All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bastien Nocera <hadess@hadess.net>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-usb@vger.kernel.org, Alan Stern <stern@rowland.harvard.edu>,
	Benjamin Tissoires <benjamin.tissoires@redhat.com>,
	Peter Hutterer <peter.hutterer@who-t.net>
Subject: Re: [RFC v1] USB: core: add USBDEVFS_REVOKE ioctl
Date: Mon, 25 Apr 2022 16:28:40 +0200	[thread overview]
Message-ID: <e73035d1bae5d0c355166fb46f0f5f2f07752b3c.camel@hadess.net> (raw)
In-Reply-To: <YmarwaNQYn1GwFbQ@kroah.com>

On Mon, 2022-04-25 at 16:10 +0200, Greg Kroah-Hartman wrote:
> On Mon, Apr 25, 2022 at 03:23:15PM +0200, Bastien Nocera wrote:
> > There is a need for userspace applications to open USB devices
> > directly,
> > for all the USB devices without a kernel-level class driver, and
> > implemented in user-space.
> > 
> > End-user access is usually handled by the uaccess tag in systemd,
> > shipping application-specific udev rules that implement this
> > without too
> > much care for sandboxed applications, or overall security, or just
> > sudo.
> > 
> > A better approach is what we already have for evdev devices: give
> > the
> > application a file descriptor and revoke it when it may no longer
> > access
> > that device.
> 
> Who is going to use this "better" approach?  Is there support in
> libusb
> for it?  Who talks raw usbfs other than libusb these days?

Did you read the follow-up mail with the links to example code for the
hid revoke support?

> 
> > 
> > This patch is the USB equivalent to the EVIOCREVOKE ioctl, see
> > commit c7dc65737c9a607d3e6f8478659876074ad129b8 for full details.
> 
> c7dc65737c9a ("Input: evdev - add EVIOCREVOKE ioctl") is how I
> thought
> we were supposed to write out commits in changelogs these days :)
> 
> > 
> > Note that this variant needs to do a few things that the evdev
> > revoke
> > doesn't need to handle, particular:
> > - cancelling pending async transfers
> > - making sure to release claimed interfaces on revoke so they can
> > be
> >   opened by another process/user, as USB interfaces require being
> >   exclusively claimed to be used.
> 
> I love the idea of a real revoke() someday, but can't you just do the
> "unbind/bind" hack instead if you really want to do this?  Who wants
> to
> pass usbfs file descriptors around these days?

Again, please read the follow-up mail where I talk of the BPF support
patch that would allow revoking USB fds without relying on a service in
the middle to access devices (although that's eventually going to be
the way to do things to allow elevating access to devices).

Cheers

  reply	other threads:[~2022-04-25 14:28 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-25 13:23 [RFC v1] USB: core: add USBDEVFS_REVOKE ioctl Bastien Nocera
2022-04-25 13:28 ` Bastien Nocera
2022-04-25 13:49 ` Oliver Neukum
2022-04-25 14:25   ` Bastien Nocera
2022-04-25 14:45   ` Bastien Nocera
2022-04-25 14:10 ` Greg Kroah-Hartman
2022-04-25 14:28   ` Bastien Nocera [this message]
2022-04-25 15:00     ` Greg Kroah-Hartman
2022-04-25 15:17       ` Bastien Nocera
2022-04-25 15:45         ` Greg Kroah-Hartman
2022-04-26  2:27           ` Peter Hutterer
2022-04-26  7:14             ` Oliver Neukum
2022-04-26  7:21               ` Greg Kroah-Hartman
2022-04-26  8:46                 ` Oliver Neukum
2022-04-26 10:07                   ` Bastien Nocera
2022-04-26 10:30                     ` Greg Kroah-Hartman
2022-04-26 10:37                       ` Bastien Nocera
2022-04-26 11:10                         ` Greg Kroah-Hartman
2022-04-28 10:28                         ` Oliver Neukum
2022-04-28 11:21                           ` Bastien Nocera
2022-04-26 10:07             ` Bastien Nocera
2022-04-26 10:07           ` Bastien Nocera
2022-04-25 16:14         ` Alan Stern
2022-04-25 17:09           ` Benjamin Tissoires

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e73035d1bae5d0c355166fb46f0f5f2f07752b3c.camel@hadess.net \
    --to=hadess@hadess.net \
    --cc=benjamin.tissoires@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=peter.hutterer@who-t.net \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.