Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3308187pxv; Mon, 26 Jul 2021 00:41:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlTeftATILKA1DxLqzzrLXEfVtaonpZIpltakLL75O65Ofo3O1x8xhOtx3zu3BVc7hYtSK X-Received: by 2002:a05:6e02:78c:: with SMTP id q12mr12710802ils.243.1627285279095; Mon, 26 Jul 2021 00:41:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627285279; cv=none; d=google.com; s=arc-20160816; b=uJ1BRCmrPkumnRnJQHNYrTkEd4A2jHjFP2N7YXU+t8atyQwbsRzPuuWYxVqdDJSfXo +5uN16O7SIyHH3GHjhknnzFyJDLpeFpq3icGLxoWIK9rHnUdopwgRWwbagGNJ0TIkEQG ysIMYkLgO1zr5HDWXozj0m9VgQIiNeG78I98W3r0W4ETXJffFN/whKPngYXBdQGZZFWZ snejVLTyI5vVuayzbixk5dGWSfZi0qfuY8u4pe7vxXvsxk0miTBsDjH0u0ksQTmAdnAF R1zkMJid7QfG3Fm4ocYEBkic6mk8ea2CFz/F1Jwfo4y5wCsYUPjUi/pC8AEljVqSJ0g4 TJKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=umGVry36AoZ1BdzSuXQNCMcViaKn5zNwooMI7Q+BSmU=; b=BV5p324XzXQ70N7r/XQlGeTycJGls1hAZ7Jb0T/ZqRiDaLhDDItCMfJlW5lNwBWilG YAp349Er3FSbaCHL7DHNsJcWAht13QAdguVdURaQT45eK3bOIoJ/JfHjkplV4PPfz992 H5pYLWWvQQm5sa0uSi5bTe6Z8ygR9JvpP3Jpc8ssWuKSXovO2rgbcbYL1Ws+jGXQi13/ du+s8sf2fCKo6sN6rK6CZH5by13Hw4Arr+eagFeOCk74h9vxmJ6VsnFjiP+9PDqJlQbn MKbW4JcpgvYKdmbHVfsXpK0NRtezwcSSjX9ywZfrvp4TvlCjYs1zCjeYfxgIF9izlFyX NFPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=pQUu4b11; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b9si27655208jal.24.2021.07.26.00.41.07; Mon, 26 Jul 2021 00:41:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=pQUu4b11; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232716AbhGZG7F (ORCPT + 99 others); Mon, 26 Jul 2021 02:59:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:55018 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232483AbhGZG7F (ORCPT ); Mon, 26 Jul 2021 02:59:05 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2A7C1600D1; Mon, 26 Jul 2021 07:39:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627285173; bh=Lz22eR9Qxs3SEwlMtVJ4FCvrYRYfIXyQlcONvkYjjps=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pQUu4b11G3OBg8wS1deO28fSp9BLWmkNDHYnS9R0WGyD7rWPfpyFVhsaGIbIr/kM1 GTZIRLCdZ84JaO/QVQhkQv6vr2fmK4MvEm8i3XoCPaqHn+ujAFxslOkOOsJIqWCRtj fQ2KsxWPykeHJOLxqC8zFi7OpuW5mg0LPAmPFXKw= Date: Mon, 26 Jul 2021 09:39:26 +0200 From: Greg KH To: Rajat Jain Cc: Andreas Noever , Michael Jamet , Mika Westerberg , Yehezkel Bernat , "open list:ULTRA-WIDEBAND (UWB) SUBSYSTEM:" , Linux Kernel Mailing List , Rajat Jain Subject: Re: [PATCH] thunderbolt: For dev authorization changes, include the actual event in udev change notification Message-ID: References: <20210723012835.1935471-1-rajatja@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 25, 2021 at 11:46:32AM -0700, Rajat Jain wrote: > Sorry, Had hit "Reply"" while responding, instead of "Reply All" - so > it went only to Greg. Now added back everyone else. > > > On Fri, Jul 23, 2021 at 4:43 PM Rajat Jain wrote: > > > > Hello, > > > > > > On Fri, Jul 23, 2021 at 12:05 AM Greg KH wrote: > > > > > > On Thu, Jul 22, 2021 at 06:28:34PM -0700, Rajat Jain wrote: > > > > For security, we would like to monitor and track when the > > > > thunderbolt devices are authorized and deauthorized. Currently > > > > the userspace gets a udev change notification when there is a > > > > change, but the state may have changed (again) by the time we > > > > look at the authorized attribute in sysfs. So an authorization > > > > event may go unnoticed. Thus make it easier by informing the > > > > actual change (authorized/deauthorized) in the udev change > > > > notification. > > > > > > We do have 72 columns to work with... :) > > > > Sorry, fixed now. > > > > > > > > > > > > > Signed-off-by: Rajat Jain > > > > --- > > > > drivers/thunderbolt/switch.c | 8 ++++++-- > > > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c > > > > index 83b1ef3d5d03..5d3e9dcba44a 100644 > > > > --- a/drivers/thunderbolt/switch.c > > > > +++ b/drivers/thunderbolt/switch.c > > > > @@ -1499,6 +1499,7 @@ static ssize_t authorized_show(struct device *dev, > > > > static int disapprove_switch(struct device *dev, void *not_used) > > > > { > > > > struct tb_switch *sw; > > > > + char *envp[] = { "AUTHORIZED=0", NULL }; > > > > > > > > sw = tb_to_switch(dev); > > > > if (sw && sw->authorized) { > > > > @@ -1514,7 +1515,7 @@ static int disapprove_switch(struct device *dev, void *not_used) > > > > return ret; > > > > > > > > sw->authorized = 0; > > > > - kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE); > > > > + kobject_uevent_env(&sw->dev.kobj, KOBJ_CHANGE, envp); > > > > } > > > > > > > > return 0; > > > > @@ -1523,6 +1524,8 @@ static int disapprove_switch(struct device *dev, void *not_used) > > > > static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val) > > > > { > > > > int ret = -EINVAL; > > > > + char envp_string[13]; > > > > + char *envp[] = { envp_string, NULL }; > > > > > > > > if (!mutex_trylock(&sw->tb->lock)) > > > > return restart_syscall(); > > > > @@ -1560,7 +1563,8 @@ static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val) > > > > if (!ret) { > > > > sw->authorized = val; > > > > /* Notify status change to the userspace */ > > > > - kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE); > > > > + sprintf(envp_string, "AUTHORIZED=%u", val); > > > > + kobject_uevent_env(&sw->dev.kobj, KOBJ_CHANGE, envp); > > > > > > So now "val" is a userspace visable value? Is that documented anywhere > > > what it is and what are you going to do to ensure it never changes in > > > the future? > > > > > > Also this new value "field" should be documented somewhere as well, > > > otherwise how will any tool know it is there? > > > > Sorry I should have clarified and elaborated (now done in the new > > commit log). The field / value being exposed is that of the existing > > sysfs attribute "authorized" > > (/sys/bus/thunderbolt/devices/.../authorized), which is already > > documented. I made it clearer in the commit log now. I looked at other > > uses of kobject_uevent_env() and couldn't find examples of documenting > > the Udev environment in Documentation/. Perhaps a comment here showing that this is the same value as that specific sysfs attribute as well? > > > And what userspace tool will be looking for this? > > > > It will likely be a udev rule which will trigger a script when it see > > device authorization change event. Something like this: > > SUBSYSTEM=="thunderbolt", ACTION=="change", ENV{AUTHORIZED}=="1", > > RUN+="alert.sh" > > > > However, now that I say it, is it possible to check for such (kernel > > supplied) udev event environment key value pair, using > > udev_device_get_property_value()? If so, that makes it very easy for > > us, and the tool to use it would be Chromeos daemon called > > cros_healthd. It's been a long time since I last touched the udev codebase, sorry, try it out yourself and see! thanks, greg k-h