From 76cc23c73684e7a4e3aea365652f1395e9289ebc Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Thu, 10 Sep 2020 21:55:44 -0500 Subject: [PATCH] thunderbolt: make sure that authorized to add updatable flag If the device is not authorized, it may cause a composite update that it's part of to not behave properly. If device is authorized at runtime, add updatable flag at runtime as well See #2374 for more details --- plugins/thunderbolt/fu-self-test.c | 2 +- plugins/thunderbolt/fu-thunderbolt-device.c | 47 ++++++++++++++++++++- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/plugins/thunderbolt/fu-self-test.c b/plugins/thunderbolt/fu-self-test.c index cab8dceb4..def08a110 100644 --- a/plugins/thunderbolt/fu-self-test.c +++ b/plugins/thunderbolt/fu-self-test.c @@ -396,7 +396,7 @@ mock_tree_attach_device (gpointer user_data) "device", dev->id, "vendor", "042", "vendor_name", "GNOME.org", - "authorized", "0", + "authorized", "1", "nvm_authenticate", authenticate, "nvm_version", tree->nvm_version, "unique_id", tree->uuid, diff --git a/plugins/thunderbolt/fu-thunderbolt-device.c b/plugins/thunderbolt/fu-thunderbolt-device.c index 207a00d29..de106aac7 100644 --- a/plugins/thunderbolt/fu-thunderbolt-device.c +++ b/plugins/thunderbolt/fu-thunderbolt-device.c @@ -110,6 +110,42 @@ fu_thunderbolt_device_read_status_block (FuThunderboltDevice *self, GError **err return TRUE; } +static gboolean +fu_thunderbolt_device_check_authorized (FuThunderboltDevice *self, GError **error) +{ + guint64 status; + g_autofree gchar *attribute = NULL; + const gchar *update_error = NULL; + /* read directly from file to prevent udev caching */ + g_autofree gchar *safe_path = g_build_path ("/", self->devpath, "authorized", NULL); + + if (!g_file_test (safe_path, G_FILE_TEST_EXISTS)) { + g_set_error_literal (error, + FWUPD_ERROR, + FWUPD_ERROR_NOT_SUPPORTED, + "missing authorized attribute"); + return FALSE; + } + + if (!g_file_get_contents (safe_path, &attribute, NULL, error)) + return FALSE; + status = g_ascii_strtoull (attribute, NULL, 16); + if (status == G_MAXUINT64 && errno == ERANGE) { + g_set_error (error, G_IO_ERROR, + g_io_error_from_errno (errno), + "failed to read 'authorized: %s", + g_strerror (errno)); + return FALSE; + } + if (status == 1) + fu_device_add_flag (FU_DEVICE (self), FWUPD_DEVICE_FLAG_UPDATABLE); + else + update_error = "Not authorized"; + fu_device_set_update_error (FU_DEVICE (self), update_error); + + return TRUE; +} + static gboolean fu_thunderbolt_device_can_update (FuThunderboltDevice *self) { @@ -362,8 +398,12 @@ fu_thunderbolt_device_setup_controller (FuDevice *device, GError **error) (guint) vid, (guint) did, self->is_native ? "-native" : ""); - fu_device_add_flag (device, FWUPD_DEVICE_FLAG_UPDATABLE); fu_device_add_flag (device, FWUPD_DEVICE_FLAG_DUAL_IMAGE); + + /* check if device is authorized */ + if (!fu_thunderbolt_device_check_authorized (self, error)) + return FALSE; + } else { device_id = g_strdup ("TBT-fixed"); } @@ -517,6 +557,11 @@ static gboolean fu_thunderbolt_device_rescan (FuDevice *device, GError **error) { FuThunderboltDevice *self = FU_THUNDERBOLT_DEVICE (device); + + /* refresh updatability */ + if (!fu_thunderbolt_device_check_authorized (self, error)) + return FALSE; + /* refresh the version */ return fu_thunderbolt_device_get_version (self, error); }