[PATCH 15/19] thunderbolt: Add 'boot' attribute for devices

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mika Westerberg <mika.westerberg@linux.intel.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Andreas Noever <andreas.noever@gmail.com>,
	Michael Jamet <michael.jamet@intel.com>,
	Yehezkel Bernat <yehezkel.bernat@intel.com>,
	Mika Westerberg <mika.westerberg@linux.intel.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH 15/19] thunderbolt: Add 'boot' attribute for devices
Date: Mon, 19 Mar 2018 19:26:59 +0300	[thread overview]
Message-ID: <20180319162703.5331-16-mika.westerberg@linux.intel.com> (raw)
In-Reply-To: <20180319162703.5331-1-mika.westerberg@linux.intel.com>

From: Yehezkel Bernat <yehezkel.bernat@intel.com>

In various cases, Thunderbolt device can be connected by ICM on boot
without waiting for approval from user. Most cases are related to
OEM-specific BIOS configurations. This information is interesting for
user-space as if the device isn't in SW ACL, it may create a friction in
the user experience where the device is automatically authorized if it's
connected on boot but requires an explicit user action if connected
after OS is up. User-space can use this information to suggest adding
the device to SW ACL for auto-authorization on later connections.

Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
---
 Documentation/ABI/testing/sysfs-bus-thunderbolt |  7 +++++++
 drivers/thunderbolt/icm.c                       | 12 ++++++++----
 drivers/thunderbolt/switch.c                    | 14 ++++++++++++++
 drivers/thunderbolt/tb.h                        |  2 ++
 drivers/thunderbolt/tb_msgs.h                   |  1 +
 5 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/Documentation/ABI/testing/sysfs-bus-thunderbolt b/Documentation/ABI/testing/sysfs-bus-thunderbolt
index 93798c02e28b..1f145b727d76 100644
--- a/Documentation/ABI/testing/sysfs-bus-thunderbolt
+++ b/Documentation/ABI/testing/sysfs-bus-thunderbolt
@@ -38,6 +38,13 @@ Description:	This attribute is used to authorize Thunderbolt devices
 		   the device did not contain a key at all, and
 		   EKEYREJECTED if the challenge response did not match.
 
+What: /sys/bus/thunderbolt/devices/.../boot
+Date:		Jun 2018
+KernelVersion:	4.17
+Contact:	thunderbolt-software@lists.01.org
+Description:	This attribute contains 1 if Thunderbolt device was already
+		authorized on boot and 0 otherwise.
+
 What: /sys/bus/thunderbolt/devices/.../key
 Date:		Sep 2017
 KernelVersion:	4.13
diff --git a/drivers/thunderbolt/icm.c b/drivers/thunderbolt/icm.c
index 5d3cd740b71f..bece5540b06b 100644
--- a/drivers/thunderbolt/icm.c
+++ b/drivers/thunderbolt/icm.c
@@ -402,7 +402,7 @@ static int icm_fr_disconnect_xdomain_paths(struct tb *tb, struct tb_xdomain *xd)
 static void add_switch(struct tb_switch *parent_sw, u64 route,
 		       const uuid_t *uuid, u8 connection_id, u8 connection_key,
 		       u8 link, u8 depth, enum tb_security_level security_level,
-		       bool authorized)
+		       bool authorized, bool boot)
 {
 	struct tb_switch *sw;
 
@@ -417,6 +417,7 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
 	sw->depth = depth;
 	sw->authorized = authorized;
 	sw->security_level = security_level;
+	sw->boot = boot;
 
 	/* Link the two switches now */
 	tb_port_at(route, parent_sw)->remote = tb_upstream_port(sw);
@@ -431,7 +432,7 @@ static void add_switch(struct tb_switch *parent_sw, u64 route,
 
 static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw,
 			  u64 route, u8 connection_id, u8 connection_key,
-			  u8 link, u8 depth)
+			  u8 link, u8 depth, bool boot)
 {
 	/* Disconnect from parent */
 	tb_port_at(tb_route(sw), parent_sw)->remote = NULL;
@@ -445,6 +446,7 @@ static void update_switch(struct tb_switch *parent_sw, struct tb_switch *sw,
 	sw->connection_key = connection_key;
 	sw->link = link;
 	sw->depth = depth;
+	sw->boot = boot;
 
 	/* This switch still exists */
 	sw->is_unplugged = false;
@@ -504,6 +506,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
 	bool authorized = false;
 	struct tb_xdomain *xd;
 	u8 link, depth;
+	bool boot;
 	u64 route;
 	int ret;
 
@@ -513,6 +516,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
 	authorized = pkg->link_info & ICM_LINK_INFO_APPROVED;
 	security_level = (pkg->hdr.flags & ICM_FLAGS_SLEVEL_MASK) >>
 			 ICM_FLAGS_SLEVEL_SHIFT;
+	boot = pkg->link_info & ICM_LINK_INFO_BOOT;
 
 	if (pkg->link_info & ICM_LINK_INFO_REJECTED) {
 		tb_info(tb, "switch at %u.%u was rejected by ICM firmware because topology limit exceeded\n",
@@ -546,7 +550,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
 		if (sw->depth == depth && sw_phy_port == phy_port &&
 		    !!sw->authorized == authorized) {
 			update_switch(parent_sw, sw, route, pkg->connection_id,
-				      pkg->connection_key, link, depth);
+				      pkg->connection_key, link, depth, boot);
 			tb_switch_put(sw);
 			return;
 		}
@@ -595,7 +599,7 @@ icm_fr_device_connected(struct tb *tb, const struct icm_pkg_header *hdr)
 
 	add_switch(parent_sw, route, &pkg->ep_uuid, pkg->connection_id,
 		   pkg->connection_key, link, depth, security_level,
-		   authorized);
+		   authorized, boot);
 
 	tb_switch_put(parent_sw);
 }
diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
index 4e2b2097bbfc..e9e30aaab2a3 100644
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -775,6 +775,15 @@ static ssize_t authorized_store(struct device *dev,
 }
 static DEVICE_ATTR_RW(authorized);
 
+static ssize_t boot_show(struct device *dev, struct device_attribute *attr,
+			 char *buf)
+{
+	struct tb_switch *sw = tb_to_switch(dev);
+
+	return sprintf(buf, "%u\n", sw->boot);
+}
+static DEVICE_ATTR_RO(boot);
+
 static ssize_t device_show(struct device *dev, struct device_attribute *attr,
 			   char *buf)
 {
@@ -951,6 +960,7 @@ static DEVICE_ATTR_RO(unique_id);
 
 static struct attribute *switch_attrs[] = {
 	&dev_attr_authorized.attr,
+	&dev_attr_boot.attr,
 	&dev_attr_device.attr,
 	&dev_attr_device_name.attr,
 	&dev_attr_key.attr,
@@ -979,6 +989,10 @@ static umode_t switch_attr_is_visible(struct kobject *kobj,
 		if (sw->dma_port)
 			return attr->mode;
 		return 0;
+	} else if (attr == &dev_attr_boot.attr) {
+		if (tb_route(sw))
+			return attr->mode;
+		return 0;
 	}
 
 	return sw->safe_mode ? 0 : attr->mode;
diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h
index 2cd6085a6e10..9c9cef875ca8 100644
--- a/drivers/thunderbolt/tb.h
+++ b/drivers/thunderbolt/tb.h
@@ -66,6 +66,7 @@ struct tb_switch_nvm {
  * @nvm: Pointer to the NVM if the switch has one (%NULL otherwise)
  * @no_nvm_upgrade: Prevent NVM upgrade of this switch
  * @safe_mode: The switch is in safe-mode
+ * @boot: Whether the switch was already authorized on boot or not
  * @authorized: Whether the switch is authorized by user or policy
  * @work: Work used to automatically authorize a switch
  * @security_level: Switch supported security level
@@ -99,6 +100,7 @@ struct tb_switch {
 	struct tb_switch_nvm *nvm;
 	bool no_nvm_upgrade;
 	bool safe_mode;
+	bool boot;
 	unsigned int authorized;
 	struct work_struct work;
 	enum tb_security_level security_level;
diff --git a/drivers/thunderbolt/tb_msgs.h b/drivers/thunderbolt/tb_msgs.h
index 931db2a7c7b3..9f52f842257a 100644
--- a/drivers/thunderbolt/tb_msgs.h
+++ b/drivers/thunderbolt/tb_msgs.h
@@ -179,6 +179,7 @@ struct icm_fr_event_device_connected {
 #define ICM_LINK_INFO_DEPTH_MASK	GENMASK(7, 4)
 #define ICM_LINK_INFO_APPROVED		BIT(8)
 #define ICM_LINK_INFO_REJECTED		BIT(9)
+#define ICM_LINK_INFO_BOOT		BIT(10)
 
 struct icm_fr_pkg_approve_device {
 	struct icm_pkg_header hdr;
-- 
2.16.2

next prev parent reply	other threads:[~2018-03-19 16:26 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-19 16:26 [PATCH 00/19] thunderbolt: Changes for v4.17 merge window Mika Westerberg
2018-03-19 16:26 ` [PATCH 01/19] thunderbolt: Resume control channel after hibernation image is created Mika Westerberg
2018-03-19 16:26 ` [PATCH 02/19] thunderbolt: Serialize PCIe tunnel creation with PCI rescan Mika Westerberg
2018-03-19 16:26 ` [PATCH 03/19] thunderbolt: Handle connecting device in place of host properly Mika Westerberg
2018-03-19 16:26 ` [PATCH 04/19] thunderbolt: Do not overwrite error code when domain adding fails Mika Westerberg
2018-03-19 16:26 ` [PATCH 05/19] thunderbolt: Wait a bit longer for root switch config space Mika Westerberg
2018-03-19 16:26 ` [PATCH 06/19] thunderbolt: Wait a bit longer for ICM to authenticate the active NVM Mika Westerberg
2018-03-19 16:26 ` [PATCH 07/19] thunderbolt: Handle rejected Thunderbolt devices Mika Westerberg
2018-03-19 16:26 ` [PATCH 08/19] thunderbolt: Factor common ICM add and update operations out Mika Westerberg
2018-03-19 16:26 ` [PATCH 09/19] thunderbolt: Correct function name in kernel-doc comment Mika Westerberg
2018-03-19 16:26 ` [PATCH 10/19] thunderbolt: Add tb_switch_get() Mika Westerberg
2018-03-19 16:26 ` [PATCH 11/19] thunderbolt: Add tb_switch_find_by_route() Mika Westerberg
2018-03-19 16:26 ` [PATCH 12/19] thunderbolt: Add tb_xdomain_find_by_route() Mika Westerberg
2018-03-19 16:26 ` [PATCH 13/19] thunderbolt: Add constant for approval timeout Mika Westerberg
2018-03-19 16:26 ` [PATCH 14/19] thunderbolt: Move driver ready handling to struct icm Mika Westerberg
2018-03-19 16:26 ` Mika Westerberg [this message]
2018-03-19 16:27 ` [PATCH 16/19] thunderbolt: Add support for preboot ACL Mika Westerberg
2018-03-19 16:27 ` [PATCH 17/19] thunderbolt: Introduce USB only (SL4) security level Mika Westerberg
2018-03-19 16:27 ` [PATCH 18/19] thunderbolt: Add support for Intel Titan Ridge Mika Westerberg
2018-03-19 16:27 ` [PATCH 19/19] thunderbolt: Prevent crash when ICM firmware is not running Mika Westerberg
2018-03-20  8:12 ` [PATCH 00/19] thunderbolt: Changes for v4.17 merge window Greg Kroah-Hartman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:93798c02e28 dfblob:1f145b727d7 dfblob:5d3cd740b71
dfblob:bece5540b06 dfblob:4e2b2097bbf dfblob:e9e30aaab2a
dfblob:2cd6085a6e1 dfblob:9c9cef875ca dfblob:931db2a7c7b
dfblob:9f52f842257 )
 OR (
bs:"[PATCH 15/19] thunderbolt: Add 'boot' attribute for devices" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180319162703.5331-16-mika.westerberg@linux.intel.com \
    --to=mika.westerberg@linux.intel.com \
    --cc=andreas.noever@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michael.jamet@intel.com \
    --cc=yehezkel.bernat@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.