On Mon, Jul 26, 2021 at 6:40 AM Mika Westerberg
<mika.westerberg@xxxxxxxxxxxxxxx> wrote:
>
> Hi Rajat,
>
> On Fri, Jul 23, 2021 at 05:41:58PM -0700, Rajat Jain wrote:
> > (fixing the typo in the email ID for Greg).
> >
> > On Fri, Jul 23, 2021 at 5:40 PM Rajat Jain <rajatja@xxxxxxxxxx> wrote:
> > >
> > > For security, we would like to monitor and track when the thunderbolt
> > > devices are authorized and deauthorized (i.e. when the thunderbolt sysfs
> > > "authorized" attribute changes). Currently the userspace gets a udev
> > > change notification when there is a change, but the state may have
> > > changed (again) by the time we look at the authorized attribute in
> > > sysfs. So an authorization event may go unnoticed. Thus make it easier
> > > by informing the actual change (new value of authorized attribute) in
> > > the udev change notification.
> > >
> > > The change is included as a key value "authorized=<val>" where <val>
> > > is the new value of sysfs attribute "authorized", and is described at
> > > Documentation/ABI/testing/sysfs-bus-thunderbolt under
> > > /sys/bus/thunderbolt/devices/.../authorized
>
> Looking good, a couple of minor nits below.
>
> > >
> > > Signed-off-by: Rajat Jain <rajatja@xxxxxxxxxx>
> > > ---
> > > drivers/thunderbolt/switch.c | 8 ++++++--
> > > 1 file changed, 6 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
> > > index 83b1ef3d5d03..382128dfbdee 100644
> > > --- a/drivers/thunderbolt/switch.c
> > > +++ b/drivers/thunderbolt/switch.c
> > > @@ -1499,6 +1499,7 @@ static ssize_t authorized_show(struct device *dev,
> > > static int disapprove_switch(struct device *dev, void *not_used)
> > > {
> > > struct tb_switch *sw;
> > > + char *envp[] = { "AUTHORIZED=0", NULL };
>
> Can you move arrange this to be before sw, like:
Done.
>
> char *envp[] = { "AUTHORIZED=0", NULL };
> struct tb_switch *sw;
>
> > >
> > > sw = tb_to_switch(dev);
> > > if (sw && sw->authorized) {
> > > @@ -1514,7 +1515,7 @@ static int disapprove_switch(struct device *dev, void *not_used)
> > > return ret;
> > >
> > > sw->authorized = 0;
> > > - kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);
> > > + kobject_uevent_env(&sw->dev.kobj, KOBJ_CHANGE, envp);
> > > }
> > >
> > > return 0;
> > > @@ -1523,6 +1524,8 @@ static int disapprove_switch(struct device *dev, void *not_used)
> > > static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val)
> > > {
> > > int ret = -EINVAL;
> > > + char envp_string[13];
> > > + char *envp[] = { envp_string, NULL };
>
> Ditto.
Done. I still needed to define envp_string before envp (because it is
used in initialization).
I sent out a v3 with these changes.
Thanks,
Rajat
>
> > >
> > > if (!mutex_trylock(&sw->tb->lock))
> > > return restart_syscall();
> > > @@ -1560,7 +1563,8 @@ static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val)
> > > if (!ret) {
> > > sw->authorized = val;
> > > /* Notify status change to the userspace */
> > > - kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);
> > > + sprintf(envp_string, "AUTHORIZED=%u", sw->authorized);
> > > + kobject_uevent_env(&sw->dev.kobj, KOBJ_CHANGE, envp);
> > > }
> > >
> > > unlock:
> > > --
> > > 2.32.0.432.gabb21c7263-goog
> > >
