[PATCH] usb: Do not re-read descriptors for wired devices in usb_authorize_device()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Josef Gajdusek <atx@atx.name>
To: linux-usb@vger.kernel.org
Cc: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org
Subject: [PATCH] usb: Do not re-read descriptors for wired devices in usb_authorize_device()
Date: Thu, 9 Oct 2014 15:47:54 +0200	[thread overview]
Message-ID: <20141009134754.GA3209@dashie> (raw)

This patch modifies the usb_authorize_device() function such as that it does
not reload the device descriptor for wired devices. The reasons for this
are as follows:

* Some devices dislike the master requesting the descriptor from them twice,
  failing on the usb_get_device_descriptor() call with -ETIMEOUT. Observed this
  on my Pretec 16GB flash drive (4146:ba65).

* Malicious device could send two different descriptors - one before
  authorization, used by userspace to determine whether to authorize it and
  second to be actually used by the kernel when determining which drivers to
  bind.

Signed-off-by: Josef Gajdusek <atx@atx.name>
---
 drivers/usb/core/hub.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 11e80ac..c096a1a 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -2543,11 +2543,14 @@ int usb_authorize_device(struct usb_device *usb_dev)
 			"can't autoresume for authorization: %d\n", result);
 		goto error_autoresume;
 	}
-	result = usb_get_device_descriptor(usb_dev, sizeof(usb_dev->descriptor));
-	if (result < 0) {
-		dev_err(&usb_dev->dev, "can't re-read device descriptor for "
-			"authorization: %d\n", result);
-		goto error_device_descriptor;
+
+	if (usb_dev->wusb) {
+		result = usb_get_device_descriptor(usb_dev, sizeof(usb_dev->descriptor));
+		if (result < 0) {
+			dev_err(&usb_dev->dev, "can't re-read device descriptor for "
+				"authorization: %d\n", result);
+			goto error_device_descriptor;
+		}
 	}

 	usb_dev->authorized = 1;
-- 
2.0.4

                 reply	other threads:[~2014-10-09 14:00 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:11e80ac dfblob:c096a1a )
 OR (
bs:"[PATCH] usb: Do not re-read descriptors for wired devices in usb_authorize_device()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141009134754.GA3209@dashie \
    --to=atx@atx.name \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.