From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Borislav Petkov <bp@alien8.de>
Cc: x86@kernel.org, Bjorn Helgaas <bhelgaas@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Andreas Noever <andreas.noever@gmail.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
Michael Jamet <michael.jamet@intel.com>,
Yehezkel Bernat <YehezkelShB@gmail.com>,
"Rafael J . Wysocki" <rafael@kernel.org>,
Mika Westerberg <mika.westerberg@linux.intel.com>,
Jonathan Corbet <corbet@lwn.net>,
Jason Wang <jasowang@redhat.com>,
Dan Williams <dan.j.williams@intel.com>,
Andi Kleen <ak@linux.intel.com>,
Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org,
linux-usb@vger.kernel.org,
virtualization@lists.linux-foundation.org
Subject: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
Date: Wed, 29 Sep 2021 18:05:07 -0700 [thread overview]
Message-ID: <20210930010511.3387967-3-sathyanarayanan.kuppuswamy@linux.intel.com> (raw)
In-Reply-To: <20210930010511.3387967-1-sathyanarayanan.kuppuswamy@linux.intel.com>
While the common case for device-authorization is to skip probe of
unauthorized devices, some buses may still want to emit a message on
probe failure (Thunderbolt), or base probe failures on the
authorization status of a related device like a parent (USB). So add
an option (has_probe_authorization) in struct bus_type for the bus
driver to own probe authorization policy.
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
drivers/base/dd.c | 5 +++++
drivers/thunderbolt/domain.c | 1 +
drivers/usb/core/driver.c | 1 +
include/linux/device/bus.h | 4 ++++
4 files changed, 11 insertions(+)
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 68ea1f949daa..0cd03ac7d3b1 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -544,6 +544,11 @@ static int really_probe(struct device *dev, struct device_driver *drv)
!drv->suppress_bind_attrs;
int ret;
+ if (!dev->authorized && !dev->bus->has_probe_authorization) {
+ dev_dbg(dev, "Device is not authorized\n");
+ return -ENODEV;
+ }
+
if (defer_all_probes) {
/*
* Value of defer_all_probes can be set only by
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 3e39686eff14..6de8a366b796 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -321,6 +321,7 @@ struct bus_type tb_bus_type = {
.probe = tb_service_probe,
.remove = tb_service_remove,
.shutdown = tb_service_shutdown,
+ .has_probe_authorization = true,
};
static void tb_domain_release(struct device *dev)
diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
index fb476665f52d..f57b5a7a90ca 100644
--- a/drivers/usb/core/driver.c
+++ b/drivers/usb/core/driver.c
@@ -2028,4 +2028,5 @@ struct bus_type usb_bus_type = {
.match = usb_device_match,
.uevent = usb_uevent,
.need_parent_lock = true,
+ .has_probe_authorization = true,
};
diff --git a/include/linux/device/bus.h b/include/linux/device/bus.h
index 062777a45a74..571a2f6e7c1d 100644
--- a/include/linux/device/bus.h
+++ b/include/linux/device/bus.h
@@ -69,6 +69,9 @@ struct fwnode_handle;
* @lock_key: Lock class key for use by the lock validator
* @need_parent_lock: When probing or removing a device on this bus, the
* device core should lock the device's parent.
+ * @has_probe_authorization: Set true to indicate to the driver-core to skip
+ * the authorization checks and let bus drivers
+ * handle it locally.
*
* A bus is a channel between the processor and one or more devices. For the
* purposes of the device model, all devices are connected via a bus, even if
@@ -112,6 +115,7 @@ struct bus_type {
struct lock_class_key lock_key;
bool need_parent_lock;
+ bool has_probe_authorization;
};
extern int __must_check bus_register(struct bus_type *bus);
--
2.25.1
next prev parent reply other threads:[~2021-09-30 1:05 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 1:05 [PATCH v2 0/6] Add device filter support Kuppuswamy Sathyanarayanan
2021-09-30 1:05 ` [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core Kuppuswamy Sathyanarayanan
2021-09-30 1:42 ` Alan Stern
2021-09-30 1:55 ` Dan Williams
2021-09-30 2:38 ` Kuppuswamy, Sathyanarayanan
2021-09-30 4:59 ` Dan Williams
2021-09-30 9:05 ` Rafael J. Wysocki
2021-09-30 14:59 ` Alan Stern
2021-09-30 15:25 ` Dan Williams
2021-09-30 11:19 ` Yehezkel Bernat
2021-09-30 15:28 ` Dan Williams
2021-09-30 18:25 ` Yehezkel Bernat
2021-09-30 19:04 ` Dan Williams
2021-09-30 19:50 ` Kuppuswamy, Sathyanarayanan
2021-09-30 20:23 ` Dan Williams
2021-09-30 1:05 ` Kuppuswamy Sathyanarayanan [this message]
2021-09-30 10:59 ` [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices Michael S. Tsirkin
2021-09-30 13:52 ` Greg Kroah-Hartman
2021-09-30 14:38 ` Michael S. Tsirkin
2021-09-30 14:49 ` Greg Kroah-Hartman
2021-09-30 15:00 ` Michael S. Tsirkin
2021-09-30 15:22 ` Greg Kroah-Hartman
2021-09-30 17:17 ` Andi Kleen
2021-09-30 17:23 ` Greg Kroah-Hartman
2021-09-30 19:15 ` Andi Kleen
2021-10-01 6:29 ` Greg Kroah-Hartman
2021-10-01 15:51 ` Alan Stern
2021-10-01 15:56 ` Andi Kleen
2021-09-30 14:43 ` Alan Stern
2021-09-30 14:48 ` Michael S. Tsirkin
2021-09-30 15:32 ` Alan Stern
2021-09-30 15:52 ` Michael S. Tsirkin
2021-09-30 14:58 ` Michael S. Tsirkin
2021-09-30 15:35 ` Alan Stern
2021-09-30 15:59 ` Michael S. Tsirkin
2021-09-30 19:23 ` Andi Kleen
2021-09-30 20:44 ` Alan Stern
2021-09-30 20:52 ` Dan Williams
2021-10-01 1:41 ` Alan Stern
2021-10-01 2:20 ` Dan Williams
2021-09-30 21:12 ` Andi Kleen
2021-09-30 1:05 ` [PATCH v2 3/6] driver core: Allow arch to initialize the authorized attribute Kuppuswamy Sathyanarayanan
2021-09-30 1:05 ` [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest Kuppuswamy Sathyanarayanan
2021-09-30 11:03 ` Michael S. Tsirkin
2021-09-30 13:36 ` Dan Williams
2021-09-30 13:49 ` Greg Kroah-Hartman
2021-09-30 15:18 ` Kuppuswamy, Sathyanarayanan
2021-09-30 15:20 ` Michael S. Tsirkin
2021-09-30 15:23 ` Kuppuswamy, Sathyanarayanan
2021-09-30 15:23 ` Greg Kroah-Hartman
2021-09-30 19:04 ` Kuppuswamy, Sathyanarayanan
2021-09-30 19:16 ` Kuppuswamy, Sathyanarayanan
2021-09-30 19:30 ` Andi Kleen
2021-09-30 19:40 ` Kuppuswamy, Sathyanarayanan
2021-10-01 7:03 ` Greg Kroah-Hartman
2021-10-01 15:49 ` Andi Kleen
2021-10-02 11:04 ` Michael S. Tsirkin
2021-10-02 11:14 ` Greg Kroah-Hartman
2021-10-02 14:20 ` Andi Kleen
2021-10-02 14:44 ` Greg Kroah-Hartman
2021-10-02 18:40 ` Michael S. Tsirkin
2021-10-03 6:40 ` Greg Kroah-Hartman
2021-10-04 21:04 ` Dan Williams
2021-10-01 16:13 ` Dan Williams
2021-10-01 16:45 ` Alan Stern
2021-10-01 18:09 ` Dan Williams
2021-10-01 19:00 ` Alan Stern
2021-10-01 19:45 ` Kuppuswamy, Sathyanarayanan
2021-10-01 19:57 ` Dan Williams
2021-10-04 5:16 ` Mika Westerberg
2021-10-05 22:33 ` Dan Williams
2021-10-06 5:45 ` Greg Kroah-Hartman
2021-09-30 19:25 ` Andi Kleen
2021-09-30 1:05 ` [PATCH v2 5/6] x86/tdx: Add device filter support for x86 TDX guest platform Kuppuswamy Sathyanarayanan
2021-09-30 1:05 ` [PATCH v2 6/6] PCI: Initialize authorized attribute for confidential guest Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210930010511.3387967-3-sathyanarayanan.kuppuswamy@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=YehezkelShB@gmail.com \
--cc=ak@linux.intel.com \
--cc=andreas.noever@gmail.com \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=knsathya@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=michael.jamet@intel.com \
--cc=mika.westerberg@linux.intel.com \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=rafael@kernel.org \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).