linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Allen Webb <allenwebb@google.com>
To: "linux-modules@vger.kernel.org" <linux-modules@vger.kernel.org>,
	"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	Allen Webb <allenwebb@google.com>
Subject: [PATCH v6 0/5] Add sysfs match-id modalias attribute for USB modules
Date: Fri,  2 Dec 2022 16:45:40 -0600	[thread overview]
Message-ID: <20221202224540.1446952-1-allenwebb@google.com> (raw)
In-Reply-To: <Y4n0RWqSwDHVT+HA@kroah.com>

Add sysfs match-id modalias attribute for USB modules

This patch series (v6) exposes the driver matching values from the
modalias to inform policy decisions in userspace for devices with the
authorized attribute in sysfs. In other words with this patch tools
like USBGuard could leverage not only modules.aliases, but also the
aliases for the builtin modules to associate devices with modules that
may be bound before deciding to authorize a device or not. This is
particularly useful in cases when new devices shouldn't be allowed part
of the time like for lock screens.

Note that at this point the series only implements USB, but Thunderbolt
and other subsystems could be added.

CONFIG_SYSFS and CONFIG_MODULES (adds /sys/module/) are both required
for the /sys/module/*/modalias attributes to be present.

--

# Module sysfs modalias attribute for match ids

Note that previous versions of this patch series were flattened into
a single patch, and a cover letter was first added in v5 with diffs
between each previous version of the patch series.

Also this version adds a `Documentation/ABI` entry for
`/sys/module/*/modalias`.

  RFC (broken patch): https://lore.kernel.org/lkml/CAJzde042-M4UbpNYKw0eDVg4JqYmwmPYSsmgK+kCMTqsi+-2Yw@mail.gmail.com/
  v1 (missing v1 label): https://lore.kernel.org/lkml/20221111152852.2837363-1-allenwebb@google.com/
  v2 (missing v2 label): https://lore.kernel.org/lkml/20221128201332.3482092-1-allenwebb@google.com/
  v3: https://lore.kernel.org/lkml/20221129224313.455862-1-allenwebb@google.com/
  v4: https://lore.kernel.org/lkml/20221130221447.1202206-1-allenwebb@google.com/
  v5: https://lore.kernel.org/lkml/20221201211630.101541-1-allenwebb@google.com/
  v6: This version

## Patch series status

This series is still going through revisions in response to comments.
USB is the only implemented subsystem, but PCI or other subsystems
with the authorized attribute could be added.

There is still an open question as to whether using kmod would be a
better approach to solve the problem. One big hurdle with that approach
is match-id-based aliases are not currently exposed through kmod and
changing that behavior might have unintended consequences. The
particular concerns I have are:

  - Are we OK with significantly growing the number of aliases handled
    by kmod by including the match-id-based aliases?

  - Are other tools that use kmod prepared to handle the addition of
    match-id-based aliases?

  - Additional work would be needed for kmod to be able to handle
    match-id-based aliases and it would likely require subsystem
    specific elements unless it leveraged files2alias.

Also, `mod_devicetable.c` is very similar to files2alias, so there
might be some possiblity of having common logic between the two. The
big difficulty lies in support both use cases which need to work both
at build time and at runtime.

Additionally before this is ready, there should be implementations for
the other subsystems whose devices have the `authorized` sysfs
attribute (Thunderbolt).

## Acknowledgements

Thanks to Greg Kroah-Hartman and the Linux maintainers for being
patient with me as I have worked through learning the kernel
workflow to get this series into a more presentable state.

Thanks to Luis Chamberlain for raising the alternative of
using kmod to address the primary motivation of the patch series.

Also, thanks to Intel's kernel test robot <lkp@intel.com> for catching
issues that showed up on different kernel configurations.


Allen Webb (5):
  module: Add empty modalias sysfs attribute
  drivers: Add bus_for_each for iterating over the subsystems
  Implement modalias sysfs attribute for modules
  docs: Add entry for /sys/module/*/modalias
  drivers: Implement module modaliases for USB

 Documentation/ABI/testing/sysfs-module |  12 ++
 drivers/base/Makefile                  |   2 +-
 drivers/base/base.h                    |   8 +
 drivers/base/bus.c                     |  42 ++++
 drivers/base/mod_devicetable.c         | 257 +++++++++++++++++++++++++
 drivers/usb/core/driver.c              |   2 +
 include/linux/device/bus.h             |   8 +
 include/linux/module.h                 |   1 +
 kernel/module/internal.h               |   2 +
 kernel/module/sysfs.c                  |  88 +++++++++
 kernel/params.c                        |   7 +
 11 files changed, 428 insertions(+), 1 deletion(-)
 create mode 100644 drivers/base/mod_devicetable.c

-- 
2.37.3


  reply	other threads:[~2022-12-02 22:46 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAJzde07w6U83U_63eaF0-6zaq0cOkaymuLb3CBZ++JQi+Y9JdA@mail.gmail.com>
2022-12-01 21:16 ` [PATCH v5 0/1] Fix CONFIG_USB=y && CONFIG_MODULES not set Allen Webb
2022-12-02 12:45   ` Greg Kroah-Hartman
2022-12-02 12:46   ` Greg Kroah-Hartman
2022-12-01 21:16 ` [PATCH v5 1/1] modules: add modalias file to sysfs for modules Allen Webb
2022-12-02 12:49   ` Greg Kroah-Hartman
2022-12-02 22:45     ` Allen Webb [this message]
2022-12-02 22:47       ` [PATCH v6 1/5] module: Add empty modalias sysfs attribute Allen Webb
2022-12-02 22:47         ` [PATCH v6 2/5] drivers: Add bus_for_each for iterating over the subsystems Allen Webb
2022-12-03 18:07           ` Christophe Leroy
2022-12-05 15:45           ` Greg Kroah-Hartman
2022-12-02 22:47         ` [PATCH v6 3/5] Implement modalias sysfs attribute for modules Allen Webb
2022-12-03 18:12           ` Christophe Leroy
2022-12-05 15:51           ` Greg Kroah-Hartman
2022-12-02 22:47         ` [PATCH v6 4/5] docs: Add entry for /sys/module/*/modalias Allen Webb
2022-12-02 22:47         ` [PATCH v6 5/5] drivers: Implement module modaliases for USB Allen Webb
2022-12-03 18:25           ` Christophe Leroy
2022-12-04  8:27             ` Greg Kroah-Hartman
2022-12-05 15:53           ` Greg Kroah-Hartman
2022-12-03 18:05         ` [PATCH v6 1/5] module: Add empty modalias sysfs attribute Christophe Leroy
2022-12-05 15:42         ` Greg Kroah-Hartman
2022-12-11 10:44   ` [PATCH v5 1/1] modules: add modalias file to sysfs for modules kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221202224540.1446952-1-allenwebb@google.com \
    --to=allenwebb@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-modules@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=rafael@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).