From 1651d9e7810e79500b4940122e192b8aaeb2d63c Mon Sep 17 00:00:00 2001

From: Rajat Jain <rajatja@google.com>

Date: Fri, 30 Jul 2021 16:53:04 -0700

Subject: [PATCH] thunderbolt: Add authorized value to the KOBJ_CHANGE uevent

Git-commit: 1651d9e7810e79500b4940122e192b8aaeb2d63c

References: jsc#SLE-19359

Patch-mainline: v5.15-rc1

For security reasons, we would like to monitor and track when the

Thunderbolt devices are authorized and deauthorized (i.e. when the

Thunderbolt sysfs "authorized" attribute changes). Currently the

userspace gets a udev change notification when there is a change, but

the state may have changed (again) by the time we look at the authorized

attribute in sysfs. So an authorization event may go unnoticed. Thus

make it easier by informing the actual change (new value of authorized

attribute) in the udev change notification.

The change is included as a key value "authorized=<val>" where <val>

is the new value of sysfs attribute "authorized", and is described at

Documentation/ABI/testing/sysfs-bus-thunderbolt under

/sys/bus/thunderbolt/devices/.../authorized.

Signed-off-by: Rajat Jain <rajatja@google.com>

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>

Signed-off-by: Oliver Neukum <oneukum@suse.com>

---

 drivers/thunderbolt/switch.c | 13 ++++++++++---

 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c

index 83b1ef3d5d03..bc91887f24c3 100644

--- a/drivers/thunderbolt/switch.c

+++ b/drivers/thunderbolt/switch.c

@@ -1498,6 +1498,7 @@ static ssize_t authorized_show(struct device *dev,

 static int disapprove_switch(struct device *dev, void *not_used)

 {

+	char *envp[] = { "AUTHORIZED=0", NULL };

 	struct tb_switch *sw;

 	sw = tb_to_switch(dev);

@@ -1514,7 +1515,7 @@ static int disapprove_switch(struct device *dev, void *not_used)

 			return ret;

 		sw->authorized = 0;

-		kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);

+		kobject_uevent_env(&sw->dev.kobj, KOBJ_CHANGE, envp);

 	}

 	return 0;

@@ -1522,7 +1523,9 @@ static int disapprove_switch(struct device *dev, void *not_used)

 static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val)

 {

+	char envp_string[13];

 	int ret = -EINVAL;

+	char *envp[] = { envp_string, NULL };

 	if (!mutex_trylock(&sw->tb->lock))

 		return restart_syscall();

@@ -1559,8 +1562,12 @@ static int tb_switch_set_authorized(struct tb_switch *sw, unsigned int val)

 	if (!ret) {

 		sw->authorized = val;

-		/* Notify status change to the userspace */

-		kobject_uevent(&sw->dev.kobj, KOBJ_CHANGE);

+		/*

+		 * Notify status change to the userspace, informing the new

+		 * value of /sys/bus/thunderbolt/devices/.../authorized.

+		 */

+		sprintf(envp_string, "AUTHORIZED=%u", sw->authorized);

+		kobject_uevent_env(&sw->dev.kobj, KOBJ_CHANGE, envp);

 	}

 unlock:

-- 

2.26.2