From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Darren Hart <dvhart@infradead.org>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Mario Limonciello" <mario_limonciello@dell.com>,
"Pali Rohár" <pali.rohar@gmail.com>,
"Andy Shevchenko" <andriy.shevchenko@linux.intel.com>,
"Rafael Wysocki" <rjw@rjwysocki.net>,
"Andy Lutomirski" <luto@amacapital.net>,
LKML <linux-kernel@vger.kernel.org>,
platform-driver-x86@vger.kernel.org
Subject: Re: WMI and Kernel:User interface
Date: Fri, 9 Jun 2017 08:41:51 +0200 [thread overview]
Message-ID: <20170609064151.GC17685@kroah.com> (raw)
In-Reply-To: <20170603195058.GH4854@fury>
On Sat, Jun 03, 2017 at 12:50:58PM -0700, Darren Hart wrote:
> On Wed, May 10, 2017 at 07:13:41AM +0200, Greg Kroah-Hartman wrote:
> > On Tue, May 09, 2017 at 04:16:39PM -0700, Darren Hart wrote:
> > > Linus and Greg,
> > >
> > > We are in the process of redesigning the Windows Management Instrumentation
> > > (WMI) [1] system in the kernel. WMI is the Microsoft implementation of Web-Based
> > > Enterprise Management (WBEM). We are looking to provide WMI access to userspace,
> > > while allowing the kernel to filter requests that conflict with its own usage.
> > > We'd like your take on how this approach relates to our commitment to not break
> > > userspace.
> > >
> > > For this discussion, we are specifically referring to ACPI PNP0C14 WMI
> > > devices, consisting of a GUID and a set of methods and events, as well as a
> > > precompiled intermediate description of the methods and arguments (MOF). Exposed
> > > to userspace, these methods provide for BIOS interaction and are used for system
> > > management as well as LEDs, hot keys, radio switches, etc. There is vendor
> > > interest in achieving feature parity with Windows by exposing WMI methods to
> > > userspace for system management.
> > >
> > > While it appears WMI intended to be accessed from userspace, we have
> > > made use of it in the kernel to support various laptop features by connecting
> > > the WMI methods to other subsystems, notably input, leds, and rfkill [2]. The
> > > challenge is continuing to use WMI for these platform features, while allowing
> > > userspace to use it for system management tasks. Unfortunately, the WMI methods
> > > are not guaranteed to be split up along granular functional lines, and we will
> > > certainly face situations where the same GUID::METHOD_ID will be needed for a
> > > kernel feature (say LED support) as well as a system management task.
> > >
> > > To address this, I have proposed [3] that exporting WMI be opt-in, only done at
> > > the request of and in collaboration with a vendor, with the kernel platform
> > > driver given the opportunity to filter requests. This filtering would need to be
> > > at the method and argument inspection level, such as checking for specific bits
> > > in the input buffer, and rejecting the request if they conflict with an in
> > > kernel usage (that's worst case, in some cases just GUID or method ID could be
> > > sufficient).
> > >
> > > Because the kernel and the platform drivers are under continual development, and
> > > new systems appear regularly, we will encounter necessary changes to the
> > > platform driver WMI request filters. These changes could be considered a change
> > > to the kernel provided WMI interface to userspace. For example, we could
> > > regularly accept a call to $GUID::$METHOD_ID with bit 4 of the buffer set, and
> > > later deny the call when we determine it interferes with kernel usage.
> > >
> > > In your view, is it acceptable to provide a chardev interface, for example,
> > > exposing WMI methods to userspace, with the understanding that the kernel may
> > > choose to filter certain requests which conflict with its own use? And that this
> > > filtering may change as new features are added to the platform drivers?
> >
> > So, for example, if a new driver for a "brightness key" were added to
> > the kernel, all of a sudden the "raw" access to the wmi data through the
> > chardev would filtered away by the kernel and not seen by userspace?
> >
> > Why would you want to do that? What's wrong with providing "raw" access
> > through a chardev, and the current in-kernel access as well at the same
> > time?
> >
> > I don't really understand what would "break" over time here.
> >
>
> Just a bump now that we're out of the merge window in case either Greg or Linus
> care to follow up with the responses to this.
>
> To Greg's last point - any kernel state that is built up in conjunction with the
> WMI interface could be invalidated by a userspace application. It may or may not
> be recoverable, depending on the WMI implementation. This would be true for
> multiple WMI userspace applications as well, and I suppose the question is, do
> we defend the kernel drivers against this, or do we consider the kernel drivers
> on equal footing with WMI applications, and say "don't do that then" when some
> combination of apps and drivers don't play well together?
In the end, this shouldn't really matter, as long as nothing breaks as
far as a user notices. And that's the key here, apis can change, but if
you do it in a way that breaks something, or anyone notices, then it's
not ok.
So I don't have a solid answer other than "good luck!" :)
greg k-h
next prev parent reply other threads:[~2017-06-09 6:42 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 23:16 WMI and Kernel:User interface Darren Hart
2017-05-10 5:13 ` Greg Kroah-Hartman
2017-05-10 6:11 ` Darren Hart
2017-05-10 22:02 ` Mario.Limonciello
2017-05-10 22:11 ` Darren Hart
2017-05-10 22:50 ` Andy Lutomirski
2017-05-10 23:23 ` Darren Hart
2017-05-10 23:27 ` Darren Hart
2017-06-03 19:50 ` Darren Hart
2017-06-09 6:41 ` Greg Kroah-Hartman [this message]
2017-06-10 0:46 ` Darren Hart
2017-06-10 10:36 ` Pali Rohár
2017-06-12 17:02 ` Darren Hart
2017-06-12 22:17 ` Pali Rohár
2017-06-13 1:24 ` Darren Hart
2017-06-13 7:05 ` Christoph Hellwig
2017-06-13 12:07 ` Pali Rohár
2017-06-13 15:44 ` Darren Hart
2017-06-13 16:05 ` Greg Kroah-Hartman
2017-06-13 16:24 ` Darren Hart
2017-06-13 15:38 ` Darren Hart
2017-06-13 15:50 ` Greg Kroah-Hartman
2017-06-13 15:56 ` Andy Lutomirski
2017-06-13 16:12 ` Mario.Limonciello
2017-06-13 16:57 ` Greg KH
2017-06-13 17:43 ` Pali Rohár
2017-06-13 16:39 ` Darren Hart
2017-06-13 16:22 ` Darren Hart
2017-06-13 16:52 ` Greg Kroah-Hartman
2017-06-13 17:07 ` Darren Hart
2017-06-14 4:38 ` Greg Kroah-Hartman
2017-06-19 22:10 ` Andy Lutomirski
2017-06-20 3:37 ` Darren Hart
2017-06-20 7:29 ` Pali Rohár
2017-06-13 17:16 ` Pali Rohár
2017-06-13 17:40 ` Darren Hart
2017-06-13 18:00 ` Pali Rohár
2017-06-13 18:09 ` Darren Hart
2017-06-14 0:28 ` Bernd Petrovitsch
2017-06-13 12:51 ` Pali Rohár
2017-06-13 16:07 ` Darren Hart
2017-06-19 21:24 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170609064151.GC17685@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mario_limonciello@dell.com \
--cc=pali.rohar@gmail.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rjw@rjwysocki.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox