Re: usbfs, claiming entire usb devices

From: Alan Stern
Date: Thu May 07 2009 - 17:19:06 EST

Next message: Ingo Molnar: "Re: [RFC PATCH 00/21 v3] amd64_edac: EDAC module for AMD64"
Previous message: Gregory Haskins: "Re: [RFC PATCH 0/3] generic hypercall support"
In reply to: Kay Sievers: "Re: usbfs, claiming entire usb devices"
Next in thread: Kay Sievers: "Re: usbfs, claiming entire usb devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 7 May 2009, Kay Sievers wrote:

> On Thu, May 7, 2009 at 21:55, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
> > There is a proposal afoot to give user programs the ability to claim
> > ownership of an entire USB device, rather than just individual
> > interfaces. Â In fact, we'd like processes to be able to own whatever
> > device gets plugged into a particular port on a particular hub.
> >
> > The question is how the API should work. Â A simple approach is to have
> > a sysfs or usbfs file correspond to each port; when a process opens the
> > file it would be granted ownership of any device plugged into that
> > port. Â Since the file is automatically closed when the process ends, we
> > wouldn't have to worry about ownership never getting released.
> >
> > But there's a snag. Â When a process goes to open the usbfs file for a
> > device, the kernel needs to know whether or not the process owns that
> > device. Â In other words, we need to figure out whether or not the
> > process has opened the corresponding port file.
> >
> > Is there a simple way to do this? Â Is it reasonable to search through
> > all the process's fd's, looking for one that matches a particular
> > inode?
> >
> > Or would a completely different API approach be better?
>
> You have one file per device, and that file has normal unix file
> permissions. Userspace can grant access to that file by ownership or
> by adding an ACL. What else do we need?

We need the ability to prevent the kernel from automatically
configuring a device. We need the ability to prevent kernel drivers
from binding to a device before userspace programs get a chance.

> Why would the kernel care who
> opened the file, when the one was able to get through the normal file
> access check?

Access checks can't be used, because programs want to stake their claim
to the device (and its file) even before the device has been plugged
in. So there's no file and no ACL to set.

> Or did you mean some magic for an entire tree of devices below some
> port? Like some sort of permission inheritance in the kernel?

No, just the device in that port.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [RFC PATCH 00/21 v3] amd64_edac: EDAC module for AMD64"
Previous message: Gregory Haskins: "Re: [RFC PATCH 0/3] generic hypercall support"
In reply to: Kay Sievers: "Re: usbfs, claiming entire usb devices"
Next in thread: Kay Sievers: "Re: usbfs, claiming entire usb devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]