Patch to exposing modalias'es for built in kernel modules (USB)

From: Allen Webb
Date: Thu Nov 10 2022 - 17:21:54 EST

Next message: kernel test robot: "Re: [PATCH] mm: Make some folio and page function arguments const and use bool"
Previous message: Mike Kravetz: "Re: [PATCH v8 2/2] mm: remove zap_page_range and change callers to use zap_vma_range"
Next in thread: Greg Kroah-Hartman: "Re: Patch to exposing modalias'es for built in kernel modules (USB)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My apologies for any process mistakes in submitting this as it is my
first ever attempt at a Linux kernel patch.

I have a somewhat rough patch that introduces a modalias sysfs
attribute to kernel modules (both builtin and loaded). The goal of
this patch is to expose the driver matching values from the modalias
to inform policy decisions in userspace for devices with the
authorized attribute in sysfs. In other words with this patch tools
like USBGuard could leverage not only modules.aliases, but also the
aliases for the builtin modules to match devices with drivers before
deciding to authorize a device or not. This is particularly useful in
cases when new devices shouldn't be allowed part of the time like for
lock screens.

One other approach I considered was generating a builtin.alias file at
build time which would be installed alongside modules.alias. I have a
patch for this I could post as an alternative or in addition if it is
preferred.

I don't really like that it has to walk all drivers for all buses each
time the modalias attribute is read, but it shouldn't be that often
and I didn't see a better way of doing it though I am not familiar
with the kernel data structures available.

There are some flaws with this design in that some modaliases are not
associated with a bus. However, the only modules that really benefit
from this are ones with drivers associated with buses that make use of
the authorized attribute (USB, PCI, maybe others).

I only implemented USB for the proof-of-concept, but if this looks
like a viable option I could go back and implement PCI and any other
buses that use the authorized attribute.

Additionally, I haven't refactored files2alias to not have duplicate
code, but I am not sure how feasible that is given we would need to
share code between build-time userspace and the kernel. I did keep the
code limited to a single file so that it could possibly be compiled in
both environments, but type sizing of structs will be tricky for
cross-compilation.

Here is the patch:

Next message: kernel test robot: "Re: [PATCH] mm: Make some folio and page function arguments const and use bool"
Previous message: Mike Kravetz: "Re: [PATCH v8 2/2] mm: remove zap_page_range and change callers to use zap_vma_range"
Next in thread: Greg Kroah-Hartman: "Re: Patch to exposing modalias'es for built in kernel modules (USB)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]