;
proxy= spi_alloc_device(master);
if(!proxy)
returnNULL;
……
strlcpy(proxy->modalias,chip->modalias, sizeof(proxy->modalias));
proxy->dev.platform_data = (void *)chip->platform_data;
proxy->controller_data= chip->controller_data;
proxy->controller_state= NULL;
status= spi_add_device(proxy);
if(status < 0) {
spi_dev_put(proxy);
returnNULL;
}
returnproxy;
}
拷贝了platform_data,即mx25lx_info。其中的spi_alloc_device函数定义如下:
struct spi_device *spi_alloc_device(structspi_master *master)
{
structspi_device *spi;
structdevice *dev =master->dev.parent;
if(!spi_master_get(master))
returnNULL;
spi= kzalloc(sizeof *spi, GFP_KERNEL);
if(!spi) {
dev_err(dev,"cannot alloc spi_device\n");
spi_master_put(master);
returnNULL;
}
spi->master= master;
spi->dev.parent= dev;
spi->dev.bus= &spi_bus_type;
spi->dev.release= spidev_release;
device_initialize(&spi->dev);
returnspi;
}
在这个定义中将spi_bus_type和dev联系起来,不过此时还没有我们定义的设备信息,设备信息在接下来的赋值中完成。
最后是spi_add_device,将设备信息提交。
int spi_add_device(struct spi_device *spi)
{
staticDEFINE_MUTEX(spi_add_lock);
structdevice *dev = spi->master->dev.parent;
structdevice *d;
intstatus;
……
mutex_lock(&spi_add_lock);
d= bus_find_device_by_name(&spi_bus_type, NULL, dev_name(&spi->dev));
……
status= spi_setup(spi);
if(status < 0) {
dev_err(dev,"can't setup %s, status %d\n",
dev_name(&spi->dev),status);
gotodone;
}
……
done:
mutex_unlock(&spi_add_lock);
returnstatus;
}
最终完成将spi_bus_type与定义的device信息联系起来。由于本人才疏学浅,不正确的地方,恳求大牛指正,在此表示感谢!