--
All posts must follow the Fuchsia Code of Conduct https://fuchsia.dev/fuchsia-src/CODE_OF_CONDUCT or may be removed.
---
You received this message because you are subscribed to the Google Groups "component-framework-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to component-framewo...@fuchsia.dev.
To view this discussion on the web visit https://groups.google.com/a/fuchsia.dev/d/msgid/component-framework-dev/CAFFy6-DAvgfQivub9JJje_rC3awJsOzVF1z9n1afee1aNv-kYg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/fuchsia.dev/d/msgid/component-framework-dev/CACr%3D8_OwnG2jfAA0ZHK2LV5gMtL6A9czToanSmYpumQQkdVWfA%40mail.gmail.com.
I've had a lot of ideas here and written about them before, but I'll try to summarize them here:
- Policy for who should have access to a driver should not live in the driver.
- The agent which is usually best suited for making informed policy decisions is something with access to information about all related devices.
- There are typically aggregation components that already exist for many stacks which nicely serve as a point of mediation. It would be nice if we can ensure only they have access to the device.
- Examples include:
- fshost for block devices
- netstack / network-manager for network devices
- bt-host / bt-gap for bluetooth devices (a bit complicated because bt-host is a driver currently)
- modem-manager? for telephony devices (the documentation doesn't match existing implementation, but I believe the design
- One way to achieve this is to have non-driver components "bind" to devices by supplying bind programs to the driver runtime.
- Bind programs themselves will have some notion of priority, but typically are sufficient by themselves to implement policy (but maybe are for simpler device stacks?)
- The problem is that if we subvert filesystem based discovery in favor of bind programs, how does that map to capabilities? The ability to specify your bind program is overly permissive.
+Ruchira Ravoori has taken up the duty of understanding this problem and driving a solution from the DF side.
To view this discussion on the web visit https://groups.google.com/a/fuchsia.dev/d/msgid/component-framework-dev/CAKcBG%3DRMoJhcbcv%2BtTu8%2BMjOGFx8AxdypxBshBEJ60uiOZfL7g%40mail.gmail.com.
I was thinking about this today (from another context: system assembly).And how some systems ('nix flavors) use the ambient authority and global file system namespace route to find/open devices, and the ways that we've decided to go in a different direction, has led us without a couple features:
- device enumeration- device driver "registration"I think the abstraction that best fits our platform may be a provider / registrar. Which I think is the abstraction type that Suraj was suggesting with fshost, netstack, etc.
From a system- and product-assembly point of view, at one level, I can brute-force through the issue by just producing a product-specific topology and using that in bootfs/blobfs instead of the current `core.cml` and `boot.cml`. But I don't think that really scales past a static, single-purpose product. For more dynamic products, where the devices and topology are less known in advance, I've been thinking we need some composable registrar / provider interface. Models like dependency injection and class-path searches come to mind. But we have a framework gap where we don't want the platform to be scanning through pkgfs to see if any matching packages are on the local system, but not framework or way to ask pkgfs a question like "tell me all the block device drivers" that would take the place of a platform component talking directly to pkgfs.
+Dan Johnson, +Erick Tryzelaar - Maybe we should think about this aspect of packages and package metadata, and a framework for exposing enumerable results?
On Wed, Feb 17, 2021 at 11:05 AM 'Ruchira Ravoori' via component-framework-dev <component-f...@fuchsia.dev> wrote:Hey Hunter,No worries! I was reading about the session framework migration plan to get parallels between elements and drivers too. A boundary working group sounds great. It will be helpful to bump ideas across each other. I can brief you about composite devices.I am still investigating exclusivity/concurrency, there are 2 issues, as I see here.1. When drivers bind to services(banjo protocol today) that another driver exposes (this is how the driver stack gets built). When there is a driver sitting on top of the driver, any services that the driver exposes, should not affect the drivers on top.
On Wed, Feb 17, 2021 at 2:38 PM Aaron Wood <aaro...@google.com> wrote:I was thinking about this today (from another context: system assembly).And how some systems ('nix flavors) use the ambient authority and global file system namespace route to find/open devices, and the ways that we've decided to go in a different direction, has led us without a couple features:
- device enumeration- device driver "registration"I think the abstraction that best fits our platform may be a provider / registrar. Which I think is the abstraction type that Suraj was suggesting with fshost, netstack, etc.The pattern that's been in my head is: the driver component is offered a protocol like "fuchsia.drivers.BlockRegistrar". The driver calls "BlockRegistrar/RegisterBlockDevice(...)" and passes a channel that the BlockRegistrar uses to control the Driver. Since the Driver is the one calling "Register", it can know that it only has one client per device, by construction. (Whether the BlockRegistrar would pass this channel onto another component, or actually proxy requests, I dunno.)
Not sure if that's a good model or not, but as a consequence of CF's design decision that parents can't use capabilities their children expose, capabilities tend to get routed "down" the tree, and calls tend to go "up", so it kinda aligns with that.
From a system- and product-assembly point of view, at one level, I can brute-force through the issue by just producing a product-specific topology and using that in bootfs/blobfs instead of the current `core.cml` and `boot.cml`. But I don't think that really scales past a static, single-purpose product. For more dynamic products, where the devices and topology are less known in advance, I've been thinking we need some composable registrar / provider interface. Models like dependency injection and class-path searches come to mind. But we have a framework gap where we don't want the platform to be scanning through pkgfs to see if any matching packages are on the local system, but not framework or way to ask pkgfs a question like "tell me all the block device drivers" that would take the place of a platform component talking directly to pkgfs.Can you elaborate on what you mean by "tell me all the block device drivers"? Do you mean, like, all the components that contain driver SOs that expose block interfaces? Or like, all the block devices on the system? There's a connection here I'm not seeing.
+Dan Johnson, +Erick Tryzelaar - Maybe we should think about this aspect of packages and package metadata, and a framework for exposing enumerable results?I'm sure I don't understand the full implications of what you're suggesting, and maybe this is a naive question, but: does there really need to be framework support for enumerating devices? Couldn't every type of Registrar (Block, Network, etc) have its own protocol for its particular use case?
Drivers registering themselves with some entity implementing a particular protocol seems backwards to me. Drivers already have a way to describe what they have enumerated and what services they offer, via device properties. Needing to duplicate that information depending on whether the service it offers needs to get routed to something other than a driver seems not optimal.
Also, fwiw, rather than come up with hypothetical situations, I think it may be more useful to work through specific use cases we plan to support one day. A few examples (these may not be good group showing all edges worth considering):We don't currently just start drivers just because drivers exist on the system. We enumerate all drivers known at system assembly time, query them to find out under what conditions they should be loaded, and then only load them under those conditions. This system is known as driver binding. Although we've not really tried to tackle the problem of drivers known at system assembly time in earnest (ephemeral/universe drivers), I strongly suspect our binding system will hold up quite well for them.
- How the FVM gets mounted
- How a webUSB use case may work when there is a driver already bound to the device (it's identified as a HID device which has a generic driver, but there are capabilities not exposed by the driver which the website wants to make use of).
- How wlan devices are enumerated
- How a vendor proprietary technology might get exposed to the rest of the system without the OS standing in the way
- The ability to program a keyboard to emit specific RGB lights based application loaded
- A special camera ability some camera app might be able to make use of
- How a manufacturing tool may calibrate hw while the rest of the system is using it
insmod and modprobe equivalents are really necessary given our architecture.
From the driver framework side, we have a mechanism planned for registering a driver with the framework.
Figuring out who calls that and how is another matter, but providing a register mechanism is enough to be at parity with linux.
P.S. It looks like everyone else has you covered, so I'm keeping quiet. I'm not ignoring you, I promise. :)On Thu, 18 Feb 2021 at 16:42, Suraj Malhotra <surajm...@google.com> wrote:Makes sense. We seem to be okay with an out of band mechanism for now for out of tree workflows (developer invokes registration via shell tool/ffx), but I'm sure the ux can improve with better tools at our disposal, along the lines you're driving at.On Wed, Feb 17, 2021, 9:06 PM Aaron Wood <aaro...@google.com> wrote:On Wed, Feb 17, 2021 at 8:49 PM Suraj Malhotra <surajm...@google.com> wrote:From the driver framework side, we have a mechanism planned for registering a driver with the framework.::nods::Figuring out who calls that and how is another matter, but providing a register mechanism is enough to be at parity with linux.That's the bit that I'm trying to get further into (especially since I've been deep into system/product assembly and seeing how we're piecing this together, and trying to think of how to make it work out of tree, and especially for dev workflows where while it's possible to just reassemble the topology and ota the device, it would be nice to just ephemerally install a package with a driver, and then have it become visible. So I'm trying to talk about ways we might be able to do that.On Wed, Feb 17, 2021, 8:40 PM Aaron Wood <aaro...@google.com> wrote:On Wed, Feb 17, 2021 at 7:06 PM Suraj Malhotra <surajm...@google.com> wrote:Drivers registering themselves with some entity implementing a particular protocol seems backwards to me. Drivers already have a way to describe what they have enumerated and what services they offer, via device properties. Needing to duplicate that information depending on whether the service it offers needs to get routed to something other than a driver seems not optimal.
Also, fwiw, rather than come up with hypothetical situations, I think it may be more useful to work through specific use cases we plan to support one day. A few examples (these may not be good group showing all edges worth considering):We don't currently just start drivers just because drivers exist on the system. We enumerate all drivers known at system assembly time, query them to find out under what conditions they should be loaded, and then only load them under those conditions. This system is known as driver binding. Although we've not really tried to tackle the problem of drivers known at system assembly time in earnest (ephemeral/universe drivers), I strongly suspect our binding system will hold up quite well for them.
- How the FVM gets mounted
- How a webUSB use case may work when there is a driver already bound to the device (it's identified as a HID device which has a generic driver, but there are capabilities not exposed by the driver which the website wants to make use of).
- How wlan devices are enumerated
- How a vendor proprietary technology might get exposed to the rest of the system without the OS standing in the way
- The ability to program a keyboard to emit specific RGB lights based application loaded
- A special camera ability some camera app might be able to make use of
- How a manufacturing tool may calibrate hw while the rest of the system is using it
These conversations are great! At the risk of making the conversation even longer here are some of my thoughts:- +Alice Neels -- Any of the solutions here that move driver discovery away from /devfs/ will fix the E2E input problem of adding a test input driver.- The problem today of writing a test driver for an E2E test is there's no well-defined way to "inject" that driver into the test component namespace so that it shows up at /dev/class/XXX. This would be solved if there's a FIDL Register function or if CF does the driver service routing.- I would be really happy with a Drivers + CF working group and/or meetings. I always have questions about how things happen on the CF side and I think this could be helpful.
To view this discussion on the web visit https://groups.google.com/a/fuchsia.dev/d/msgid/component-framework-dev/CAJzXWr5hiG%3D1V1brac7CDfWw%3DjMW-ZGd_WZu%3DUfOVkwgMJ5%2BPA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/fuchsia.dev/d/msgid/component-framework-dev/CAK1yh2mYEi1XbUq8%2Bw%3DRR8Sh1AxxyrjFxDxf46LVF-sBMDJsbA%40mail.gmail.com.