From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BDCA3C4332F for ; Tue, 26 Apr 2022 10:28:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348592AbiDZKbG convert rfc822-to-8bit (ORCPT ); Tue, 26 Apr 2022 06:31:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240781AbiDZKaf (ORCPT ); Tue, 26 Apr 2022 06:30:35 -0400 Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D8DCEDB5D for ; Tue, 26 Apr 2022 03:07:35 -0700 (PDT) Received: (Authenticated sender: hadess@hadess.net) by mail.gandi.net (Postfix) with ESMTPSA id AC288E0008; Tue, 26 Apr 2022 10:07:33 +0000 (UTC) Message-ID: Subject: Re: [RFC v1] USB: core: add USBDEVFS_REVOKE ioctl From: Bastien Nocera To: Oliver Neukum , Greg Kroah-Hartman Cc: Peter Hutterer , linux-usb@vger.kernel.org, Alan Stern , Benjamin Tissoires Date: Tue, 26 Apr 2022 12:07:32 +0200 In-Reply-To: References: <20220425132315.924477-1-hadess@hadess.net> <1d82343a5987a308ac9bd3f6fd481bc12a608a24.camel@hadess.net> <7def25c7-0870-accc-c689-4d8eef1b7acf@suse.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT User-Agent: Evolution 3.44.0 (3.44.0-1.fc36) MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org On Tue, 2022-04-26 at 10:46 +0200, Oliver Neukum wrote: > > > On 26.04.22 09:21, Greg Kroah-Hartman wrote: > > Yes, but, it's not so simple.  Many people have asked for revoke() > > to be > > added as a syscall like is in the BSDs, but the BSDs only allow > > that for > > a very small subset of file descriptor types, and doing it in a > > generic > > fashion seems very difficult (I tried a few years ago and gave up, > > but > > my knowledge of the vfs layer is minimal.) > Well, then we should go for the minimalist approach and just > add a hook to VFS. Multiple different ioctl()s are definitely a bad > idea. > An frevoke() looks much easier to do than one based on paths. > If I understand the issue behind the proposal correctly the caller > has opened the device. Doesn't look like FreeBSD at least has an frevoke() syscall anymore, it had an FREVOKE flag, which is now a define for the O_VERIFY option which has quite different semantics: https://www.freebsd.org/cgi/man.cgi?sektion=2&query=open "O_VERIFY may be used to indicate to the kernel that the contents of the file should be verified before allowing the open to proceed. The details of what "verified" means is implementation specific. The run- time linker (rtld) uses this flag to ensure shared objects have been verified before operating on them." The AIX frevoke() also has different semantics: https://www.ibm.com/docs/en/aix/7.3?topic=f-frevoke-subroutine "All accesses to the file are revoked, except through the file descriptor specified by the FileDescriptor parameter to the frevoke subroutine." and: "Currently the frevoke subroutine works only on terminal devices." The point of USBDEVFS_REVOKE, and the other variants is to revoke access to the device, not to the file descriptor itself. If you're reticent to adding new ioctls, we could try and do that exclusively through BPF. The only thing that didn't look like the BPF codepath could do was wake up the fd so that fd could be poll()ed and error out immediately.